Malware??

Ok, I think I may have got it, but I would like someone to look over this new Hijack Log.

Skuby

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:06:19 PM, on 6/10/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\audio\r203425\STacSV.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\Magnify.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\RPS\Lib\RPSProxy.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - .DEFAULT User Startup: sauqy.exe (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com/.../gp.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

O23 - Service: RPSProxy (ProxyManager) - RBEI - C:\RPS\Lib\RPSProxy.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r203425\STacSV.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--

End of file - 5301 bytes

gahixon1, an Advanced Trainee in SpywareHammer Academy, will assist you with your problem.  Please be patient while he determines the proper steps to take.

Hello Skuby and welcome to Dell Forums,

My name is George and I will be assisting you with your problem.

Please follow all my instructions carefully in the order that I give them.

Please give a VERY clear description of the problem you are having. The more detailed, the quicker we will be able to work through the problem together.

Do not install any updates until I tell you to do so. Updating an infected computer can have disastrous effects.

Do not attempt any other fixes than what I give you here. Using other tools might interfere with the cleaning process. It may also damage your computer.

Either print or save to Notepad all the instructions that I give you. If there is anything you are unsure of or any instructions you feel lack clarity, please do not hesitate to ask.

Some of the logs I may ask for are very long and complex. As is analysing these logs. My responses to you may take longer than you would expect. I assure you that I will work through your problem and a solution as quick as I can.

I am currently an advanced trainee in Malware removal at SpywareHammer Academy. My posts have to be approved by a Mentor before posting, so my responses may take longer than expected; all I ask is that you please be patient.

Could I please have the previous logs from MBAM that you have run. To do this please navigate within the MBAM interface click the Logs tab, and copy and paste the most recent logs.

Step 1
Run Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Step 2
DDS
We need to see some additional information about what is happening in your machine.
Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
• DDS.com
• DDS.scr
• DDS.pif

   

   

• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• When done, DDS will open two (2) logs
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.
• The instructions here ask you to attach the Attach.txt.
  
  
  
• Instead of attaching, please copy/paste both logs into your next reply.

   

  Please note: You may have to disable any script protection running if the scan fails to run.
  After downloading the tool, disconnect from the internet and disable all antivirus protection.
  Run the scan, enable your A/V and reconnect to the internet.
  Information on A/V control here

  In your next reply can I have:
  The current issues you are having
  DDS.txt
  Attach.txt
  The new MBAM log

  The previous MBAM logs.

It was redirecting every search I did, and when the outgoing traffic should have been nil, it was very active..

Below is the current mbam log and the current DDS log.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6827

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/11/2011 4:09:09 PM

mbam-log-2011-06-11 (16-09-09).txt

Scan type: Quick scan

Objects scanned: 173877

Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

_______________________________________

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_26

Run by Jarrad Owenby at 16:11:13 on 2011-06-11

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3034.2361 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\audio\r203425\STacSV.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\Magnify.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\RUNDLL32.EXE

C:\RPS\Lib\RPSProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - No File

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 166.102.165.11 207.91.5.20 166.102.165.13

TCP: Interfaces\{2BAF89A4-EB21-4308-9117-44943AA57158} : DhcpNameServer = 166.102.165.11 207.91.5.20 166.102.165.13

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 relog_ap

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jarrad owenby\application data\mozilla\firefox\profiles\bftsqx14.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-11 64288]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-11 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-11 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-11 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-11 61960]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-10 366640]

R2 ProxyManager;RPSProxy;c:\rps\lib\RPSProxy.exe [2008-5-29 118784]

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-4-6 108160]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-10 22712]

R3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [2009-4-6 148056]

R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-4-6 133632]

R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-4-6 271552]

R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-4-12 31616]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-4-6 157696]

S1 FPUSB;SecuGen USB FRD Service;c:\windows\system32\drivers\VenusDrv.sys [2009-4-14 21808]

S3 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-3-16 9472]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2011-06-10 16:13:48 -------- d-----w- c:\documents and settings\jarrad owenby\application data\Malwarebytes

2011-06-10 16:13:43 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-10 16:13:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-10 16:13:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-10 16:13:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-10 13:09:01 -------- d-----w- c:\documents and settings\jarrad owenby\local settings\application data\PCHealth

2011-06-10 11:26:27 -------- d-----w- c:\documents and settings\jarrad owenby\application data\vmntemplate

2011-06-10 02:35:15 -------- d-----w- c:\documents and settings\jarrad owenby\application data\SUPERAntiSpyware.com

2011-06-10 02:35:15 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-06-10 02:35:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-10 00:57:24 388096 ----a-r- c:\documents and settings\jarrad owenby\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-06-10 00:57:24 -------- d-----w- c:\program files\Trend Micro

2011-06-09 17:39:22 -------- d-----w- c:\documents and settings\jarrad owenby\application data\Registry Booster

2011-06-09 17:39:12 -------- d-----w- c:\program files\Uniblue

2011-05-15 11:24:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M  ====================

.

2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-04-25 13:04:00 112 ----a-w- c:\windows\rps.sys

.

============= FINISH: 16:11:41.23 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-03.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 4/11/2009 11:52:08 AM

System Uptime: 6/11/2011 12:39:48 PM (4 hours ago)

.

Motherboard: Dell Inc. |  | 0G848F

Processor: Genuine Intel(R) CPU             585  @ 2.16GHz | Microprocessor | 2161/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 190.336 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller

Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2

Manufacturer: Marvell

Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller

PNP Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2

Service: yukonwxp

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

3VR Client Applications

ABBYY FineReader 6.0 Sprint

Acrobat.com

Acronis True Image Home

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

Advanced Audio FX Engine

Advanced Video FX Engine

Apple Mobile Device Support

Apple Software Update

ATM Diagnostic Status Code Translator 3.0

Avira AntiVir Personal - Free Antivirus

Bonjour

Brother HL-2070N

CCleaner

Compatibility Pack for the 2007 Office system

ContentManager

Dell DataSafe Online

Dell Support Center (Support Software)

Dell System Restore

Dell Touchpad

Dell Webcam Central

Dell Wireless WLAN Card Utility

Documentation & Support Launcher

DVR Control Panel 8.1.1

Games, Music, & Photos Launcher

Google Update Helper

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954434)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB958347)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB971276-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Integrated Webcam Driver (1.02.01.0320)  

Intel(R) Graphics Media Accelerator Driver

Intel(R) Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel(R) Architecture

Intel® Matrix Storage Manager

Internet Service Offers Launcher

iTunes

iTunes Agent 1.3.4

Java Auto Updater

Java(TM) 6 Update 26

Junk Mail filter update

LegalSounds Music Downloader 1.8

Malwarebytes' Anti-Malware version 1.51.0.1200

Mandarin Palace Casino

March Networks Administrator Console

March Networks Installer Console

March Networks Live Monitoring Console

Marvell Miniport Driver

Micrografx Windows Draw 6 LE

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Management Studio Express

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Windows Script Host

Microsoft Works

MotoHelper 2.0.24 Driver 4.7.1

MotoHelper MergeModules

Motorola Mobile Drivers Installation 4.7.1

Mozilla Firefox 4.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

OGA Notifier 2.0.0048.0

PowerDVD

QuickSet

QuickTime

Remote Link

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

RPS

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

SMS_3.38.11

Sony Picture Utility

Sony USB Driver

Spelling Dictionaries Support For Adobe Reader 9

SUPERAntiSpyware

Uniblue Registry Booster

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB898461)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Vid-Center 5.1.1 (Build 23411)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

WhiteSmoke Toolbar

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell(TM) 1.0

Windows PowerShell(TM) 1.0 MUI pack

Windows Presentation Foundation

WinImage

XML Paper Specification Shared Components Pack 1.0

XPS Essentials Pack

XPS Essentials Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

6/9/2011 8:29:47 PM, error: Service Control Manager [7031]  - The Lavasoft Ad-Aware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

6/9/2011 11:14:56 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD APPDRV avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip

6/8/2011 7:56:51 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/8/2011 7:53:40 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

6/8/2011 7:37:04 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  APPDRV avgio avipbb Fips intelppm ssmdrv

6/8/2011 4:01:47 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD APPDRV avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

6/8/2011 4:01:47 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.

6/8/2011 4:01:47 PM, error: Service Control Manager [7001]  - The RPSProxy service depends on the Computer Browser service which failed to start because of the following error:  The dependency service or group failed to start.

6/8/2011 4:01:47 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.

6/8/2011 4:01:47 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

6/8/2011 4:01:47 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.

6/8/2011 4:01:47 PM, error: Service Control Manager [7001]  - The ATM ARP Client Protocol service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

6/8/2011 4:01:28 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

6/8/2011 3:31:24 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

6/8/2011 2:09:45 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/8/2011 11:35:57 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

6/8/2011 11:04:24 PM, error: Service Control Manager [7024]  - The SQL Server Active Directory Helper service terminated with service-specific error 3221225572 (0xC0000064).

6/8/2011 11:04:24 PM, error: Service Control Manager [7001]  - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:  The system cannot find the file specified.

6/8/2011 11:04:24 PM, error: Service Control Manager [7000]  - The Microsoft TV/Video Connection service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

6/8/2011 11:04:24 PM, error: Service Control Manager [7000]  - The MBAMProtector service failed to start due to the following error:  The system cannot find the file specified.

6/8/2011 11:04:24 PM, error: Service Control Manager [7000]  - The Bluetooth PAN Network Adapter service failed to start due to the following error:  The system cannot find the file specified.

6/8/2011 11:04:24 PM, error: Service Control Manager [7000]  - The Bluetooth Device (Personal Area Network) service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

6/8/2011 11:02:55 PM, error: Service Control Manager [7034]  - The Marvell Yukon Service service terminated unexpectedly.  It has done this 1 time(s).

.

==== End Of File ===========================

Hi Skuby,

Have the redirects stopped now?

I also need to see the previous MBAM logs that I asked for previously.

Step 1
TDSSKiller

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt

• ". Please copy and paste the contents of that file here.

TDSSKiller.txt

The previous MBAM logs

Yes, they have stopped. Unfortunately, I lost the previous logs of Mbam, due to constant error codes with the software and had to use mbam-clean and re-install it.  Each of the softwares found a trojan. the main one was Gen-ProxyBot. Also I found the program AVCheck.exe.

I can not find the TDSSKiller log and it currently is finding no threats, so no log. However below is a report.

2011/06/11 20:27:53.0843 3928 TDSS rootkit removing tool 2.5.4.0 Jun  7 2011 17:31:48

2011/06/11 20:27:54.0296 3928 ================================================================================

2011/06/11 20:27:54.0296 3928 SystemInfo:

2011/06/11 20:27:54.0296 3928

2011/06/11 20:27:54.0296 3928 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/11 20:27:54.0296 3928 Product type: Workstation

2011/06/11 20:27:54.0296 3928 ComputerName: SKUBYDOOOO

2011/06/11 20:27:54.0296 3928 UserName: Jarrad Owenby

2011/06/11 20:27:54.0296 3928 Windows directory: C:\WINDOWS

2011/06/11 20:27:54.0296 3928 System windows directory: C:\WINDOWS

2011/06/11 20:27:54.0296 3928 Processor architecture: Intel x86

2011/06/11 20:27:54.0296 3928 Number of processors: 1

2011/06/11 20:27:54.0296 3928 Page size: 0x1000

2011/06/11 20:27:54.0296 3928 Boot type: Normal boot

2011/06/11 20:27:54.0296 3928 ================================================================================

2011/06/11 20:27:54.0562 3928 Initialize success

Hi Skuby

That TDSS log you posted was incomplete. Is that all that was in the text file? If not can you post the entire contents of the TDSS log please. The logs can be found at C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt.

So far I can't see any evidence that your computer is still infected. Are there any symptoms that remain as we speak ?

I'd like to do a thorough RKU scan to be sure. As follows please.

Step 1
RKUnhooker

Please download

Rootkit Unhooker and save it on your desktop.
http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE

• Temporarily disable your antivirus and antimalware real-time protection before performing a scan by following the directions that apply HERE
• Double-click RKUnhookerLE.EXE to run the program
• Click the Report tab, then click Scan
• Check Drivers, and Stealth Code
• UNCheck the rest of the scan options, then click OK
• Wait until the scanner has finished then select File > Save Report
• Save the report somewhere you can find it. Click Close
• Re-enable your security programs
• Copy the entire contents of the report and paste it in your next reply.

Note: You may get this warning. If so, please ignore it.
"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

In your next reply:

RKU.txt
Complete TDSSkiller.txt

Current Symptoms of Malware being present

All symptoms seem to have ceased.

TDSS will not produce a log and I still am unable to locate the one with a previous find.

Thanks for looking into this with me.

Below is the RK log:

RkU Version: 3.8.389.593, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0xB7DCB000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6049792 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xBF297000 C:\WINDOWS\System32\igxpdx32.DLL 3461120 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)

0xBF058000 C:\WINDOWS\System32\igxpdv32.DLL 2355200 bytes (Intel Corporation, Component GHAL Driver)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2069376 bytes

0x804D7000 RAW 2069376 bytes

0x804D7000 WMIxWDM 2069376 bytes

0xBF800000 Win32k 1867776 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1867776 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xB7C17000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1392640 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)

0x9D7E4000 C:\WINDOWS\system32\drivers\sthda.sys 1327104 bytes (IDT, Inc., IDT PC Audio)

0x96EDB000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 851968 bytes

0xB9E53000 iaStor.sys 851968 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0xB9D7C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xB7B6E000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)

0x97035000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB9CF0000 timntr.sys 389120 bytes (Acronis, Acronis True Image Backup Archive Explorer)

0xB7A71000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0x9D6D4000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0x96A9B000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xBF5E4000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0x96FCC000 C:\WINDOWS\system32\DRIVERS\OA009Vid.sys 274432 bytes (Creative Technology Ltd., Video Capture Device Driver)

0x963E4000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 212992 bytes (Intel Corporation, Intel Graphics 2D Driver)

0xB7ACF000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xB7BEA000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 184320 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)

0xB9D4F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0x970A5000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x970D0000 C:\WINDOWS\System32\Drivers\RTS5121.sys 172032 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for 2K/XP/Vista)

0xB7D6B000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0x9D6AC000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0x9700F000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)

0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0x970FA000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xB7B27000 C:\WINDOWS\system32\DRIVERS\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB7D93000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB7B4B000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0x9D7A6000 C:\WINDOWS\system32\Drivers\OA009Afx.sys 143360 bytes (Creative Technology Ltd., Advanced Audio FX Driver)

0x9D68A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x97120000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)

0x96FAB000 C:\WINDOWS\system32\DRIVERS\OA009Ufd.sys 135168 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)

0x806D1000 ACPI_HAL 131968 bytes

0x806D1000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB9E33000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0x9D7C9000 C:\WINDOWS\system32\drivers\AESTAud.sys 110592 bytes (Andrea Electronics Corporation, Andrea Audio Driver)

0xB9CD5000 snapman.sys 110592 bytes (Acronis, Acronis Snapshot API)

0xB9CBB000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB9E1C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB7B10000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x96E86000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)

0x96DD1000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB7DB7000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0x9D72D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xB9E09000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)

0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB7AFF000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0x9804C000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xBA158000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xBA318000 C:\WINDOWS\system32\DRIVERS\atmarpc.sys 61440 bytes (Microsoft Corporation, IP/ATM Arp Client)

0xBA198000 C:\WINDOWS\system32\DRIVERS\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xBA0F8000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)

0xBA168000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0x9801C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xA60A0000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xBA128000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xBA1A8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xBA138000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xBA1C8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x98AC3000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xBA148000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xBA1B8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xBA178000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)

0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xA60B0000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xBA1E8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0x967DB000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)

0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0x9803C000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xBA188000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xBA1D8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xA2C6C000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xBA108000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0x98AD3000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xBA418000 C:\WINDOWS\system32\DRIVERS\livecamv.sys 32768 bytes

0xA31DA000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0x9CE41000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 32768 bytes (Acronis, Acronis True Image File System Filter)

0x986D4000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xBA390000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xA31F2000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x9CE51000 C:\DOCUME~1\JARRAD~1\LOCALS~1\Temp\mbr.sys 28672 bytes

0xBA410000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xBA408000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0x986DC000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)

0xA31D2000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)

0xBA388000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xA31EA000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xA31E2000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xBA328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xBA428000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xBA430000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)

0xBA420000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0x979CD000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0x98D26000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)

0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)

0xB9C46000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xB9C52000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)

0xB9BC6000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0x97A15000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x97A21000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0x97E09000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xA431D000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)

0x97E05000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xB9C3E000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xA4311000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xB9C42000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0x9997C000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)

0xBA64C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xBA64A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xBA64E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xBA650000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xBA5E2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xBA608000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xBA6DA000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xBA772000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0x9E9E3000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

==============================================

>Stealth

==============================================

Hi Skuby,

That log showed something potentially untoward. As follows please.

Step 1
ComboFix

We will begin with ComboFix.exe. Please visit this

webpage for download links, and instructions for running the tool:

* Double click on combofix.exe & follow the prompts.
* When finished, it will produce a logfile located at C:\ComboFix.txt.
* Post the contents of that log in your next reply with a new DDS log.

Combofix.txt

ComboFix 11-06-11.01 - Jarrad Owenby 06/12/2011  17:11:49.1.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3034.2486 [GMT -4:00]

Running from: c:\documents and settings\Jarrad Owenby\Desktop\HIJACK\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\goos.exe

c:\documents and settings\Jarrad Owenby\WINDOWS

C:\Install.exe

c:\windows\system32\spool\prtprocs\w32x86\dleedrpp.dll

.

.

(((((((((((((((((((((((((   Files Created from 2011-05-12 to 2011-06-12  )))))))))))))))))))))))))))))))

.

.

2011-06-10 17:24 . 2011-06-10 17:24 -------- d-----w- c:\program files\Common Files\Java

2011-06-10 16:54 . 2011-06-10 16:54 -------- d-----w- c:\program files\Common Files\Adobe

2011-06-10 16:13 . 2011-06-10 16:13 -------- d-----w- c:\documents and settings\Jarrad Owenby\Application Data\Malwarebytes

2011-06-10 16:13 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-10 16:13 . 2011-06-10 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-10 16:13 . 2011-06-10 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-10 16:13 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-10 13:09 . 2011-06-10 13:09 -------- d-----w- c:\documents and settings\Jarrad Owenby\Local Settings\Application Data\PCHealth

2011-06-10 11:26 . 2011-06-10 11:26 -------- d-----w- c:\documents and settings\Jarrad Owenby\Application Data\vmntemplate

2011-06-10 10:49 . 2011-06-10 10:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-06-10 10:49 . 2011-06-10 10:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\vmntemplate

2011-06-10 10:48 . 2011-06-10 10:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar

2011-06-10 03:32 . 2011-06-10 03:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-06-10 02:35 . 2011-06-10 02:35 -------- d-----w- c:\documents and settings\Jarrad Owenby\Application Data\SUPERAntiSpyware.com

2011-06-10 02:35 . 2011-06-10 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-06-10 02:35 . 2011-06-10 02:35 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-10 00:57 . 2011-06-10 00:57 388096 ----a-r- c:\documents and settings\Jarrad Owenby\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-10 00:57 . 2011-06-10 00:57 -------- d-----w- c:\program files\Trend Micro

2011-06-09 17:39 . 2011-06-10 10:39 -------- d-----w- c:\documents and settings\Jarrad Owenby\Application Data\Registry Booster

2011-06-09 17:39 . 2011-06-09 17:39 -------- d-----w- c:\program files\Uniblue

2011-05-15 11:24 . 2011-05-15 11:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-04 08:52 . 2010-04-19 17:31 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 06:25 . 2010-04-19 17:31 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-03-25 15:06 . 2009-04-11 16:32 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-06-09 23:30 . 2011-03-24 01:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-08 200704]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-08 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-08 178712]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Jarrad Owenby^Start Menu^Programs^Startup^avcheck.exe]

path=c:\documents and settings\Jarrad Owenby\Start Menu\Programs\Startup\avcheck.exe

backup=c:\windows\pss\avcheck.exeStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSPort]

2009-06-05 17:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"sprtsvc_DellSupportCenter"=3 (0x3)

"SeaPort"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"Bonjour Service"=3 (0x3)

"Apple Mobile Device"=3 (0x3)

"Fax"=3 (0x3)

"ERSvc"=2 (0x2)

"mnmsrvc"=3 (0x3)

"SQLWriter"=2 (0x2)

"SQLBrowser"=2 (0x2)

"SentinelProtectionServer"=2 (0x2)

"SentinelKeysServer"=2 (0x2)

"MSSQL$SQLEXPRESS"=2 (0x2)

"gupdate"=2 (0x2)

"idsvc"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"dlee_device"=2 (0x2)

"CiSvc"=3 (0x3)

"AcrSch2Svc"=2 (0x2)

"UPS"=3 (0x3)

"stllssvr"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\SMS\\Config.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Link\\link.exe"=

"c:\\SMS\\LiveViewer.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\SMS\\SearchViewer.exe"=

"c:\\SMS\\SMS.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\RPS\\RAMV\\Bin\\ViperLegacy.exe"=

"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=

"c:\\Program Files\\Verint Video Solutions\\Vid-Center\\Vid-Center.exe"=

"c:\\RPS\\RAMV\\Bin\\RAMVMain.exe"=

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/11/2009 12:44 PM 64288]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/11/2009 12:32 PM 136360]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/10/2011 12:13 PM 366640]

R2 ProxyManager;RPSProxy;c:\rps\Lib\RPSProxy.exe [5/29/2008 4:16 AM 118784]

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/6/2009 10:41 AM 108160]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/10/2011 12:13 PM 22712]

R3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [4/6/2009 10:41 AM 148056]

R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [4/6/2009 10:41 AM 133632]

R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [4/6/2009 10:41 AM 271552]

R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [4/12/2009 3:33 PM 31616]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [4/6/2009 10:41 AM 157696]

S1 FPUSB;SecuGen USB FRD Service;c:\windows\system32\drivers\VenusDrv.sys [4/14/2009 7:32 PM 21808]

S3 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 12:47 PM 202048]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [3/16/2011 8:20 PM 9472]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 15:24]

.

2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 15:24]

.

2011-05-27 c:\windows\Tasks\MotoHelper MUM.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]

.

2011-06-09 c:\windows\Tasks\MotoHelper Routing.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]

.

2011-03-17 c:\windows\Tasks\MotoHelper Update.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]

.

2011-06-09 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/

TCP: DhcpNameServer = 166.102.165.11 207.91.5.20 166.102.165.13

FF - ProfilePath - c:\documents and settings\Jarrad Owenby\Application Data\Mozilla\Firefox\Profiles\bftsqx14.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60

AddRemove-whitesmoketoolbar - c:\program files\whitesmoketoolbar\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-12 17:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ...

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,e0,21,fb,12,29,20,4e,88,02,99,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,e0,21,fb,12,29,20,4e,88,02,99,\

.

[HKEY_USERS\S-1-5-21-448687906-193130346-2187942468-1005\Software\Microsoft\Windows\CurrentVersion\Run]

@Denied: (Full) (Administrators)

@SACL=

"SUPERAntiSpyware"="c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

"{9779AA61-0DB9-4268-53D0-A51A8184E127}"="\"c:\\Documents and Settings\\Jarrad Owenby\\Application Data\\Vaco\\usnyf.exe\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(804)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\System32\BCMLogon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

.

- - - - - - - > 'explorer.exe'(3064)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\drivers\audio\r203425\STacSV.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\DellTPad\Apntex.exe

.

**************************************************************************

.

Completion time: 2011-06-12  17:21:44 - machine was rebooted

ComboFix-quarantined-files.txt  2011-06-12 21:21

.

Pre-Run: 204,174,622,720 bytes free

Post-Run: 204,226,064,384 bytes free

.

- - End Of File - - 69B3D07B9460A310BBF79C0D0CD80683

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_26

Run by Jarrad Owenby at 17:23:50 on 2011-06-12

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3034.2494 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\audio\r203425\STacSV.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\RUNDLL32.EXE

C:\RPS\Lib\RPSProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\magnify.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - No File

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 166.102.165.11 207.91.5.20 166.102.165.13

TCP: Interfaces\{2BAF89A4-EB21-4308-9117-44943AA57158} : DhcpNameServer = 166.102.165.11 207.91.5.20 166.102.165.13

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jarrad owenby\application data\mozilla\firefox\profiles\bftsqx14.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-11 64288]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-11 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-11 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-11 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-11 61960]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-10 366640]

R2 ProxyManager;RPSProxy;c:\rps\lib\RPSProxy.exe [2008-5-29 118784]

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-4-6 108160]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-10 22712]

R3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [2009-4-6 148056]

R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-4-6 133632]

R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-4-6 271552]

R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-4-12 31616]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-4-6 157696]

S1 FPUSB;SecuGen USB FRD Service;c:\windows\system32\drivers\VenusDrv.sys [2009-4-14 21808]

S3 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-3-16 9472]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2011-06-12 21:08:37 98816 ----a-w- c:\windows\sed.exe

2011-06-12 21:08:37 518144 ----a-w- c:\windows\SWREG.exe

2011-06-12 21:08:37 256512 ----a-w- c:\windows\PEV.exe

2011-06-12 21:08:37 208896 ----a-w- c:\windows\MBR.exe

2011-06-10 16:13:48 -------- d-----w- c:\documents and settings\jarrad owenby\application data\Malwarebytes

2011-06-10 16:13:43 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-10 16:13:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-10 16:13:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-10 16:13:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-10 13:09:01 -------- d-----w- c:\documents and settings\jarrad owenby\local settings\application data\PCHealth

2011-06-10 11:26:27 -------- d-----w- c:\documents and settings\jarrad owenby\application data\vmntemplate

2011-06-10 02:35:15 -------- d-----w- c:\documents and settings\jarrad owenby\application data\SUPERAntiSpyware.com

2011-06-10 02:35:15 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-06-10 02:35:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-10 00:57:24 388096 ----a-r- c:\documents and settings\jarrad owenby\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-06-10 00:57:24 -------- d-----w- c:\program files\Trend Micro

2011-06-09 17:39:22 -------- d-----w- c:\documents and settings\jarrad owenby\application data\Registry Booster

2011-06-09 17:39:12 -------- d-----w- c:\program files\Uniblue

2011-05-15 11:24:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M  ====================

.

2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-04-25 13:04:00 112 ----a-w- c:\windows\rps.sys

.

============= FINISH: 17:24:09.17 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-03.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 4/11/2009 11:52:08 AM

System Uptime: 6/12/2011 5:17:17 PM (0 hours ago)

.

Motherboard: Dell Inc. |  | 0G848F

Processor: Genuine Intel(R) CPU             585  @ 2.16GHz | Microprocessor | 2161/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 190.231 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller

Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2

Manufacturer: Marvell

Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller

PNP Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2

Service: yukonwxp

.

==== System Restore Points ===================

.

RP1: 6/12/2011 5:08:44 PM - System Checkpoint

.

==== Installed Programs ======================

.

3VR Client Applications

ABBYY FineReader 6.0 Sprint

Acrobat.com

Acronis True Image Home

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

Advanced Audio FX Engine

Advanced Video FX Engine

Apple Mobile Device Support

Apple Software Update

ATM Diagnostic Status Code Translator 3.0

Avira AntiVir Personal - Free Antivirus

Bonjour

Brother HL-2070N

CCleaner

Compatibility Pack for the 2007 Office system

ContentManager

Dell DataSafe Online

Dell Support Center (Support Software)

Dell System Restore

Dell Touchpad

Dell Webcam Central

Dell Wireless WLAN Card Utility

Documentation & Support Launcher

DVR Control Panel 8.1.1

Games, Music, & Photos Launcher

Google Update Helper

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954434)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB958347)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB971276-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Integrated Webcam Driver (1.02.01.0320)  

Intel(R) Graphics Media Accelerator Driver

Intel(R) Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel(R) Architecture

Intel® Matrix Storage Manager

Internet Service Offers Launcher

iTunes

iTunes Agent 1.3.4

Java Auto Updater

Java(TM) 6 Update 26

Junk Mail filter update

LegalSounds Music Downloader 1.8

Malwarebytes' Anti-Malware version 1.51.0.1200

Mandarin Palace Casino

March Networks Administrator Console

March Networks Installer Console

March Networks Live Monitoring Console

Marvell Miniport Driver

Micrografx Windows Draw 6 LE

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Management Studio Express

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Windows Script Host

Microsoft Works

MotoHelper 2.0.24 Driver 4.7.1

MotoHelper MergeModules

Motorola Mobile Drivers Installation 4.7.1

Mozilla Firefox 4.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

OGA Notifier 2.0.0048.0

PowerDVD

QuickSet

QuickTime

Remote Link

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

RPS

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

SMS_3.38.11

Sony Picture Utility

Sony USB Driver

Spelling Dictionaries Support For Adobe Reader 9

SUPERAntiSpyware

Uniblue Registry Booster

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB898461)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Vid-Center 5.1.1 (Build 23411)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell(TM) 1.0

Windows PowerShell(TM) 1.0 MUI pack

Windows Presentation Foundation

WinImage

XML Paper Specification Shared Components Pack 1.0

XPS Essentials Pack

XPS Essentials Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

6/9/2011 8:29:47 PM, error: Service Control Manager [7031]  - The Lavasoft Ad-Aware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

6/9/2011 7:19:26 AM, error: Service Control Manager [7024]  - The SQL Server Active Directory Helper service terminated with service-specific error 3221225572 (0xC0000064).

6/9/2011 7:19:26 AM, error: Service Control Manager [7001]  - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:  The system cannot find the file specified.

6/9/2011 7:19:26 AM, error: Service Control Manager [7000]  - The Microsoft TV/Video Connection service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

6/9/2011 7:19:26 AM, error: Service Control Manager [7000]  - The MBAMProtector service failed to start due to the following error:  The system cannot find the file specified.

6/9/2011 7:19:26 AM, error: Service Control Manager [7000]  - The Bluetooth PAN Network Adapter service failed to start due to the following error:  The system cannot find the file specified.

6/9/2011 7:19:26 AM, error: Service Control Manager [7000]  - The Bluetooth Device (Personal Area Network) service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

6/9/2011 11:14:56 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD APPDRV avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip

6/9/2011 10:08:43 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

6/8/2011 7:56:51 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/8/2011 7:53:40 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

6/8/2011 7:37:04 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  APPDRV avgio avipbb Fips intelppm ssmdrv

6/8/2011 4:01:47 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD APPDRV avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

6/8/2011 4:01:47 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.

6/8/2011 4:01:47 PM, error: Service Control Manager [7001]  - The RPSProxy service depends on the Computer Browser service which failed to start because of the following error:  The dependency service or group failed to start.

6/8/2011 4:01:47 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.

6/8/2011 4:01:47 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

6/8/2011 4:01:47 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.

6/8/2011 4:01:47 PM, error: Service Control Manager [7001]  - The ATM ARP Client Protocol service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

6/8/2011 4:01:28 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

6/8/2011 3:31:24 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

6/8/2011 2:09:45 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/8/2011 11:02:55 PM, error: Service Control Manager [7034]  - The Marvell Yukon Service service terminated unexpectedly.  It has done this 1 time(s).

6/12/2011 9:42:52 AM, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.

6/12/2011 9:40:44 AM, error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

6/12/2011 5:11:42 PM, error: Service Control Manager [7034]  - The Dell Wireless WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).

.

==== End Of File ===========================

Hi Skuby,

From that log there are a few things that need dealing with.

I also notice that you are using Uniblue software, specifically registry booster. The windows registry is an integral part of the Windows operating system. The registry is crucial to the operation of your computer. Software that claims to "optimize" or "boost" the registry are useless at best and dangerous at worst. One thing the windows operating system can do very efficiently is manage it's own registry. I would advise against using this type of software on your system now and refrain from using it in the future. It could turn your computer into an expensive paperweight.

Step 1
Uninstall via Add/Remove Programs

I'd like you to uninstall a few programs via Add/Remove Programs. To do this please go to Start, Control Panel, Add/Remove Programs and remove any entries relating to

Uniblue software
Whitesmoke Toobar

Do you know anything about a software named "vaco". If not please continue with the next step

Step 2
Uploading a file to VT

Please submit a sample of this file:
c:\Documents and Settings\Jarrad Owenby\Application Data\Vaco\usnyf.exe

to Virus Total –
http://www.virustotal.com/

At the top of the page you will see:
Select file>Browse>Send
Just follow the prompts.
The submission will then be tested against many different AV vendors’ scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

When you get the report, please post back the exact results.

Step 3
CFScript

Please open Notepad and copy/paste this code into the notepad: Quote:

KillAll::

 

File::
C:\DOCUME~1\JARRAD~1\LOCALS~1\Temp\mbr.sys

Folder::
c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar
c:\documents and settings\Jarrad Owenby\Application Data\Registry Booster
c:\program files\Uniblue

 

Save this as CFScript.txt and change the 'Save as type' to 'All Files' and place it on your desktop. Make sure your AV is disabled while we do this.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

In your next reply

Answer to my questions
Virus Total report
Combofix.txt

I uninstalled Uniblue, but I cannot locate the Vaco file in said location or the whitesmoke in add/remove. Doing a search for said files(with hidden files and folders option enabled) produce no resullts. Should I continue with the txt file procedure.

Thanks,

Skuby

Hi Skuby,

In that case please use this edited script.

Step 1
CFScript

Please open Notepad and copy/paste this code into the notepad:

Save this as

CFScript.txt and change the 'Save as type' to 'All Files' and place it on your desktop. Make sure your AV is disabled while we do this.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

Combofix.txt