Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Please Help with trojan

This is a discussion on Please Help with trojan within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I get a virus alert on Avira AntiVirus when I scan my windows temp file with Sunbelt Counterspy and


 
 
Thread Tools Search this Thread
Old 01-14-2011, 10:45 AM   #1
Registered User
 
Join Date: Jan 2011
Posts: 11
OS: xp



Hello,

I get a virus alert on Avira AntiVirus when I scan my windows temp file with Sunbelt Counterspy and only when I scan with Counterspy. No other program picks it up. Everytime, it comes up I hit remove, but when I check the events folder it says Allow Access. I have delete this many times always reappearing. Here is the message from Avira.

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\SBS_VE_AMBR_20110014053417.625_ 921.
Action performed: Allow access

I also have been experiencing BSOD when I am online gaming and doing P2P bittorrenting. I have no idea if this is related. Also I am unable to do a full scan with GMER but able to do the scan with C drive checked and sections checked. Also have access to window install disc. Any help is appreciated.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Dan at 9:53:01.21 on Fri 01/14/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.920 [GMT -6:00]

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Pro Firewall *Enabled*

============== Running Processes ===============

C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Dan\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [CTHelper] "CTHELPER.EXE"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [nwiz] "c:\program files\nvidia corporation\nview\nwiz.exe" /installquiet
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\windows search.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284142087625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\vb2c74un.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\vb2c74un.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\vb2c74un.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\vb2c74un.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\firefox\profiles\vb2c74un.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\firefox\profiles\vb2c74un.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\firefox\profiles\vb2c74un.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-13 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-10-13 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-10-13 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-12-6 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-12-6 68880]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-7 11608]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-10-13 247824]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-10-12 21464]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-10-8 528128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-7 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-7 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-7 61960]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-13 20328]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-10-12 69976]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma software group\spyhunter\SH4Service.exe [2010-11-5 327000]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;c:\windows\system32\drivers\m4cxw2k3.sys [2010-11-16 298752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2010-10-9 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
S2 SBAMSvc;CounterSpy Antispyware;c:\program files\sunbelt software\counterspy\SBAMSvc.exe [2010-8-20 2763080]
S2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\counterspy\SBPIMSvc.exe [2010-8-20 181584]
S2 SessionLauncher;SessionLauncher;c:\docume~1\dan\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\dan\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-10-10 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
S3 jswmidin;jswmidin;\??\c:\docume~1\dan\locals~1\temp\jswmidin.sys --> c:\docume~1\dan\locals~1\temp\jswmidin.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-3-31 14336]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-1-4 19056]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-10-13 70536]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2010-10-9 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-10-13 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-10-13 1145816]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x86l.sys [2009-9-22 60928]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x86v.sys [2009-8-27 20992]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-12-6 33552]
S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-14 15:43:25 -------- d-----w- C:\SMCLpav
2011-01-14 01:03:26 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{346564C3-1CD0-440B-AE7A-F644B66D2026}
2011-01-14 01:01:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2011-01-14 01:01:07 -------- d-----w- c:\docume~1\dan\locals~1\applic~1\PackageAware
2011-01-13 23:38:39 110080 ----a-r- c:\docume~1\dan\applic~1\microsoft\installer\{41ebc322-660f-4d16-a0df-53147210cbdb}\IconF7A21AF7.exe
2011-01-13 23:38:39 110080 ----a-r- c:\docume~1\dan\applic~1\microsoft\installer\{41ebc322-660f-4d16-a0df-53147210cbdb}\IconD7F16134.exe
2011-01-13 23:38:33 -------- d-----w- C:\sh4ldr
2011-01-13 23:38:33 -------- d-----w- c:\program files\Enigma Software Group
2011-01-13 23:38:14 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-01-13 23:38:09 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-01-13 22:27:56 -------- d-----w- c:\docume~1\dan\applic~1\Malwarebytes
2011-01-13 22:27:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 22:27:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-13 22:27:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 22:27:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 11:31:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\CA
2011-01-12 22:37:55 -------- d-----w- c:\program files\ESET
2011-01-12 22:19:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2011-01-12 21:58:31 -------- d-----w- c:\docume~1\dan\applic~1\QuickScan
2011-01-12 21:46:01 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-01-12 11:23:16 -------- d-----w- c:\docume~1\dan\applic~1\Panda Security
2011-01-12 10:56:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2011-01-11 22:11:16 -------- d-----w- c:\program files\Panda Security
2011-01-11 11:13:45 -------- d-sh--w- C:\found.000
2011-01-08 12:59:12 -------- d-----w- c:\docume~1\dan\locals~1\applic~1\PCHealth
2011-01-07 19:44:40 -------- d-----w- c:\docume~1\dan\applic~1\Avira
2011-01-07 19:22:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-07 19:22:17 -------- d-----w- c:\program files\Avira
2011-01-07 19:22:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-01-07 13:13:45 -------- d-----w- c:\windows\system32\winrm
2011-01-07 13:13:39 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-01-07 13:13:16 -------- d-----w- c:\docume~1\dan\applic~1\Windows Desktop Search
2011-01-03 17:41:49 -------- d-----w- c:\docume~1\dan\applic~1\ZoomBrowser EX
2011-01-03 11:46:37 -------- d-----w- c:\docume~1\dan\applic~1\CameraWindowDC
2011-01-03 11:46:36 -------- d-----w- c:\docume~1\dan\applic~1\CANON INC
2011-01-03 11:35:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2011-01-03 11:34:32 -------- d-----w- c:\program files\common files\Canon
2011-01-03 11:30:41 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-01-03 11:30:40 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-31 18:19:55 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-31 18:19:51 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-31 18:19:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-31 18:19:41 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-31 18:19:41 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-12-31 18:19:41 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-12-31 18:19:41 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-12-31 18:19:41 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-12-31 18:19:41 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-12-31 18:19:40 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-12-31 18:19:40 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-12-31 16:34:24 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-31 16:33:45 -------- d-----w- C:\NVIDIA
2010-12-31 16:02:18 -------- d-----w- c:\program files\Phyxion.net
2010-12-31 15:55:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-31 15:37:39 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-30 16:37:42 -------- d-----w- c:\program files\common files\COWON
2010-12-30 16:37:40 -------- d-----w- c:\program files\JetAudio
2010-12-30 15:55:24 -------- d-----w- c:\program files\Broderbund
2010-12-30 15:47:57 -------- d-----w- C:\ROMEO_AND_JULIET
2010-12-30 02:40:23 -------- d-----w- c:\program files\Reality Pump
2010-12-29 22:59:40 -------- d-----w- c:\docume~1\dan\applic~1\Windows Search
2010-12-29 22:46:07 -------- d-----w- c:\windows\system32\XPSViewer
2010-12-29 22:45:35 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-12-29 22:45:15 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-12-29 22:45:15 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-12-29 22:45:15 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-12-29 22:45:15 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-12-29 22:45:15 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-12-29 22:45:15 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-12-29 22:45:15 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-12-29 22:45:15 117760 ------w- c:\windows\system32\prntvpt.dll
2010-12-29 22:45:15 -------- d-----w- C:\a0467d73ef5f36dc8b
2010-12-29 22:41:26 -------- d-----w- c:\program files\Windows Desktop Search
2010-12-29 22:41:25 -------- d-----w- c:\windows\system32\GroupPolicy
2010-12-29 22:40:45 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-12-29 02:52:33 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-29 02:52:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-12-29 02:52:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-12-28 12:43:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-12-18 13:35:27 -------- d-----w- c:\program files\Sophos
2010-12-16 20:48:50 -------- d-----w- c:\docume~1\dan\applic~1\Reviversoft
2010-12-16 20:48:32 -------- d-----w- c:\program files\Reviversoft

==================== Find3M ====================

2011-01-09 13:19:00 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-09 13:19:00 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-14 23:22:45 0 ----a-w- c:\windows\nsd6.tmp
2010-12-14 11:19:15 0 ----a-w- c:\windows\nsy20.tmp
2010-12-14 11:18:37 0 ----a-w- c:\windows\nsu1C.tmp
2010-12-14 11:18:24 0 ----a-w- c:\windows\nsv18.tmp
2010-12-14 11:17:37 0 ----a-w- c:\windows\nsy14.tmp
2010-12-14 11:17:28 0 ----a-w- c:\windows\nst10.tmp
2010-12-11 14:54:39 90112 ----a-w- c:\windows\DUMP5da0.tmp
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-14 14:28:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 14:28:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-13 19:15:25 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-11-13 19:15:25 22 --sha-w- c:\docume~1\dan\applic~1\Sys6925.Config Collection.sys
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 21:03:03 138056 ----a-w- c:\docume~1\dan\applic~1\PnkBstrK.sys
2010-10-19 21:02:37 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-19 21:02:37 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 18:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 18:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 18:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 18:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 18:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe

============= FINISH: 9:55:27.64 ===============
Attached Files
File Type: zip Attach.zip (4.5 KB, 4 views)

__________________
Truls is offline  
Old 01-15-2011, 03:12 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,832
OS: XP Win7 Ubuntu 10.10



Hello and welcome to TSF.

Quote:
I also have been experiencing BSOD when I am online gaming and doing P2P bittorrenting.
This practice can make you vulnerable to data and identity theft. Please read this sticky:

Perils of P2P File Sharing

I would strongly urge you to remove all your P2P software via Add or Remove Programs in Control Panel as suggested in our
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help page.

Quote:
  • p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues. See this link
==============================

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.

=======================
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

__________________

amateur is offline  
Old 01-15-2011, 04:19 AM   #3
Registered User
 
Join Date: Jan 2011
Posts: 11
OS: xp



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75B6000 fltmgr.sys
0xF7588000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7577000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF798B000 intelide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF74B8000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF74A0000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7463000 PCTCore.sys
0xF740C000 pctDS.sys
0xF7B3A000 pctEFA.sys
0xF7884000 TfSysMon.sys
0xF7873000 TfFsMon.sys
0xF7667000 PxHelp20.sys
0xB87E9000 KSecDD.sys
0xB875C000 Ntfs.sys
0xB872F000 NDIS.sys
0xB8715000 Mup.sys
0xF7677000 agp440.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF74E7000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xAC18C000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xAC178000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF777F000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xAC154000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7787000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xAC10B000 \SystemRoot\System32\DRIVERS\m4cxw2k3.sys
0xAC08B000 \SystemRoot\system32\drivers\ctaud2k.sys
0xAC067000 \SystemRoot\system32\drivers\portcls.sys
0xADF2E000 \SystemRoot\system32\drivers\drmk.sys
0xAC044000 \SystemRoot\system32\drivers\ks.sys
0xAC010000 \SystemRoot\system32\drivers\ctoss2k.sys
0xF77C7000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xADFD6000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF77DF000 \SystemRoot\System32\DRIVERS\fdc.sys
0xADF1E000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\point32.sys
0xF77F7000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xADF0E000 \SystemRoot\System32\DRIVERS\serial.sys
0xAD3C9000 \SystemRoot\System32\DRIVERS\serenum.sys
0xABFFC000 \SystemRoot\System32\DRIVERS\parport.sys
0xADEFE000 \SystemRoot\System32\DRIVERS\imapi.sys
0xADEEE000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xAD919000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7807000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF781F000 \SystemRoot\system32\DRIVERS\intelsmb.sys
0xAD2D9000 \SystemRoot\System32\DRIVERS\audstub.sys
0xAD909000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xAD3BD000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xABFE5000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xAD8F9000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xAD8E9000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7727000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xABFD4000 \SystemRoot\System32\DRIVERS\psched.sys
0xAD8D9000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xAD8C9000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF779F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF79D3000 \SystemRoot\System32\DRIVERS\swenum.sys
0xABF76000 \SystemRoot\System32\DRIVERS\update.sys
0xAD3B5000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xAD8B9000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79D5000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xAD8A9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA9E4B000 \SystemRoot\system32\drivers\hap16v2k.sys
0xA9D41000 \SystemRoot\system32\drivers\ha10kx2k.sys
0xA9D12000 \SystemRoot\system32\drivers\emupia2k.sys
0xA9CE9000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xA9C4D000 \SystemRoot\system32\drivers\ctac32k.sys
0xA9C32000 \SystemRoot\System32\drivers\COMMONFX.SYS
0xA9BA7000 \SystemRoot\System32\drivers\CTAUDFX.SYS
0xA9B19000 \SystemRoot\System32\drivers\CTSBLFX.SYS
0xB69E7000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xAE156000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB80D3000 \SystemRoot\System32\Drivers\Null.SYS
0xAE154000 \SystemRoot\System32\Drivers\Beep.SYS
0xA9B02000 \??\C:\WINDOWS\system32\drivers\SBREdrv.sys
0xB69CF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7797000 \SystemRoot\System32\drivers\vga.sys
0xAE152000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xAD307000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB69C7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB69BF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xACABE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA9ACF000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA9A76000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xA9A3B000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys
0xA9A15000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xACC70000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xA99ED000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA996D000 \SystemRoot\System32\vsdatant.sys
0xB85EC000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xACC60000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xA994B000 \SystemRoot\System32\drivers\afd.sys
0xACC50000 \SystemRoot\System32\DRIVERS\netbios.sys
0xADC02000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB85E8000 \SystemRoot\system32\drivers\sbaphd.sys
0xA9929000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xA98FE000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA988E000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xACC30000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9868000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xADBE2000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xAD2F9000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB8600000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB2DC2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB85FC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF792B000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xACE22000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xACE1A000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xB2DB2000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF792F000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB0C87000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9850000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79B1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xADFDE000 \SystemRoot\System32\drivers\Dxapi.sys
0xB2C24000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB80D7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA8CD0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB6880000 \SystemRoot\system32\drivers\sbapifs.sys
0xA8C34000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA8C68000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA8A1C000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6830000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8769000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xAD2F5000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA8A77000 \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys
0xA8699000 \SystemRoot\System32\DRIVERS\srv.sys
0xA7FDD000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7CDF000 \??\C:\DOCUME~1\Dan\LOCALS~1\Temp\pxtdapog.sys
0xA7B49000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
600 C:\WINDOWS\system32\smss.exe
684 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
924 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1000 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1184 C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe
1212 C:\WINDOWS\system32\nvsvc32.exe
1252 C:\WINDOWS\system32\svchost.exe
1320 svchost.exe
1440 C:\WINDOWS\system32\svchost.exe
1572 svchost.exe
1724 svchost.exe
1840 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1960 C:\WINDOWS\explorer.exe
832 C:\WINDOWS\system32\spoolsv.exe
976 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
1208 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1072 svchost.exe
536 C:\Program Files\Java\jre6\bin\jqs.exe
132 C:\WINDOWS\system32\HPZipm12.exe
1516 C:\WINDOWS\system32\PnkBstrA.exe
2176 C:\WINDOWS\system32\svchost.exe
2232 C:\WINDOWS\system32\searchindexer.exe
2528 C:\Program Files\Canon\CAL\CALMAIN.exe
2792 C:\WINDOWS\system32\wscntfy.exe
3176 alg.exe
3908 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
3916 C:\WINDOWS\system32\svchost.exe
3924 C:\WINDOWS\system32\CtHelper.exe
4040 C:\Program Files\Microsoft IntelliType Pro\itype.exe
428 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
464 C:\WINDOWS\system32\rundll32.exe
968 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2720 C:\Program Files\Mozilla Firefox\firefox.exe
3728 C:\WINDOWS\system32\searchprotocolhost.exe
3852 searchfilterhost.exe
2856 C:\Documents and Settings\Dan\My Documents\Downloads\MBRCheck(2).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAJB-00J3A0, Rev: 01.03E01
PhysicalDrive1 Model Number: WDCWD3200JB-00KFA0, Rev: 08.05J08

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
298 GB \\.\PhysicalDrive1 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495


Done!


Here is Rootkit Unhooker
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xAC18C000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 9625600 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 260.99 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6361088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 260.99 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA9D41000 C:\WINDOWS\system32\drivers\ha10kx2k.sys 1089536 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0xF7B3A000 pctEFA.sys 675840 bytes (PC Tools, PC Tools Extended File Attributes)
0xA9C4D000 C:\WINDOWS\system32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xA9B19000 C:\WINDOWS\System32\drivers\CTSBLFX.SYS 581632 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
0xB875C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA9BA7000 C:\WINDOWS\System32\drivers\CTAUDFX.SYS 569344 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
0xAC08B000 C:\WINDOWS\system32\drivers\ctaud2k.sys 524288 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xA996D000 C:\WINDOWS\System32\vsdatant.sys 524288 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xA988E000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xABF76000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA9A76000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8699000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF740C000 pctDS.sys 356352 bytes (PC Tools, PC Tools Data Store)
0xAC10B000 C:\WINDOWS\System32\DRIVERS\m4cxw2k3.sys 299008 bytes (-, -)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA7FDD000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7463000 PCTCore.sys 249856 bytes (PC Tools, PC Tools KDS Core Driver)
0xA9A3B000 C:\WINDOWS\system32\drivers\pctgntdi.sys 241664 bytes (PC Tools, PC Tools Generic TDI Driver)
0xAC010000 C:\WINDOWS\system32\drivers\ctoss2k.sys 212992 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xA9D12000 C:\WINDOWS\system32\drivers\emupia2k.sys 192512 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xF7588000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8769000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB872F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA9E4B000 C:\WINDOWS\system32\drivers\hap16v2k.sys 176128 bytes (Creative Technology Ltd, Creative EMU10KX-P16v HAL (WDM))
0xA7B49000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA98FE000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA9CE9000 C:\WINDOWS\system32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xA99ED000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA9868000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xA9A15000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8C34000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAC067000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xAC154000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xAC044000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA994B000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA9929000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF75B6000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74B8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA9C32000 C:\WINDOWS\System32\drivers\COMMONFX.SYS 110592 bytes (Creative Technology Ltd, Creative Common FX Plug-in)
0xB8715000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF74A0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9850000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xA7CDF000 C:\DOCUME~1\Dan\LOCALS~1\Temp\pxtdapog.sys 98304 bytes
0xB87E9000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xABFE5000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9B02000 C:\WINDOWS\system32\drivers\SBREdrv.sys 94208 bytes (Sunbelt Software, Anti-Rootkit Engine)
0xA8CD0000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xA8A1C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xABFFC000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xAC178000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA9ACF000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7884000 TfSysMon.sys 77824 bytes (PC Tools, ThreatFire System Monitor)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7577000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xABFD4000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7873000 TfFsMon.sys 69632 bytes (PC Tools, ThreatFire Filesystem Monitor)
0xB0C87000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xADEEE000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76C7000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7607000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB6880000 C:\WINDOWS\system32\drivers\sbapifs.sys 65536 bytes (Sunbelt Software, Sunbelt ActiveProtection Filter)
0xADF0E000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xACC60000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xADF2E000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xAD919000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB6830000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xAD8B9000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7617000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7657000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB2DB2000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xADF1E000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xAD909000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xAD8E9000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7677000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xACC30000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xADEFE000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xAD8F9000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xAD8A9000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xAD8C9000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7647000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB2DC2000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF74E7000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xAD8D9000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xACC50000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA7BA4000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7667000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xACC70000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77C7000 C:\WINDOWS\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xB69BF000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xADBE2000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7787000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF77DF000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB69CF000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xACE22000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xACE1A000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF781F000 C:\WINDOWS\system32\DRIVERS\intelsmb.sys 24576 bytes (Intel Corporation, System Management Bus 2.0 (SMBus) Driver)
0xF779F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77F7000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77FF000 C:\WINDOWS\system32\DRIVERS\point32.sys 24576 bytes (Microsoft Corporation, Point32.sys)
0xADC02000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7807000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7797000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB69E7000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB69C7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7727000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF777F000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB2C24000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA8A77000 C:\WINDOWS\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows (R) Win 7 DDK provider, CPUID Driver)
0xF792F000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xB85FC000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xAD3B5000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA8C68000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB85E8000 C:\WINDOWS\system32\drivers\sbaphd.sys 16384 bytes (Sunbelt Software, Sunbelt ActiveProtection hook driver)
0xAD3C9000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF792B000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xADFDE000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xADFD6000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xB8600000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xAD3BD000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xACABE000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB85EC000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xAD2F9000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xAE154000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79B1000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xAE156000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xAE152000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xAD2F5000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xAD307000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79D3000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79D5000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xAD2D9000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB80D7000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB80D3000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
__________________
Truls is offline  
Old 01-15-2011, 04:23 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,832
OS: XP Win7 Ubuntu 10.10



Please download ComboFix from one of these locations:

Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how, please look in here:

    How to disable your security applications

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

# Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: Please make sure that your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done that.
__________________

amateur is offline  
Old 01-15-2011, 05:09 AM   #5
Registered User
 
Join Date: Jan 2011
Posts: 11
OS: xp



ComboFix 11-01-14.01 - Dan 01/15/2011 5:40.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.866 [GMT -6:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Pro Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dan\Local Settings\Temporary Internet Files\Sys5889.Data Repository.sys

.
((((((((((((((((((((((((( Files Created from 2010-12-15 to 2011-01-15 )))))))))))))))))))))))))))))))
.

2011-01-14 01:08 . 2011-01-14 01:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-01-14 01:05 . 2011-01-14 01:05 -------- d-----w- c:\program files\Microsoft Silverlight
2011-01-14 01:03 . 2011-01-14 12:09 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{346564C3-1CD0-440B-AE7A-F644B66D2026}
2011-01-14 01:01 . 2011-01-14 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2011-01-14 01:01 . 2011-01-14 01:01 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\PackageAware
2011-01-13 23:38 . 2011-01-13 23:38 110080 ----a-r- c:\documents and settings\Dan\Application Data\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconF7A21AF7.exe
2011-01-13 23:38 . 2011-01-13 23:38 110080 ----a-r- c:\documents and settings\Dan\Application Data\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconD7F16134.exe
2011-01-13 23:38 . 2011-01-13 23:38 -------- d-----w- C:\sh4ldr
2011-01-13 23:38 . 2011-01-13 23:38 -------- d-----w- c:\program files\Enigma Software Group
2011-01-13 23:38 . 2011-01-13 23:38 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-01-13 23:38 . 2011-01-13 23:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-01-13 22:27 . 2011-01-13 22:27 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2011-01-13 22:27 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 22:27 . 2011-01-13 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-13 22:27 . 2011-01-13 22:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 22:27 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 11:31 . 2011-01-13 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2011-01-12 22:37 . 2011-01-12 22:37 -------- d-----w- c:\program files\ESET
2011-01-12 22:19 . 2011-01-12 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-01-12 21:58 . 2011-01-12 22:00 -------- d-----w- c:\documents and settings\Dan\Application Data\QuickScan
2011-01-12 21:46 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-01-12 11:23 . 2011-01-12 11:23 -------- d-----w- c:\documents and settings\Dan\Application Data\Panda Security
2011-01-12 10:56 . 2011-01-14 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2011-01-11 11:13 . 2011-01-11 11:13 -------- d-----w- C:\found.000
2011-01-08 12:59 . 2011-01-08 12:59 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\PCHealth
2011-01-07 19:44 . 2011-01-07 19:44 -------- d-----w- c:\documents and settings\Dan\Application Data\Avira
2011-01-07 19:22 . 2010-12-13 14:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-07 19:22 . 2010-12-13 14:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-07 19:22 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-01-07 19:22 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-01-07 19:22 . 2011-01-07 19:22 -------- d-----w- c:\program files\Avira
2011-01-07 19:22 . 2011-01-07 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-01-07 18:47 . 2011-01-07 18:47 -------- d-----w- c:\documents and settings\Administrator
2011-01-07 13:13 . 2011-01-07 13:13 -------- d-----w- c:\windows\system32\winrm
2011-01-07 13:13 . 2011-01-07 13:13 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-01-07 13:13 . 2011-01-07 13:13 -------- d-----w- c:\documents and settings\Dan\Application Data\Windows Desktop Search
2011-01-03 17:41 . 2011-01-03 22:59 -------- d-----w- c:\documents and settings\Dan\Application Data\ZoomBrowser EX
2011-01-03 11:46 . 2011-01-03 17:41 -------- d-----w- c:\documents and settings\Dan\Application Data\CameraWindowDC
2011-01-03 11:46 . 2011-01-03 11:46 -------- d-----w- c:\documents and settings\Dan\Application Data\CANON INC
2011-01-03 11:35 . 2011-01-03 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2011-01-03 11:34 . 2011-01-03 11:34 -------- d-----w- c:\program files\Common Files\Canon
2011-01-03 11:30 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-01-03 11:30 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-31 18:19 . 2010-12-31 18:19 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-31 18:19 . 2010-12-31 18:19 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-31 18:19 . 2010-12-31 18:19 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-31 18:19 . 2010-10-16 18:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-31 18:19 . 2010-10-16 18:55 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-12-31 18:19 . 2010-10-16 18:55 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-12-31 18:19 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-12-31 18:19 . 2010-10-16 18:55 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-12-31 18:19 . 2010-10-16 18:55 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-12-31 18:19 . 2010-10-16 18:55 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-12-31 18:19 . 2010-10-16 18:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-12-31 16:34 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-31 16:33 . 2010-12-31 16:33 -------- d-----w- C:\NVIDIA
2010-12-31 16:02 . 2010-12-31 16:02 -------- d-----w- c:\program files\Phyxion.net
2010-12-31 15:55 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-31 15:37 . 2010-12-31 18:20 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-30 16:37 . 2010-12-30 16:37 -------- d-----w- c:\program files\Common Files\COWON
2010-12-30 16:37 . 2010-12-30 16:37 -------- d-----w- c:\program files\JetAudio
2010-12-30 15:55 . 2010-12-30 15:55 -------- d-----w- c:\program files\Broderbund
2010-12-30 15:47 . 2010-12-30 15:47 -------- d-----w- C:\ROMEO_AND_JULIET
2010-12-30 02:40 . 2010-12-30 02:40 -------- d-----w- c:\program files\Reality Pump
2010-12-29 22:59 . 2010-12-29 22:59 -------- d-----w- c:\documents and settings\Dan\Application Data\Windows Search
2010-12-29 22:54 . 2010-12-29 22:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-12-29 22:46 . 2010-12-29 22:46 -------- d-----w- c:\windows\system32\XPSViewer
2010-12-29 22:46 . 2010-12-29 22:46 -------- d-----w- c:\program files\MSBuild
2010-12-29 22:45 . 2010-12-29 22:45 -------- d-----w- c:\program files\Reference Assemblies
2010-12-29 22:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-12-29 22:45 . 2010-12-29 22:45 -------- d-----w- C:\a0467d73ef5f36dc8b
2010-12-29 22:45 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-12-29 22:45 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-12-29 22:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-12-29 22:45 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-12-29 22:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-12-29 22:45 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-12-29 22:45 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-12-29 22:45 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-12-29 22:43 . 2010-12-29 22:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-29 22:41 . 2011-01-14 11:52 -------- d-----w- c:\program files\Windows Desktop Search
2010-12-29 22:41 . 2010-12-29 22:41 -------- d-----w- c:\windows\system32\GroupPolicy
2010-12-29 22:40 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-12-29 22:24 . 2010-12-29 22:24 -------- d-----w- c:\program files\Microsoft.NET
2010-12-29 02:52 . 2011-01-13 20:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-29 02:52 . 2011-01-13 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-28 12:43 . 2010-12-28 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-12-18 13:35 . 2010-12-18 13:35 -------- d-----w- c:\program files\Sophos
2010-12-16 20:48 . 2010-12-16 20:48 -------- d-----w- c:\documents and settings\Dan\Application Data\Reviversoft
2010-12-16 20:48 . 2010-12-16 20:48 -------- d-----w- c:\program files\Reviversoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-09 13:20 . 2010-10-11 00:45 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-09 13:19 . 2010-10-11 00:44 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-09 13:19 . 2010-10-11 00:44 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-14 23:22 . 2010-12-14 23:22 0 ----a-w- c:\windows\nsd6.tmp
2010-12-14 11:19 . 2010-12-14 11:19 0 ----a-w- c:\windows\nsy20.tmp
2010-12-14 11:18 . 2010-12-14 11:18 0 ----a-w- c:\windows\nsu1C.tmp
2010-12-14 11:18 . 2010-12-14 11:18 0 ----a-w- c:\windows\nsv18.tmp
2010-12-14 11:17 . 2010-12-14 11:17 0 ----a-w- c:\windows\nsy14.tmp
2010-12-14 11:17 . 2010-12-14 11:17 0 ----a-w- c:\windows\nst10.tmp
2010-12-11 14:54 . 2010-12-10 23:33 90112 ----a-w- c:\windows\DUMP5da0.tmp
2010-11-18 18:12 . 2010-09-10 15:39 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-14 14:28 . 2010-11-14 14:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 14:28 . 2010-11-14 14:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-13 19:15 . 2010-11-13 19:15 22 --sha-w- c:\documents and settings\Dan\Application Data\Sys6925.Config Collection.sys
2010-11-09 14:52 . 2003-03-31 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2003-03-31 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2003-03-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2003-03-31 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 21:03 . 2010-10-19 21:03 138056 ----a-w- c:\documents and settings\Dan\Application Data\PnkBstrK.sys
2010-10-19 21:02 . 2010-10-19 21:02 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-10-19 21:02 . 2010-10-10 12:38 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-07-21 1038848]
"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"f:\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Reality Pump\\Earth 2160\\Earth2160_NO_SSE.exe"=
"c:\\Program Files\\Reality Pump\\Earth 2160\\Earth2160_SSE.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/13/2010 2:35 AM 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [10/13/2010 2:36 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [10/13/2010 2:36 AM 656320]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [10/13/2010 2:36 AM 247824]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/12/2010 7:11 PM 21464]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/13/2010 6:56 AM 98392]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [11/13/2010 5:33 PM 20328]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/12/2010 7:11 PM 69976]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;c:\windows\system32\drivers\m4cxw2k3.sys [11/16/2010 3:52 PM 298752]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/27/2010 5:10 PM 5248]
S3 jswmidin;jswmidin;\??\c:\docume~1\Dan\LOCALS~1\Temp\jswmidin.sys --> c:\docume~1\Dan\LOCALS~1\Temp\jswmidin.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [1/4/2011 3:59 PM 19056]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [10/13/2010 2:35 AM 70536]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*Deregistered* - Normandy
*Deregistered* - pxtdapog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
WINRM REG_MULTI_SZ WINRM
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\vb2c74un.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-01-15 05:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(768)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-01-15 06:04:45
ComboFix-quarantined-files.txt 2011-01-15 12:04

Pre-Run: 214,730,526,720 bytes free
Post-Run: 215,106,834,432 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 0F74E6B1A9C48CDB5F06418A2163F72B
__________________
Truls is offline  
Old 01-15-2011, 05:57 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,832
OS: XP Win7 Ubuntu 10.10



Hi,

SpyHunter used to be black listed. It doesn't rate very well in the community. When you have an excellent program like Malawarebytes' Anti-Malware installed, I don't see any point of keeping it. I would recommend that you remove it via Add or Remove Programs in Control Panel.

Was PC Tools' ThreatFire installed on this machine at some point?
======================
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

======================

Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
__________________

amateur is offline  
Old 01-15-2011, 12:50 PM   #7
Registered User
 
Join Date: Jan 2011
Posts: 11
OS: xp



Removed Spyhunter from my system.

I don't think I ever installed PC Threatfire but I have PC Spyware Doctor installed on my system. Not 100% sure about PC Threatfire but I don't think so, I have installed as of late a lot of programs trying to solve this problem before finding this website and your selfless help, which is very appreciated.


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5524

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/15/2011 1050 AM
mbam-log-2011-01-15 (10-06-50).txt

Scan type: Quick scan
Objects scanned: 146624
Time elapsed: 17 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the ESET scan.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=fdc1ce403f5fe04e97b6ff819f1ebe12
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-13 10:34:05
# local_time=2011-01-13 04:34:05 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=256 16777215 100 0 7018620 7018620 0 0
# compatibility_mode=1538 16774118 20 3 0 122475012 0 0
# compatibility_mode=1797 16775125 100 93 0 30462073 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 132663 14956078 0 0
# scanned=118713
# found=1
# cleaned=1
# scan_time=42527
C:\Program Files\jv16 PowerTools 2010\Backups\000F5B\70a2f43e-40e05c31 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=fdc1ce403f5fe04e97b6ff819f1ebe12
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-15 07:04:09
# local_time=2011-01-15 01:04:09 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=256 16777215 100 0 7254213 7254213 0 0
# compatibility_mode=1797 16775125 100 93 0 30697666 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 153242 153242 0 0
# compatibility_mode=9217 16777214 75 70 368256 15191671 0 0
# scanned=114084
# found=2
# cleaned=0
# scan_time=10337
C:\Documents and Settings\Dan\My Documents\Downloads\DriverReviverSetup.exe a variant of Win32/Adware.RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Reviversoft\Driver Reviver\ASOHelper.dll a variant of Win32/Adware.RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
__________________
Truls is offline  
Old 01-15-2011, 01:50 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,832
OS: XP Win7 Ubuntu 10.10



Hi,

Quote:
Removed Spyhunter from my system.
Good.

Quote:
have installed as of late a lot of programs trying to solve this problem
Yes, I noticed. Are they paid subscriptions? I don't think you really need to keep them all installed, especially if they are not paid subscriptions. I would just keep one of them and uninstall the others, and my choice would be Malwarebytes' Anti-Malware to keep, which has both the paid and the free versions.

Spyware Doctor 8.0
SUPERAntiSpyware
CounterSpy
TrojanHunter 5.3
Malwarebytes' Anti-Malware


========================

As for the files which ESET reports, the application itself, Driver Reviver, is classified in the grey area by experts. Therefore, I would recommend its removal from Add or Remove Programs in Control Panel and delete its installer from your Downloads folder.

C:\Documents and Settings\Dan\My Documents\Downloads\DriverReviverSetup.exe

You can also delete its folder once the application is uninstalled:

C:\Program Files\Reviversoft

You also have CCleaner installed. Please make sure that you do not use the Registry section unless you know exactly what you're doing.

=====================

Please post a fresh set of DDS logs (DDS.txt and Attach.txt) and let me know how the system is running now. You may have to name the Attach.txt as Attach2.txt to be able to attach it the second time.
__________________

amateur is offline  
Old 01-15-2011, 02:53 PM   #9
Registered User
 
Join Date: Jan 2011
Posts: 11
OS: xp



I have also uninstalled Trojan Hunter, driver reviver, and Super Antispyware. The others are paid for.
Do you think this TR/Crypt.XPACK.Gen is a false positive? I have emailed Avira with this question, still waiting for an answer.
I scanned the windows temp file again (with counterspy)and nothing showed up and the scan took like one second,before it took like 7 minutes. There is only 1 file in there now. Plan on doing a full scan to see if it pops up again, will let you know after scan.




DDS (Ver_10-12-12.02) - NTFSx86
Run by Dan at 15:22:37.15 on Sat 01/15/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.765 [GMT -6:00]

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Pro Firewall *Enabled*

============== Running Processes ===============

C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Dan\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [CTHelper] "CTHELPER.EXE"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [nwiz] "c:\program files\nvidia corporation\nview\nwiz.exe" /installquiet
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\windows search.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284142087625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\vb2c74un.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\vb2c74un.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\vb2c74un.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\vb2c74un.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\firefox\profiles\vb2c74un.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\firefox\profiles\vb2c74un.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\firefox\profiles\vb2c74un.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-13 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-10-13 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-10-13 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-12-6 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-12-6 68880]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-7 11608]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-10-13 247824]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-10-12 21464]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-10-8 528128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-7 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-7 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-7 61960]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-13 20328]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-10-12 69976]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;c:\windows\system32\drivers\m4cxw2k3.sys [2010-11-16 298752]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S?4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-13 38224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2010-10-9 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
S2 SBAMSvc;CounterSpy Antispyware;c:\program files\sunbelt software\counterspy\SBAMSvc.exe [2010-8-20 2763080]
S2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\counterspy\SBPIMSvc.exe [2010-8-20 181584]
S2 SessionLauncher;SessionLauncher;c:\docume~1\dan\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\dan\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-10-10 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 jswmidin;jswmidin;\??\c:\docume~1\dan\locals~1\temp\jswmidin.sys --> c:\docume~1\dan\locals~1\temp\jswmidin.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-3-31 14336]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-1-4 19056]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-10-13 70536]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2010-10-9 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-10-13 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-10-13 1145816]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x86l.sys [2009-9-22 60928]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x86v.sys [2009-8-27 20992]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-12-6 33552]
S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-15 11:38:01 -------- d-sha-r- C:\cmdcons
2011-01-15 11:32:11 98816 ----a-w- c:\windows\sed.exe
2011-01-15 11:32:11 89088 ----a-w- c:\windows\MBR.exe
2011-01-15 11:32:11 256512 ----a-w- c:\windows\PEV.exe
2011-01-15 11:32:11 161792 ----a-w- c:\windows\SWREG.exe
2011-01-14 01:03:26 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{346564C3-1CD0-440B-AE7A-F644B66D2026}
2011-01-14 01:01:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2011-01-14 01:01:07 -------- d-----w- c:\docume~1\dan\locals~1\applic~1\PackageAware
2011-01-13 23:38:33 -------- d-----w- c:\program files\Enigma Software Group
2011-01-13 23:38:14 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-01-13 23:38:09 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-01-13 22:27:56 -------- d-----w- c:\docume~1\dan\applic~1\Malwarebytes
2011-01-13 22:27:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 22:27:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-13 22:27:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 22:27:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 11:31:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\CA
2011-01-12 22:37:55 -------- d-----w- c:\program files\ESET
2011-01-12 22:19:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2011-01-12 21:58:31 -------- d-----w- c:\docume~1\dan\applic~1\QuickScan
2011-01-12 21:46:01 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-01-12 11:23:16 -------- d-----w- c:\docume~1\dan\applic~1\Panda Security
2011-01-12 10:56:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2011-01-11 11:13:45 -------- d-----w- C:\found.000
2011-01-08 12:59:12 -------- d-----w- c:\docume~1\dan\locals~1\applic~1\PCHealth
2011-01-07 19:44:40 -------- d-----w- c:\docume~1\dan\applic~1\Avira
2011-01-07 19:22:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-07 19:22:17 -------- d-----w- c:\program files\Avira
2011-01-07 19:22:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-01-07 13:13:45 -------- d-----w- c:\windows\system32\winrm
2011-01-07 13:13:39 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-01-07 13:13:16 -------- d-----w- c:\docume~1\dan\applic~1\Windows Desktop Search
2011-01-03 17:41:49 -------- d-----w- c:\docume~1\dan\applic~1\ZoomBrowser EX
2011-01-03 11:46:37 -------- d-----w- c:\docume~1\dan\applic~1\CameraWindowDC
2011-01-03 11:46:36 -------- d-----w- c:\docume~1\dan\applic~1\CANON INC
2011-01-03 11:35:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2011-01-03 11:34:32 -------- d-----w- c:\program files\common files\Canon
2011-01-03 11:30:41 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-01-03 11:30:40 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-31 18:19:55 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-31 18:19:51 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-31 18:19:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-31 18:19:41 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-31 18:19:41 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-12-31 18:19:41 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-12-31 18:19:41 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-12-31 18:19:41 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-12-31 18:19:41 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-12-31 18:19:40 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-12-31 18:19:40 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-12-31 16:34:24 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-31 16:33:45 -------- d-----w- C:\NVIDIA
2010-12-31 16:02:18 -------- d-----w- c:\program files\Phyxion.net
2010-12-31 15:55:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-31 15:37:39 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-30 16:37:42 -------- d-----w- c:\program files\common files\COWON
2010-12-30 16:37:40 -------- d-----w- c:\program files\JetAudio
2010-12-30 15:55:24 -------- d-----w- c:\program files\Broderbund
2010-12-30 15:47:57 -------- d-----w- C:\ROMEO_AND_JULIET
2010-12-30 02:40:23 -------- d-----w- c:\program files\Reality Pump
2010-12-29 22:59:40 -------- d-----w- c:\docume~1\dan\applic~1\Windows Search
2010-12-29 22:46:07 -------- d-----w- c:\windows\system32\XPSViewer
2010-12-29 22:45:35 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-12-29 22:45:15 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-12-29 22:45:15 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-12-29 22:45:15 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-12-29 22:45:15 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-12-29 22:45:15 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-12-29 22:45:15 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-12-29 22:45:15 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-12-29 22:45:15 117760 ------w- c:\windows\system32\prntvpt.dll
2010-12-29 22:45:15 -------- d-----w- C:\a0467d73ef5f36dc8b
2010-12-29 22:41:26 -------- d-----w- c:\program files\Windows Desktop Search
2010-12-29 22:41:25 -------- d-----w- c:\windows\system32\GroupPolicy
2010-12-29 22:40:45 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-12-29 02:52:33 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-29 02:52:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-12-29 02:52:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-12-28 12:43:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-12-18 13:35:27 -------- d-----w- c:\program files\Sophos

==================== Find3M ====================

2011-01-09 13:19:00 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-09 13:19:00 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-14 23:22:45 0 ----a-w- c:\windows\nsd6.tmp
2010-12-14 11:19:15 0 ----a-w- c:\windows\nsy20.tmp
2010-12-14 11:18:37 0 ----a-w- c:\windows\nsu1C.tmp
2010-12-14 11:18:24 0 ----a-w- c:\windows\nsv18.tmp
2010-12-14 11:17:37 0 ----a-w- c:\windows\nsy14.tmp
2010-12-14 11:17:28 0 ----a-w- c:\windows\nst10.tmp
2010-12-11 14:54:39 90112 ----a-w- c:\windows\DUMP5da0.tmp
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-14 14:28:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 14:28:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-13 19:15:25 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-11-13 19:15:25 22 --sha-w- c:\docume~1\dan\applic~1\Sys6925.Config Collection.sys
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 21:03:03 138056 ----a-w- c:\docume~1\dan\applic~1\PnkBstrK.sys
2010-10-19 21:02:37 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-19 21:02:37 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe

============= FINISH: 15:24:11.64 ===============
Attached Files
File Type: txt Attach2.txt (14.2 KB, 1 views)
__________________
Truls is offline  
Old 01-15-2011, 03:57 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,832
OS: XP Win7 Ubuntu 10.10



Quote:
Do you think this TR/Crypt.XPACK.Gen is a false positive?
I have not seen that file in any of the logs. Was that the only issue you had?
Quote:
I also have been experiencing BSOD
Is this still occuring?
Quote:
I scanned the windows temp file again (with counterspy)and nothing showed up and the scan took like one second,before it took like 7 minutes.
TEMP folder is purged by our tools. So, it's not surprising that it took less time to scan now.

Please go to Start > Run. Copy/Paste the following command and press Enter:

sc delete SASDIFSV and then click OK.

Repeat the same for each of the following (one at a time):


SASKUTIL
esgiguard
jswmidin
ThreatFire


=============================

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"c:\windows\nsd6.tmp"
"c:\windows\nsy20.tmp"
"c:\windows\nsu1C.tmp"
"c:\windows\nsv18.tmp"
"c:\windows\nsy14.tmp"
"c:\windows\nst10.tmp"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (
"c:\program files\Enigma Software Group"
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
C:\found.000
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:

Double click on fix.bat & allow it to run

Post back to tell me what it says.
__________________

amateur is offline  
Old 01-16-2011, 05:21 AM   #11
Registered User
 
Join Date: Jan 2011
Posts: 11
OS: xp



Yes, this is the only issue I had. I ran the counterspy scan and nothing showed up but some cookies, so it is gone.
I am still experiencing BSOD when online gaming. After shut down and reboot the window message is its a device driver. Which one I don't know.

After I ran the fix.bat file it said delete successful!!
__________________
Truls is offline  
Old 01-16-2011, 10:37 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,832
OS: XP Win7 Ubuntu 10.10



Quote:
Yes, this is the only issue I had. I ran the counterspy scan and nothing showed up but some cookies, so it is gone.
Glad to hear that.

Quote:
I am still experiencing BSOD when online gaming.
If it's only happening when you're online-gaming, then it may be a software or hardware issue related to the game.

Quote:
After shut down and reboot the window message is its a device driver. Which one I don't know.
What's the exact message and the name of the driver?
__________________

amateur is offline  
Old 01-16-2011, 04:56 PM   #13
Registered User
 
Join Date: Jan 2011
Posts: 11
OS: xp



Its also happening when I am using p2p.


The BSOD says IRQL_Not_less or equal
stop 0x0000000A
(0xe6aeee4f,
0x00000002,
0x00000000,
0x804e53ce

Error Signature is
Bccode: 1000000a
Bcp1: e6aeee4f
bcp2: 00000002
bcp3: 00000000
bcp4: 804e53ce
osver 5.1.2600
sp 3_0
product 768
__________________
Truls is offline  
Old 01-17-2011, 01:33 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,832
OS: XP Win7 Ubuntu 10.10



Quote:
Its also happening when I am using p2p.
Well, we do not condone and support p2p applications. In fact, I've advised strongly that you remove them. I see that you're still using it. Many forums refuse help if p2p applications are installed on a machine.

Having said that, the error messages will be better evaluated at the Windows XP forum. I am trained for malware removal, and I do not see any malware in the system. I suggest that you post your issues at our XP forum. They might direct you to the hardware forum if the error messages are pointing to a hardware issue.

Since the system appears to be clean as far as malware is concerned, we can finish up here.

Please delete the MBRcheck.exe, RootkitUnhooker and GMER from your desktop.

Disable your antivirus application as you've done before .
  • Click Start then Run
  • Now type ComboFix /Uninstall in the run box and click OK. Notice the space between the Combofix and the /
.

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

You may re-enable your antivirus application now.

It's vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Secunia Software Inspector Scan can help you find out which programs need to be updated.

Please visit our General Computer Security Forum and review PC Safety and Security - What Do I Need? for some helpful information.

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

Surf Safely and Think Prevention!
__________________

amateur is offline  
Old 01-17-2011, 04:15 AM   #15
Registered User
 
Join Date: Jan 2011
Posts: 11
OS: xp



Thanks for your help, once again, Amateur. I will check out the window forum for the BSOD.

Thanks you!!!!!!!!!!
__________________
Truls is offline  
Old 01-17-2011, 04:17 AM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,832
OS: XP Win7 Ubuntu 10.10



You're welcome. Stay safe!

__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Google Redirecting Virus (reposting after 2 weeks)
So when i ever i click on a link from a google search i am redirected to a new website. I haven't recently downloaded anything that i think maybe the cause. My computer is just an old hp running xp with 768mb ram. The problem happens in all browsers but the ones i use most are Firefox and...
blackbrawler Inactive Malware Help Topics 23 03-20-2011 08:12 PM
Trojan Horse Backdoor.Generic12.CJBK Help
Hello, I am running Windows XP Service Pack 3 and recently my AVG Virus Scan 9.0 found the following Trojan Horse which it cannot seem to get rid off: Trojan Horse Backdoor.Generic12.CJBK Please help me in eliminating this trojan. I followed the "First Steps" as requested and will post...
alegotgame Resolved HJT Threads 21 01-27-2011 12:51 AM
Trojan Virus Help
I let my dad borrow my laptop for the weekend. All of a sudden when I run my usual weekly AVG virus scan it shows that I have a Trojan Horse Generic 20.BGPU whatever that is, located in my Temp/csrss.exe (10552). Now some webpage's links don't load, or I get redirected to another page. Please...
Waffles4me Resolved HJT Threads 8 01-07-2011 03:24 PM
Bad Trojan infection
I've got a bad infection and would really appreciate any help! Relatively new HP dm4t running the latest Windows 7 Home Premium with Symantec Endpoint Protection (SEP). It's quarantined a bunch of trojan files and Bloodhound.PDF.20 files, all found in my appdata\local\temp folder. I will...
konriar Inactive Malware Help Topics 0 01-03-2011 07:16 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 05:09 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts