BleepingComputer.com: infected with Google redirect / TDSS e!rootkit

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

infected with Google redirect / TDSS e!rootkit

#1 User is offline   Bitten 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 10
  • Joined: 04-July 11

Posted 05 July 2011 - 09:55 AM

Greetings,

I have an XP system that redirects browser URLs. McAfee finds TDSS e!rootkit but cannot successfully remove it. Malwarebytes finds nothing. DDS runs for about 3 minutes then hangs the machine. I've attached the GMER log. In case it's helpful, I've pasted the OTL log below and attached Extras.txt.

Thanks for your help!


OTL logfile created on: 7/3/2011 10:30:01 AM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\shera\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 270.18 Mb Available Physical Memory | 26.63% Memory free
2.07 Gb Paging File | 1.36 Gb Available in Paging File | 65.91% Paging File free
Paging file location(s): C:\pagefile.sys 1200 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.24 Gb Total Space | 7.12 Gb Free Space | 21.42% Space Free | Partition Type: NTFS

Computer Name: EARWIG | User Name: shera | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\shera\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Applications\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe (McAfee, Inc.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
PRC - C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
PRC - C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\Applications\National Instruments\NI-DAQ\HWConfig\nidevldstat.exe (National Instruments Corporation)
PRC - C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation)
PRC - C:\Applications\bmem\bmem.exe (Brennan Underwood)
PRC - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe ()
PRC - C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\WINDOWS\system32\niSvcLoc.exe (National Instruments)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\shera\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PsaSrv) -- File not found
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (QCONSVC) -- C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.)
SRV - (SymWSC) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (nipxirmu) -- C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation)
SRV - (nidevldu) -- C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation)
SRV - (IBM Rapid Restore Ultra Service) -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe ()
SRV - (NILM License manager) -- C:\Applications\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
SRV - (niSvcLoc) -- C:\WINDOWS\System32\niSvcLoc.exe (National Instruments)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Windows ® 2000 DDK provider)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (ibmfilter) -- C:\WINDOWS\system32\drivers\ibmfilter.sys (IBM)
DRV - (QCNDISIF) -- C:\WINDOWS\system32\drivers\qcndisif.sys (IBM Corporation.)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS ()
DRV - (TPPWR) -- C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (nissrk) -- C:\WINDOWS\system32\drivers\nissrk.dll (National Instruments Corporation)
DRV - (niwfrk) -- C:\WINDOWS\system32\drivers\niwfrk.dll (National Instruments Corporation)
DRV - (niesrk) -- C:\WINDOWS\system32\drivers\niesrk.dll (National Instruments Corporation)
DRV - (nixsrk) -- C:\WINDOWS\system32\drivers\nixsrk.dll (National Instruments Corporation)
DRV - (nidmmk) -- C:\WINDOWS\system32\drivers\nidmmk.dll (National Instruments Corporation)
DRV - (Nidaq32k) -- C:\WINDOWS\System32\drivers\nidaq32k.sys (National Instruments Corporation)
DRV - (nistck) -- C:\WINDOWS\system32\drivers\niSTCk.dll (National Instruments Corporation)
DRV - (nimdsk) -- C:\WINDOWS\system32\drivers\nimdsk.dll (National Instruments Corporation)
DRV - (nibffrk) -- C:\WINDOWS\system32\drivers\nibffrk.dll (National Instruments Corporation)
DRV - (niarbk) -- C:\WINDOWS\system32\drivers\niarbk.dll (National Instruments Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (NiViPxiK) -- C:\WINDOWS\System32\drivers\NiViPxiK.sys (National Instruments)
DRV - (niswdk) -- C:\WINDOWS\system32\drivers\niswdk.dll (National Instruments Corporation)
DRV - (nisdigk) -- C:\WINDOWS\system32\drivers\nisdigk.dll (National Instruments Corporation)
DRV - (nilvaik) -- C:\WINDOWS\system32\drivers\nilvaik.dll (National Instruments Corporation)
DRV - (nidsark) -- C:\WINDOWS\system32\drivers\nidsark.dll (National Instruments Corporation)
DRV - (nispdk) -- C:\WINDOWS\system32\drivers\nispdk.dll ()
DRV - (niscdk) -- C:\WINDOWS\system32\drivers\niscdk.dll (National Instruments Corporation)
DRV - (nistcrk) -- C:\WINDOWS\system32\drivers\nistcrk.dll (National Instruments Corporation)
DRV - (nitiork) -- C:\WINDOWS\system32\drivers\nitiork.dll (National Instruments Corporation)
DRV - (nimsdrk) -- C:\WINDOWS\system32\drivers\nimsdrk.dll (National Instruments Corporation)
DRV - (nicdrk) -- C:\WINDOWS\system32\drivers\nicdrk.dll (National Instruments Corporation)
DRV - (nidmxfk) -- C:\WINDOWS\system32\drivers\nidmxfk.dll (National Instruments Corporation)
DRV - (nimstsk) -- C:\WINDOWS\system32\drivers\nimstsk.dll (National Instruments Corporation)
DRV - (nimru2k) -- C:\WINDOWS\system32\drivers\nimru2k.dll (National Instruments Corporation)
DRV - (nipxirmk) -- C:\WINDOWS\system32\drivers\nipxirmk.dll (National Instruments Corporation)
DRV - (NIPALK) -- C:\WINDOWS\System32\drivers\nipalk.sys (National Instruments Corporation)
DRV - (gpib420) -- C:\WINDOWS\system32\drivers\gpib420.sys (National Instruments Corporation)
DRV - (GpibPrtK) -- C:\WINDOWS\system32\drivers\GpibPrtK.sys (National Instruments Corporation)
DRV - (lvalarmk) -- C:\WINDOWS\system32\drivers\lvalarmk.dll (National Instruments)
DRV - (niorbk) -- C:\WINDOWS\system32\drivers\niorbk.dll (National Instruments Corporation)
DRV - (nimsrlk) -- C:\WINDOWS\system32\drivers\nimsrlk.dll (National Instruments Corporation)
DRV - (nimslk) -- C:\WINDOWS\system32\drivers\nimslk.dll (National Instruments Corporation)
DRV - (nistc2k) -- C:\WINDOWS\system32\drivers\nistc2k.dll (National Instruments Corporation)
DRV - (nimxpk) -- C:\WINDOWS\system32\drivers\nimxpk.dll (National Instruments Corporation)
DRV - (nidimk) -- C:\WINDOWS\system32\drivers\nidimk.dll (National Instruments Corporation)
DRV - (nimxdfk) -- C:\WINDOWS\system32\drivers\nimxdfk.dll (National Instruments Corporation)
DRV - (nimdbgk) -- C:\WINDOWS\system32\drivers\nimdbgk.dll (National Instruments Corporation)
DRV - (cvintdrv) -- C:\WINDOWS\System32\drivers\cvintdrv.sys ()
DRV - (WINIO) -- C:\WINDOWS\system32\winio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0506C90D-8D85-4E30-9F54-801E15B05A57}:1.9.1

FF - HKLM\software\mozilla\Firefox\extensions\\{2E68C12D-D3A2-41D1-AC22-8DFF85C16349}: C:\Documents and Settings\shera\Local Settings\Application Data\{2E68C12D-D3A2-41D1-AC22-8DFF85C16349}
FF - HKLM\software\mozilla\Firefox\extensions\\{0506C90D-8D85-4E30-9F54-801E15B05A57}: C:\Documents and Settings\pooper\Local Settings\Application Data\{0506C90D-8D85-4E30-9F54-801E15B05A57}\ [2011/06/26 20:23:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Applications\Mozilla Firefox\components [2011/06/28 23:14:50 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Applications\Mozilla Firefox\plugins [2011/06/28 23:14:29 | 000,000,000 | -H-D | M]

[2011/06/26 22:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\shera\Application Data\Mozilla\Extensions
[2011/06/28 23:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\shera\Application Data\Mozilla\Firefox\Profiles\lv4ekymk.default\extensions
File not found (No name found) --
[2007/10/29 22:29:44 | 000,000,000 | -H-D | M] (Java Console) -- C:\APPLICATIONS\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/11/16 11:19:36 | 000,000,000 | -H-D | M] (Java Console) -- C:\APPLICATIONS\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2011/06/26 20:23:35 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\POOPER\LOCAL SETTINGS\APPLICATION DATA\{0506C90D-8D85-4E30-9F54-801E15B05A57}
[2010/12/13 21:23:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2004/08/04 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Applications\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NIDAQmxDriverStatus] C:\Applications\National Instruments\NI-DAQ\HWConfig\nidevldstat.exe (National Instruments Corporation)
O4 - HKLM..\Run: [QCTray] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [UC_SMB] File not found
O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - Startup: C:\Documents and Settings\shera\Start Menu\Programs\Startup\bmem.lnk = C:\Applications\bmem\bmem.exe (Brennan Underwood)
O4 - Startup: C:\Documents and Settings\shera\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\shera\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1291466364281 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O24 - Desktop WallPaper: C:\Documents and Settings\shera\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\shera\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/15 09:16:49 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/07/03 10:28:02 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\shera\Desktop\OTL.exe
[2011/07/01 18:48:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/07/01 18:45:13 | 000,000,000 | ---D | C] -- C:\1ff265ccf20027fc46f76727ad08f951
[2011/06/30 23:29:23 | 000,000,000 | ---D | C] -- C:\28ca9de61a140a4e92
[2011/06/30 23:20:01 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/30 23:14:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/06/30 23:13:19 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/06/28 23:45:11 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2011/06/28 23:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Local Settings\Application Data\Adobe
[2011/06/28 23:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\My Documents\Downloads
[2011/06/28 22:32:34 | 001,495,552 | ---- | C] (PGP Corporation) -- C:\WINDOWS\System32\epoPGPsdk.dll
[2011/06/28 22:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/06/28 22:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2011/06/28 22:32:04 | 000,034,152 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011/06/28 22:32:03 | 000,072,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011/06/28 22:32:03 | 000,064,360 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2011/06/28 22:32:02 | 000,052,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2011/06/28 22:32:01 | 000,170,408 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2011/06/28 22:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/28 22:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/06/28 22:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/06/28 22:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\KeePass
[2011/06/28 22:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\Dropbox
[2011/06/28 22:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\ACD Systems
[2011/06/28 22:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\PCTeX
[2011/06/28 22:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\MathWorks
[2011/06/28 22:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\Mathematica
[2011/06/28 22:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Desktop\wlf
[2011/06/28 22:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Desktop\pdfs-etc
[2011/06/28 06:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\Malwarebytes
[2011/06/28 06:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\Adobe
[2011/06/27 05:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\Macromedia
[2011/06/27 05:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\Sun
[2011/06/26 22:29:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\shera\PrivacIE
[2011/06/26 22:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Local Settings\Application Data\Mozilla
[2011/06/26 22:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\Mozilla
[2011/06/26 22:27:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\shera\IETldCache
[2011/06/26 22:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\Identities
[2011/06/26 22:26:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\shera\Application Data\Microsoft
[2011/06/26 22:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\Sonic
[2011/06/26 22:26:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\shera\SendTo
[2011/06/26 22:26:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\shera\Recent
[2011/06/26 22:26:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\shera\Application Data
[2011/06/26 22:26:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\shera\Start Menu\Programs\Startup
[2011/06/26 22:26:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\shera\Start Menu
[2011/06/26 22:26:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\shera\My Documents\My Pictures
[2011/06/26 22:26:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\shera\My Documents\My Music
[2011/06/26 22:26:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\shera\My Documents
[2011/06/26 22:26:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\shera\Favorites
[2011/06/26 22:26:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\shera\Start Menu\Programs\Accessories
[2011/06/26 22:26:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\shera\Cookies
[2011/06/26 22:26:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\shera\PrintHood
[2011/06/26 22:26:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\shera\NetHood
[2011/06/26 22:26:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\shera\Local Settings
[2011/06/26 22:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Application Data\Symantec
[2011/06/26 22:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Local Settings\Application Data\Microsoft
[2011/06/26 22:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Desktop
[2011/06/26 22:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shera\Local Settings\Application Data\BVRP Software
[2011/06/26 22:26:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\shera\Templates
[2011/06/26 17:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bA00000FnCkF00000
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/03 10:28:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shera\Desktop\OTL.exe
[2011/07/02 21:07:27 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/07/02 21:06:15 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/02 21:03:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/02 21:03:18 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/02 10:58:53 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\shera\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 10:53:15 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\shera\Desktop\Shortcut to ACDSee5.exe.lnk
[2011/07/01 18:44:56 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/01 07:04:58 | 000,451,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/01 07:04:57 | 000,073,684 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/01 00:02:15 | 000,247,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/30 05:29:38 | 000,001,002 | ---- | M] () -- C:\Documents and Settings\shera\Start Menu\Programs\Startup\Dropbox.lnk
[2011/06/28 23:37:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\shera\Desktop\Shortcut to mbam.exe.lnk
[2011/06/28 23:15:12 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/26 22:28:22 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\shera\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/26 17:50:57 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jxabologoce.dat
[2011/06/26 17:50:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Khewidimeqagu.bin
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/02 10:58:52 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\shera\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 10:53:12 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\Shortcut to ACDSee5.exe.lnk
[2011/06/30 05:29:34 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\shera\Start Menu\Programs\Startup\Dropbox.lnk
[2011/06/28 23:37:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\Shortcut to mbam.exe.lnk
[2011/06/28 23:15:12 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/28 23:15:12 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/28 22:39:27 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\shera\Start Menu\Programs\Startup\bmem.lnk
[2011/06/28 22:32:34 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2011/06/28 22:11:46 | 000,036,099 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\SFValeRight.fig
[2011/06/28 22:11:46 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\World Wind 1.3.lnk
[2011/06/28 22:11:46 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\Windows Media Player.lnk
[2011/06/28 22:11:46 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\Triplist.sxc.lnk
[2011/06/28 22:11:31 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\rock-talk.lnk
[2011/06/28 22:11:30 | 000,153,568 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\Polley_CV_HMSformat.pdf
[2011/06/28 22:11:30 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\PCTeXv6.lnk
[2011/06/28 22:11:30 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\PowerPoint.lnk
[2011/06/28 22:11:30 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\Photoshop.lnk
[2011/06/28 22:11:22 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\Mathematica.lnk
[2011/06/28 22:11:22 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\LabVIEW.lnk
[2011/06/28 22:11:22 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\KeePass Password Safe.lnk
[2011/06/28 22:11:22 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\JMP7.lnk
[2011/06/28 22:11:21 | 000,001,531 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\FreeMind.lnk
[2011/06/28 22:11:21 | 000,001,016 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\Dropbox.lnk
[2011/06/28 22:11:21 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\Illustrator.lnk
[2011/06/28 22:11:21 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\emacs.lnk
[2011/06/28 22:11:21 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\Gorilla.lnk
[2011/06/28 22:11:16 | 007,312,596 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\digit-exe-windows-4_1.zip
[2011/06/28 22:11:16 | 000,000,561 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\CDex.lnk
[2011/06/28 22:10:47 | 039,955,064 | ---- | C] () -- C:\Documents and Settings\shera\Desktop\Breval sonata.aif
[2011/06/26 22:28:22 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\shera\Start Menu\Programs\Internet Explorer.lnk
[2011/06/26 22:28:02 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\shera\Start Menu\Programs\Windows Media Player.lnk
[2011/06/26 22:26:52 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\shera\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/26 22:26:52 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\shera\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/26 22:26:49 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\shera\Start Menu\Programs\Remote Assistance.lnk
[2011/06/26 22:26:49 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\shera\Start Menu\Programs\Outlook Express.lnk
[2011/06/26 17:50:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jxabologoce.dat
[2011/06/26 17:50:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Khewidimeqagu.bin
[2009/04/05 14:27:12 | 000,001,363 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/03/13 13:18:00 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/12/15 18:18:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/12/15 18:08:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/15 15:32:25 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/12/15 15:31:18 | 000,007,469 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/12/15 13:18:21 | 000,041,324 | ---- | C] () -- C:\WINDOWS\System32\winio.sys
[2004/12/15 13:18:07 | 000,000,156 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2004/12/15 09:19:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2004/12/07 21:01:52 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/12/07 20:40:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/07 20:39:07 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2004/12/07 20:37:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/12/07 20:37:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/12/07 20:37:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/12/07 20:36:11 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2004/12/07 20:31:18 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2004/12/07 20:23:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/12/07 20:23:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/12/07 20:23:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/12/07 20:23:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/12/07 20:23:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/12/07 20:23:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/12/07 20:22:20 | 000,000,136 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2004/12/07 20:21:51 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/12/07 20:15:13 | 000,110,592 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2004/12/07 20:15:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2004/12/07 20:14:19 | 000,009,341 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2004/12/07 20:13:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2004/12/07 20:13:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/12/07 20:13:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2004/12/07 20:13:33 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/12/07 20:13:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2004/08/09 15:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 15:01:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/09 14:51:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/09 14:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/09 14:45:31 | 000,247,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/07/27 01:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/07/15 20:25:26 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\nipxiini.dll
[2004/07/15 19:54:56 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\niidaqlv.dll
[2004/07/15 18:45:08 | 000,005,081 | ---- | C] () -- C:\WINDOWS\System32\ni7030.dat
[2004/07/15 18:35:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NIAutoConfig.exe
[2004/07/15 18:35:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NIAutoCfgRda.exe
[2004/07/09 13:40:48 | 000,059,497 | ---- | C] () -- C:\WINDOWS\System32\nispdu.dll
[2004/07/08 22:35:32 | 000,010,349 | ---- | C] () -- C:\WINDOWS\System32\niscdrau.dll
[2004/07/08 22:28:00 | 000,068,202 | ---- | C] () -- C:\WINDOWS\System32\drivers\nispdk.dll
[2004/07/07 14:56:20 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll
[2004/05/03 02:13:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gpib-vdd.dll
[2004/05/03 02:09:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RemoveRebootKey.exe
[2004/03/19 16:57:22 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2004/03/19 16:12:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/03/19 16:12:10 | 000,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/02/17 17:52:10 | 000,008,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\nienetpm.sys
[2004/02/17 17:51:44 | 000,006,173 | ---- | C] () -- C:\WINDOWS\System32\gpib.ini
[2004/01/09 10:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/07/29 11:00:00 | 000,007,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2002/12/11 10:57:00 | 000,012,653 | ---- | C] () -- C:\WINDOWS\System32\GPIB.DLL
[2002/03/21 13:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 13:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 13:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 13:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 13:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 13:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 13:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 22:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2002/01/09 22:38:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2001/08/23 11:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 11:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1999/11/15 13:58:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\NIRegApp.exe
[1999/11/04 12:00:38 | 000,001,840 | ---- | C] () -- C:\WINDOWS\System32\niidaqs.dll
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/02 13:02:46 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\Opcenum.exe
[1980/01/01 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 04:00:00 | 000,451,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 04:00:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[1980/01/01 04:00:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[1980/01/01 04:00:00 | 000,073,684 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 04:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[1980/01/01 04:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[1980/01/01 04:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 04:00:00 | 000,005,600 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[1980/01/01 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2004/12/14 18:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/06/26 17:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bA00000FnCkF00000
[2004/12/07 20:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2011/06/28 22:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shera\Application Data\ACD Systems
[2011/07/03 10:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shera\Application Data\Dropbox
[2011/07/01 23:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shera\Application Data\KeePass
[2011/06/28 22:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shera\Application Data\PCTeX
[2005/01/29 16:39:32 | 000,000,554 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/12/15 09:16:49 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2004/12/15 09:15:46 | 000,000,194 | RHS- | M] () -- C:\BOOT.INI
[2004/12/07 20:17:08 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2004/12/07 20:41:40 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2004/08/09 14:35:38 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/12/07 20:38:46 | 000,000,355 | ---- | M] () -- C:\ccrrec.ver
[2004/12/15 09:16:49 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2004/12/07 20:21:38 | 000,000,754 | ---- | M] () -- C:\drivez.log
[2011/07/02 21:03:18 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2004/12/15 09:16:49 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/12/07 20:19:48 | 000,000,164 | ---- | M] () -- C:\LOGFILE.txt
[2004/08/04 09:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/18 12:57:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/02 21:03:15 | 1258,291,200 | -HS- | M] () -- C:\pagefile.sys
[2004/12/07 21:01:52 | 000,001,370 | ---- | M] () -- C:\SYSLEVEL.IBM
[2004/12/07 21:00:20 | 000,000,043 | ---- | M] () -- C:\TCPACHIP.LOG
[2004/12/15 15:00:10 | 000,000,043 | ---- | M] () -- C:\ver.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/09 14:54:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >
[2003/07/15 20:35:04 | 000,002,193 | ---- | M] () -- C:\WINDOWS\system32\TpShPrm.jpg
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\*.jpg >
[2002/10/10 17:07:40 | 000,055,408 | ---- | M] () -- C:\WINDOWS\1024 x 768 IBM Americas Map.jpg
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/09 14:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/09 14:45:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/09 14:45:10 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/26 22:28:18 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\shera\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/09 15:03:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\shera\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/07/03 10:28:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shera\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-01 23:27:18

< End of report >

Attached File(s)

  • Attached File  ark.txt (8.69K)
    Number of downloads: 0
  • Attached File  Extras.Txt (45.5K)
    Number of downloads: 1

#2 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,453
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 09 July 2011 - 11:35 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

    In your next post I need the following

    • .logs from DDS
    • log from RKUnHooker
    • let me know of any problems you may have had


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   Bitten 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 10
  • Joined: 04-July 11

Posted 10 July 2011 - 09:48 AM

Thanks for the help, Gringo. I really appreciate it.

I did as instructed. After defogging, I ran DDS. It chugged along for a couple minutes, printing 50-60 # symbols to the output window. Then the machine hung up and had to be rebooted. I tried a couple times and the behavior was always the same. I then ran RKUnhooker. The output is pasted below.

Thanks again!


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6E01000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF063000 C:\WINDOWS\System32\ialmdd5.DLL 774144 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF70A2000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 724992 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xB9ED7000 C:\WINDOWS\System32\Drivers\Nidaq32k.SYS 696320 bytes (National Instruments Corporation, NI-DAQ Windows NT Kernel Driver)
0xF6D5B000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 679936 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF74C4000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEBBBA000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9CA1000 C:\WINDOWS\system32\drivers\niscdk.dll 421888 bytes (National Instruments Corporation, NI Signal Conditioning Driver Component)
0xF7431000 NIPALK.sys 417792 bytes (National Instruments Corporation, NI-PAL Driver for Windows 2000)
0xF6FD6000 C:\WINDOWS\system32\DRIVERS\ar5211.sys 397312 bytes (Atheros Communications, Inc., Driver for Atheros AR5001 Wireless Network Adapter)
0xF6CA5000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB9C46000 C:\WINDOWS\system32\drivers\niswdk.dll 372736 bytes (National Instruments Corporation, NI Switch Drivers)
0xEBD6E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBA4BB000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF120000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xED660000 C:\WINDOWS\System32\Drivers\bthport.sys 274432 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0xF6F94000 C:\WINDOWS\system32\drivers\smwdm.sys 270336 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xB96B9000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBA53B000 C:\WINDOWS\System32\drivers\gpibprtk.sys 204800 bytes (National Instruments Corporation, NI-488.2 Kernel Mode Driver)
0xF6F00000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 200704 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF6D03000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF763B000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBA07A000 C:\WINDOWS\system32\drivers\nimxdfk.dll 188416 bytes (National Instruments Corporation, NI mx Driver Framework)
0xBA635000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7497000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB928C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEBC52000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9753000 C:\WINDOWS\system32\drivers\mfehidk.sys 163840 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xEBD20000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF75C7000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xEBD48000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xBF03E000 C:\WINDOWS\System32\ialmdev5.DLL 151552 bytes (Intel Corporation, Component GHAL Driver)
0xBA0A8000 C:\WINDOWS\system32\drivers\nimdbgk.dll 151552 bytes (National Instruments Corporation, NI Measurements DeBuG Library)
0xB9D08000 C:\WINDOWS\system32\drivers\nicdrk.dll 147456 bytes (National Instruments Corporation, NI Common Digital Runtime)
0xB9E7A000 C:\WINDOWS\system32\drivers\nidmxfk.dll 147456 bytes (National Instruments Corporation, NI-DAQmx Framework)
0xB9D5D000 C:\WINDOWS\system32\drivers\nimru2k.dll 147456 bytes (National Instruments Corporation, NI Measurement Routing Utilities)
0xF6F70000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF706A000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6F4D000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEBCFE000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF758F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xBA2E3000 C:\WINDOWS\system32\drivers\nistck.dll 131072 bytes (National Instruments Corporation, STC Manager for Windows (Kernel))
0xF7037000 C:\WINDOWS\system32\DRIVERS\e1000325.sys 126976 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xF75ED000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 122880 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xBA0CD000 C:\WINDOWS\system32\drivers\nidimk.dll 122880 bytes (National Instruments Corporation, NI Device Interconnect Manager)
0xF760C000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF6F31000 C:\WINDOWS\system32\drivers\aeaudio.sys 114688 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF7417000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xEBB49000 C:\WINDOWS\system32\DRIVERS\bthpan.sys 102400 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0xBA7A9000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA790000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF75AF000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEB311000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7551000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6D44000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xBA72A000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xBA7EA000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7568000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xB9AA1000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7056000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF708E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEBDC7000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF757D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9E9E000 C:\WINDOWS\system32\drivers\nidmmk.dll 69632 bytes (National Instruments Corporation, NIDMM Kernel Mode Component for WinNT/2k)
0xF762A000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6D33000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEE497000 C:\WINDOWS\system32\drivers\ibmfilter.sys 65536 bytes (IBM, IBM FFE and RRU filter driver)
0xB9823000 C:\WINDOWS\system32\drivers\mfeavfk.sys 65536 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xBA1A3000 C:\WINDOWS\system32\drivers\nimstsk.dll 65536 bytes (National Instruments Corporation, NI Measurements Status Component)
0xF77DA000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB97C3000 C:\WINDOWS\system32\drivers\mfeapfk.sys 61440 bytes (McAfee, Inc., Access Protection Filter Driver)
0xECD9B000 C:\WINDOWS\system32\drivers\nipxirmk.dll 61440 bytes (National Instruments Corporation, NI PXI Resource Manager)
0xECD3B000 C:\WINDOWS\system32\DRIVERS\rfcomm.sys 61440 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0xF76AA000 Shockprf.sys 61440 bytes (IBM Corporation, Shockproof Disk Driver)
0xBA343000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF788A000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xBA453000 C:\WINDOWS\system32\drivers\niorbk.dll 57344 bytes (National Instruments Corporation, NI Object Request Broker)
0xF76DA000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF77CA000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA333000 C:\WINDOWS\system32\drivers\niarbk.dll 53248 bytes (National Instruments Corporation, NI-ARB Kernel Library for Windows)
0xF77EA000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76BA000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF77AA000 C:\WINDOWS\system32\drivers\mfetdik.sys 49152 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xF780A000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xECDBB000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF769A000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA483000 C:\WINDOWS\system32\drivers\nimdsk.dll 45056 bytes (National Instruments Corporation, NI-MDS Kernel Library for Windows)
0xF77FA000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF789A000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xEC20C000 C:\WINDOWS\System32\drivers\gpib420.sys 40960 bytes (National Instruments Corporation, GPIB Analyzer Driver)
0xF768A000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF783A000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB9FDA000 C:\WINDOWS\system32\drivers\nilvaik.dll 40960 bytes (National Instruments Corporation, NI LabVIEW API Implementation)
0xBA463000 C:\WINDOWS\system32\drivers\nimxpk.dll 40960 bytes (National Instruments Corporation, NI Measurements eXtensions for PAL)
0xF782A000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB91EC000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF76CA000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF77BA000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF781A000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEEBB5000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA59D000 C:\WINDOWS\system32\drivers\nibffrk.dll 36864 bytes (National Instruments Corporation, NI Buffer Services Kernel Library for Windows)
0xEBFAA000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xECDAB000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF79F2000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7972000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xED42A000 C:\WINDOWS\System32\drivers\Smapint.sys 32768 bytes (Microsoft Corporation, SMAPI I/O)
0xED43A000 C:\WINDOWS\System32\drivers\Tppwr.sys 32768 bytes (IBM Corp., IBM ThinkPad Power Management Device Driver)
0xF79CA000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7A52000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF79EA000 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 28672 bytes (IBM Corp., IBM ThinkPad Power Management Driver)
0xEC3A6000 C:\WINDOWS\system32\drivers\lvalarmk.dll 28672 bytes (National Instruments, lvalarms)
0xEBBAA000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xED422000 C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys 28672 bytes (McAfee, Inc., VSCore Code Analysis Driver)
0xF79E2000 C:\WINDOWS\system32\DRIVERS\nscirda.sys 28672 bytes (National Semiconductor Corporation, NSC Fast Infrared Driver.)
0xF790A000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xEB3E8000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF79D2000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF79DA000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7952000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xED432000 C:\WINDOWS\System32\drivers\TDSMAPI.SYS 24576 bytes
0xED442000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 24576 bytes
0xF79C2000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7A5A000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xEC43B000 C:\WINDOWS\system32\DRIVERS\BthEnum.sys 20480 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0xF7962000 C:\WINDOWS\System32\Drivers\BTHUSB.sys 20480 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0xF796A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7912000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7A0A000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF791A000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF79FA000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF7A1A000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7A02000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xEBCC6000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7AA2000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF716B000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xED076000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7153000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA788000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF6C71000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7173000 C:\WINDOWS\system32\DRIVERS\tp4track.sys 16384 bytes (IBM Corporation, IBM PS/2 TrackPoint Mouse Filter Driver)
0xF7B7A000 C:\WINDOWS\System32\Drivers\TPHKDRV.SYS 16384 bytes (IBM Corporation, ThinkPad Hotkey Driver)
0xF7AA6000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xED6AF000 C:\WINDOWS\System32\drivers\ANC.SYS 12288 bytes (IBM Corp., IBM Access Connections - ANC)
0xF7A9A000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A9E000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xEBF42000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6CA1000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF716F000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xBA61D000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7163000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7B66000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7C40000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B8E000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7BBC000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7C3E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B8A000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7C42000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xEB32D000 C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xF7C44000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7C4A000 C:\WINDOWS\System32\Drivers\ShockMgr.SYS 8192 bytes (IBM Corporation, ShockMgr Device Driver)
0xF7C3C000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7BC8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7BE2000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7BCC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B8C000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CAD000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7DE0000 C:\WINDOWS\System32\Drivers\cvintdrv.SYS 4096 bytes
0xF7DA1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7D43000 C:\WINDOWS\System32\drivers\IBMBLDID.SYS 4096 bytes
0xF7DCA000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C53000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7C52000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7C93000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7D9C000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
0x86E81A91 Unknown page with executable code, 1391 bytes
0x86E80288 Unknown page with executable code, 3448 bytes
0x86E82191 Unknown page with executable code, 3695 bytes
0xF76BA000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
0x86E84E7A Unknown thread object [ ETHREAD 0x86F30020 ] TID: 136, 600 bytes
0x86E87008 Unknown thread object [ ETHREAD 0x86F303E8 ] TID: 140, 600 bytes
0x86E86CDC Unknown page with executable code, 804 bytes

#4 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,453
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 10 July 2011 - 11:28 AM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   Bitten 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 10
  • Joined: 04-July 11

Posted 10 July 2011 - 11:55 AM

Hi,

Unfortunately, TDSSKiller won't run on my system. I tried renaming it, but still nothing.

Thanks

#6 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,453
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 10 July 2011 - 12:33 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7 User is offline   Bitten 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 10
  • Joined: 04-July 11

Posted 10 July 2011 - 06:31 PM

Hi,

I ran fixTDSS which found the infected driver VolSnap.sys and reported that it was successfully repaired. After rebooting, and before I could run TDSSKiller, McAfee on-access scan detected the trojan VolSnap.sys and reported it cleaned. I then ran successfully ran TDSSKiller, which reported no infections found. The report is pasted below.

Thanks!


2011/07/10 19:05:06.0781 3440 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/10 19:05:06.0890 3440 ================================================================================
2011/07/10 19:05:06.0890 3440 SystemInfo:
2011/07/10 19:05:06.0890 3440
2011/07/10 19:05:06.0890 3440 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/10 19:05:06.0890 3440 Product type: Workstation
2011/07/10 19:05:06.0890 3440 ComputerName: EARWIG
2011/07/10 19:05:06.0890 3440 UserName: shera
2011/07/10 19:05:06.0890 3440 Windows directory: C:\WINDOWS
2011/07/10 19:05:06.0890 3440 System windows directory: C:\WINDOWS
2011/07/10 19:05:06.0890 3440 Processor architecture: Intel x86
2011/07/10 19:05:06.0890 3440 Number of processors: 1
2011/07/10 19:05:06.0890 3440 Page size: 0x1000
2011/07/10 19:05:06.0890 3440 Boot type: Normal boot
2011/07/10 19:05:06.0890 3440 ================================================================================
2011/07/10 19:05:09.0531 3440 Initialize success
2011/07/10 19:05:30.0296 2508 ================================================================================
2011/07/10 19:05:30.0296 2508 Scan started
2011/07/10 19:05:30.0296 2508 Mode: Manual;
2011/07/10 19:05:30.0296 2508 ================================================================================
2011/07/10 19:05:31.0343 2508 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/10 19:05:31.0703 2508 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/07/10 19:05:32.0125 2508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/10 19:05:32.0515 2508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/10 19:05:32.0921 2508 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/10 19:05:33.0328 2508 aeaudio (75bee80a25fc7f690dcd57570dc159c1) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/07/10 19:05:33.0781 2508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/10 19:05:34.0203 2508 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/10 19:05:34.0656 2508 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/10 19:05:35.0062 2508 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/10 19:05:35.0453 2508 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/10 19:05:35.0796 2508 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/10 19:05:36.0140 2508 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/10 19:05:36.0515 2508 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/10 19:05:36.0921 2508 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/10 19:05:37.0328 2508 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/10 19:05:37.0734 2508 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/10 19:05:38.0078 2508 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
2011/07/10 19:05:38.0593 2508 AR5211 (6c17be70ebe711173b0e571c88d7d226) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/07/10 19:05:38.0968 2508 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/10 19:05:39.0343 2508 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/10 19:05:39.0718 2508 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/10 19:05:40.0125 2508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/10 19:05:40.0562 2508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/10 19:05:41.0234 2508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/10 19:05:41.0593 2508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/10 19:05:41.0984 2508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/10 19:05:42.0406 2508 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/07/10 19:05:42.0812 2508 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/07/10 19:05:43.0265 2508 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/07/10 19:05:43.0718 2508 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/07/10 19:05:44.0078 2508 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/10 19:05:44.0406 2508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/10 19:05:44.0812 2508 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/10 19:05:45.0171 2508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/10 19:05:45.0593 2508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/10 19:05:45.0968 2508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/10 19:05:46.0718 2508 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/10 19:05:47.0031 2508 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/10 19:05:47.0421 2508 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/10 19:05:47.0828 2508 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/10 19:05:48.0218 2508 cvintdrv (310c5ec0b4278211089f0a5e915d025f) C:\WINDOWS\system32\drivers\cvintdrv.sys
2011/07/10 19:05:48.0640 2508 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/10 19:05:49.0031 2508 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/10 19:05:49.0453 2508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/10 19:05:50.0140 2508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/10 19:05:50.0968 2508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/10 19:05:51.0359 2508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/10 19:05:51.0781 2508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/10 19:05:52.0156 2508 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/10 19:05:52.0531 2508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/10 19:05:52.0921 2508 drvmcdb (ae4f1425f8da291136c788fb17d34f4d) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/07/10 19:05:53.0296 2508 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/07/10 19:05:53.0671 2508 E1000 (4beb6f44b0dc94af9fb20e97ab7ad47c) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/07/10 19:05:54.0093 2508 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/10 19:05:54.0578 2508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/10 19:05:55.0000 2508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/10 19:05:55.0421 2508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/10 19:05:55.0890 2508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/10 19:05:56.0296 2508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/10 19:05:56.0671 2508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/10 19:05:57.0031 2508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/10 19:05:57.0421 2508 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/07/10 19:05:57.0828 2508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/10 19:05:58.0156 2508 gpib420 (cb5eddc437c7530584d810e78bfc609c) C:\WINDOWS\system32\drivers\gpib420.sys
2011/07/10 19:05:58.0562 2508 GpibPrtK (e655308b435a32a56205c1a136344076) C:\WINDOWS\system32\drivers\gpibprtk.sys
2011/07/10 19:05:58.0921 2508 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/10 19:05:59.0296 2508 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/10 19:05:59.0718 2508 HSFHWICH (62003dbef083dc07e5399f44fb4e22bc) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/07/10 19:06:00.0390 2508 HSF_DP (f41cd40b94d91edf9443a527053ec549) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/10 19:06:00.0843 2508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/10 19:06:01.0296 2508 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/10 19:06:01.0718 2508 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/10 19:06:02.0125 2508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/10 19:06:02.0734 2508 ialm (45a59e73868cc93fd74b5be4d6707762) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/10 19:06:03.0125 2508 ibmfilter (4dc41ab5aa3f96fa7f01587dd9ccf467) C:\WINDOWS\system32\drivers\ibmfilter.sys
2011/07/10 19:06:03.0468 2508 IBMPMDRV (b9ad9ebe354af205277fdbfce5c5daec) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/07/10 19:06:03.0812 2508 IBMTPCHK (df674a176eb71300c4e01720a4cbfc57) C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2011/07/10 19:06:04.0156 2508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/10 19:06:04.0531 2508 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/10 19:06:04.0921 2508 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/10 19:06:05.0281 2508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/10 19:06:05.0671 2508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/10 19:06:06.0031 2508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/10 19:06:06.0468 2508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/10 19:06:06.0890 2508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/10 19:06:07.0281 2508 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/07/10 19:06:07.0671 2508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/10 19:06:08.0234 2508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/10 19:06:08.0625 2508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/10 19:06:09.0000 2508 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/10 19:06:09.0421 2508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/10 19:06:09.0859 2508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/10 19:06:10.0562 2508 lvalarmk (ad1a428085f6499afc085db14e6c2ebc) C:\WINDOWS\system32\drivers\lvalarmk.dll
2011/07/10 19:06:10.0953 2508 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/07/10 19:06:11.0250 2508 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/10 19:06:11.0625 2508 mfeapfk (b5c306c5b5e7417b9d2b410894678069) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/07/10 19:06:12.0000 2508 mfeavfk (87b28198b308af3469d6e0b81d86c1fa) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/07/10 19:06:12.0375 2508 mfebopk (cf37784dd24c83f62626bc0ea3f5e386) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/07/10 19:06:12.0812 2508 mfehidk (241c09c7d8c589ea1d72a36e6578e42c) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/07/10 19:06:13.0015 2508 mferkdk (37b5228bea6b4429ffb90dfa77af4431) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
2011/07/10 19:06:13.0578 2508 mfetdik (19c2d8af421e96d12e4004ca2162dbe9) C:\WINDOWS\system32\drivers\mfetdik.sys
2011/07/10 19:06:13.0968 2508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/10 19:06:14.0359 2508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/10 19:06:14.0765 2508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/10 19:06:15.0078 2508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/10 19:06:15.0453 2508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/10 19:06:15.0812 2508 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/10 19:06:16.0265 2508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/10 19:06:16.0781 2508 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/10 19:06:17.0312 2508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/10 19:06:17.0671 2508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/10 19:06:18.0046 2508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/10 19:06:18.0406 2508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/10 19:06:18.0796 2508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/10 19:06:19.0140 2508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/10 19:06:19.0578 2508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/10 19:06:19.0984 2508 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/10 19:06:20.0328 2508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/10 19:06:20.0718 2508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/10 19:06:21.0156 2508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/10 19:06:21.0546 2508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/10 19:06:21.0984 2508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/10 19:06:22.0437 2508 niarbk (5d249c5365f819f70882570a1746c9d2) C:\WINDOWS\system32\drivers\niarbk.dll
2011/07/10 19:06:22.0765 2508 nibffrk (ec11f3561e9ef42b515839c5feed393b) C:\WINDOWS\system32\drivers\nibffrk.dll
2011/07/10 19:06:23.0203 2508 nicdrk (7ea67285c4178828c4f80a7973dc3d55) C:\WINDOWS\system32\drivers\nicdrk.dll
2011/07/10 19:06:23.0796 2508 Nidaq32k (af1fcd6f959dc90f97748d9511f5b210) C:\WINDOWS\system32\drivers\Nidaq32k.sys
2011/07/10 19:06:24.0187 2508 nidimk (6a16aa46384a997bfc64d33debfffcaa) C:\WINDOWS\system32\drivers\nidimk.dll
2011/07/10 19:06:24.0578 2508 nidmmk (24213d803b35b6288b4528da22bad8fb) C:\WINDOWS\system32\drivers\nidmmk.dll
2011/07/10 19:06:24.0953 2508 nidmxfk (f86c48507379fb926a9a24cdbf96f6b7) C:\WINDOWS\system32\drivers\nidmxfk.dll
2011/07/10 19:06:25.0906 2508 nidsark (6449f76faaa81a197f72633bd1fc4cfc) C:\WINDOWS\system32\drivers\nidsark.dll
2011/07/10 19:06:26.0406 2508 niesrk (832f6e4120f835f8e9bee76ca373e7bf) C:\WINDOWS\system32\drivers\niesrk.dll
2011/07/10 19:06:26.0781 2508 nilvaik (24dd59d29a409741592ea8ad65d8a486) C:\WINDOWS\system32\drivers\nilvaik.dll
2011/07/10 19:06:27.0203 2508 nimdbgk (de01624b5c3a6f371862714873dec707) C:\WINDOWS\system32\drivers\nimdbgk.dll
2011/07/10 19:06:27.0578 2508 nimdsk (dd4b89019ab1eca5c04757e2f7d8a9e4) C:\WINDOWS\system32\drivers\nimdsk.dll
2011/07/10 19:06:28.0031 2508 nimru2k (08d22108915451cf9aa34731569fb21f) C:\WINDOWS\system32\drivers\nimru2k.dll
2011/07/10 19:06:28.0421 2508 nimsdrk (f4777aacbbf4e4caf64a5448114702fd) C:\WINDOWS\system32\drivers\nimsdrk.dll
2011/07/10 19:06:28.0812 2508 nimslk (99521722c0858ab23e06855e1069c725) C:\WINDOWS\system32\drivers\nimslk.dll
2011/07/10 19:06:29.0265 2508 nimsrlk (acfd05455df010e85e0c8a56e9c255c3) C:\WINDOWS\system32\drivers\nimsrlk.dll
2011/07/10 19:06:29.0687 2508 nimstsk (e08f7f22391f493cb915adc3175400d1) C:\WINDOWS\system32\drivers\nimstsk.dll
2011/07/10 19:06:30.0093 2508 nimxdfk (eea165ae9939cbf87c3b6ef983b1c766) C:\WINDOWS\system32\drivers\nimxdfk.dll
2011/07/10 19:06:30.0484 2508 nimxpk (479c85daa4c75128616983ee1959a971) C:\WINDOWS\system32\drivers\nimxpk.dll
2011/07/10 19:06:30.0859 2508 niorbk (7029e3a3ccbb6a544be08a1190ae9e1c) C:\WINDOWS\system32\drivers\niorbk.dll
2011/07/10 19:06:31.0375 2508 NIPALK (1cae513d267aa03864022d496263943b) C:\WINDOWS\system32\drivers\NIPALK.sys
2011/07/10 19:06:31.0750 2508 nipxirmk (881fc83fef296d788a15d607a056d6b9) C:\WINDOWS\system32\drivers\nipxirmk.dll
2011/07/10 19:06:32.0281 2508 niscdk (0c218da6eb0c2f86aa4216ed6c6d8624) C:\WINDOWS\system32\drivers\niscdk.dll
2011/07/10 19:06:32.0750 2508 nisdigk (307ae8bc926ab1b183fbd9ae0036f195) C:\WINDOWS\system32\drivers\nisdigk.dll
2011/07/10 19:06:33.0156 2508 nispdk (5bfbaa60ee65fedbc1d669e0e486f7f2) C:\WINDOWS\system32\drivers\nispdk.dll
2011/07/10 19:06:33.0718 2508 nissrk (8a97c610f5ef1d54234ddf2c7c147d87) C:\WINDOWS\system32\drivers\nissrk.dll
2011/07/10 19:06:34.0140 2508 nistc2k (fd8eb666120eda7923086d98efe61e6d) C:\WINDOWS\system32\drivers\nistc2k.dll
2011/07/10 19:06:34.0546 2508 nistck (45bffaed056b917407cc2d52a520a582) C:\WINDOWS\system32\drivers\nistck.dll
2011/07/10 19:06:34.0953 2508 nistcrk (922f8e9202deb885f7de05149c9b2170) C:\WINDOWS\system32\drivers\nistcrk.dll
2011/07/10 19:06:35.0453 2508 niswdk (562678a78fe1db0e0420a9f3654e2784) C:\WINDOWS\system32\drivers\niswdk.dll
2011/07/10 19:06:36.0203 2508 nitiork (2e32553cb9d0326b8367b9c14489bd3f) C:\WINDOWS\system32\drivers\nitiork.dll
2011/07/10 19:06:36.0578 2508 NiViPxiK (9271a16398ed77bf40eda4d12723d354) C:\WINDOWS\system32\drivers\NiViPxiK.sys
2011/07/10 19:06:37.0046 2508 niwfrk (5efc38ccdb71ade6179a2d48c098cdb7) C:\WINDOWS\system32\drivers\niwfrk.dll
2011/07/10 19:06:37.0640 2508 nixsrk (ff4cb2250fdac56304ce167306aed189) C:\WINDOWS\system32\drivers\nixsrk.dll
2011/07/10 19:06:38.0031 2508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/10 19:06:38.0390 2508 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2011/07/10 19:06:38.0875 2508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/10 19:06:39.0406 2508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/10 19:06:40.0281 2508 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/10 19:06:41.0187 2508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/10 19:06:41.0562 2508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/10 19:06:41.0984 2508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/10 19:06:42.0343 2508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/10 19:06:42.0718 2508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/10 19:06:43.0171 2508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/10 19:06:43.0812 2508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/10 19:06:44.0218 2508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/10 19:06:45.0781 2508 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/10 19:06:46.0156 2508 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/10 19:06:46.0531 2508 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
2011/07/10 19:06:46.0921 2508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/10 19:06:47.0281 2508 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/10 19:06:47.0625 2508 psadd (dc23b0d9a0282cb0d8281dbda431ac14) C:\WINDOWS\system32\Drivers\psadd.sys
2011/07/10 19:06:48.0078 2508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/10 19:06:48.0437 2508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/10 19:06:48.0765 2508 PxHelp20 (d7e32c33c08ccdbd21d47d291f30d35b) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/10 19:06:49.0093 2508 QCNDISIF (c854eb3a54aae73046d187a77f54efc5) C:\WINDOWS\system32\drivers\qcndisif.SYS
2011/07/10 19:06:49.0453 2508 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/10 19:06:49.0812 2508 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/10 19:06:50.0187 2508 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/10 19:06:50.0562 2508 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/10 19:06:50.0921 2508 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/10 19:06:51.0328 2508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/10 19:06:51.0671 2508 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/07/10 19:06:52.0078 2508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/10 19:06:52.0437 2508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/10 19:06:52.0843 2508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/10 19:06:53.0250 2508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/10 19:06:53.0656 2508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/10 19:06:54.0031 2508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/10 19:06:54.0546 2508 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/10 19:06:54.0984 2508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/10 19:06:55.0359 2508 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/07/10 19:06:55.0828 2508 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/07/10 19:06:56.0187 2508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/10 19:06:56.0593 2508 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/10 19:06:56.0984 2508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/10 19:06:57.0437 2508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/07/10 19:06:57.0859 2508 ShockMgr (482ddb9f0f6d88f0503910e1b9728042) C:\WINDOWS\system32\drivers\ShockMgr.sys
2011/07/10 19:06:58.0218 2508 Shockprf (3d593b089133f134f52d6de29b0d058b) C:\WINDOWS\system32\drivers\Shockprf.sys
2011/07/10 19:06:58.0875 2508 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/10 19:06:59.0234 2508 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
2011/07/10 19:06:59.0671 2508 smwdm (710a9684bf50e6fe7c227b9de41159da) C:\WINDOWS\system32\drivers\smwdm.sys
2011/07/10 19:07:00.0031 2508 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/07/10 19:07:00.0453 2508 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/10 19:07:00.0828 2508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/10 19:07:01.0203 2508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/10 19:07:01.0703 2508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/10 19:07:02.0234 2508 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/07/10 19:07:02.0578 2508 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/07/10 19:07:02.0953 2508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/10 19:07:03.0265 2508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/10 19:07:03.0625 2508 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/10 19:07:04.0000 2508 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/10 19:07:04.0390 2508 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/10 19:07:04.0703 2508 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/10 19:07:05.0046 2508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/10 19:07:05.0531 2508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/10 19:07:06.0000 2508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/10 19:07:06.0359 2508 TDSMAPI (139b4d397d51cf60d6585597b1cf2f51) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2011/07/10 19:07:06.0750 2508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/10 19:07:07.0125 2508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/10 19:07:07.0500 2508 tfsnboio (6d9d9ae1fc219e3a5c59072f1673b360) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/07/10 19:07:07.0953 2508 tfsncofs (e8cf0819e1585a794809118eca745e91) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/07/10 19:07:08.0421 2508 tfsndrct (59445b95619746560f09606804f0090e) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/07/10 19:07:08.0843 2508 tfsndres (914ddfea5559ad5196222be63672ff88) C:\WINDOWS\system32\dla\tfsndres.sys
2011/07/10 19:07:09.0234 2508 tfsnifs (1bd543f2388ffa4bb6a354e65b154fb7) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/07/10 19:07:09.0671 2508 tfsnopio (547293545916385aa211e82b1706711a) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/07/10 19:07:10.0109 2508 tfsnpool (9f7146dd1551711fd578e65a9d86ed77) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/07/10 19:07:10.0531 2508 tfsnudf (4c0a00cade4416d8f3eeced13e6e2600) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/07/10 19:07:11.0031 2508 tfsnudfa (d4269f46ee2b56facfdac786390f64a1) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/07/10 19:07:11.0500 2508 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/10 19:07:11.0828 2508 Tp4Track (eef2d6e4ec9f24be67572c60f3778f8d) C:\WINDOWS\system32\DRIVERS\tp4track.sys
2011/07/10 19:07:12.0187 2508 TPHKDRV (a7c9656b3cac47a9f786aae88259d8b9) C:\WINDOWS\system32\drivers\TPHKDRV.sys
2011/07/10 19:07:12.0578 2508 TPPWR (dc5c49a5f38d377f7c9a99a5b0c4d1a0) C:\WINDOWS\system32\drivers\Tppwr.sys
2011/07/10 19:07:12.0968 2508 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2011/07/10 19:07:13.0328 2508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/10 19:07:13.0671 2508 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/10 19:07:14.0156 2508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/10 19:07:14.0687 2508 USBAAPL (7c9f1503245402b01c79bdfa8731cb2a) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/10 19:07:15.0093 2508 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/10 19:07:15.0515 2508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/10 19:07:15.0921 2508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/10 19:07:16.0390 2508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/10 19:07:16.0734 2508 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/10 19:07:17.0140 2508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/10 19:07:17.0531 2508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/10 19:07:17.0984 2508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/10 19:07:18.0390 2508 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/10 19:07:18.0750 2508 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/10 19:07:19.0171 2508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/10 19:07:19.0593 2508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/10 19:07:20.0218 2508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/10 19:07:20.0812 2508 winachsf (542a5f528a6cfebb4487b09538596d78) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/10 19:07:21.0140 2508 WINIO (363438fbfd6dbf489c2d65ab25c2c5b4) C:\WINDOWS\system32\winio.sys
2011/07/10 19:07:21.0859 2508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/10 19:07:22.0265 2508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/10 19:07:22.0359 2508 MBR (0x1B8) (90ae513b445043d3ba0f00f98b1294f8) \Device\Harddisk0\DR0
2011/07/10 19:07:22.0390 2508 Boot (0x1200) (02805c60c92c7343d3ea2590de29776e) \Device\Harddisk0\DR0\Partition0
2011/07/10 19:07:22.0406 2508 ================================================================================
2011/07/10 19:07:22.0406 2508 Scan finished
2011/07/10 19:07:22.0406 2508 ================================================================================
2011/07/10 19:07:22.0437 2404 Detected object count: 0
2011/07/10 19:07:22.0437 2404 Actual detected object count: 0
2011/07/10 19:10:49.0187 3288 Deinitialize success

#8 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,453
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 10 July 2011 - 08:49 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9 User is offline   Bitten 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 10
  • Joined: 04-July 11

Posted 10 July 2011 - 10:16 PM

Hello,

I did as instructed, including disabling McAfee VirusScan Enterprise. ComboFix AutoScan seems to run for about 2 minutes without producing any output (other than the message that the scan normally doesn't take more than 10 minutes), then hangs the computer. (Access to the disk stops and the clock in the taskbar stops advancing.) After this happened the first time, I forced a power-off reboot and tried again, with the same result.

#10 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,453
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 10 July 2011 - 10:27 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box

ComboFix /nombr

  • click ok


copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#11 User is offline   Bitten 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 10
  • Joined: 04-July 11

Posted 11 July 2011 - 05:22 AM

Hello,

Here is the ComboFix log file.

ComboFix 11-07-10.05 - shera 07/11/2011 5:45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.389 [GMT -4:00]
Running from: c:\documents and settings\shera\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\pooper\Local Settings\Application Data\{0506C90D-8D85-4E30-9F54-801E15B05A57}
c:\documents and settings\pooper\Local Settings\Application Data\{0506C90D-8D85-4E30-9F54-801E15B05A57}\chrome.manifest
c:\documents and settings\pooper\Local Settings\Application Data\{0506C90D-8D85-4E30-9F54-801E15B05A57}\chrome\content\_cfg.js
c:\documents and settings\pooper\Local Settings\Application Data\{0506C90D-8D85-4E30-9F54-801E15B05A57}\chrome\content\overlay.xul
c:\documents and settings\pooper\Local Settings\Application Data\{0506C90D-8D85-4E30-9F54-801E15B05A57}\install.rdf
c:\program files\IBM\Updater\ucstartup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-01 22:48 . 2011-07-02 00:22 -------- d-----w- c:\windows\system32\MpEngineStore
2011-07-01 22:45 . 2011-07-01 22:51 -------- d-----w- C:\1ff265ccf20027fc46f76727ad08f951
2011-07-01 03:29 . 2011-07-01 03:29 -------- d-----w- C:\28ca9de61a140a4e92
2011-07-01 03:20 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-07-01 03:14 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-07-01 03:13 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-06-29 03:45 . 2011-07-10 22:57 -------- d-----w- C:\QUARANTINE
2011-06-29 02:32 . 2011-06-29 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-06-29 02:32 . 2011-06-29 02:32 -------- d-----w- c:\program files\Common Files\Cisco Systems
2011-06-29 02:32 . 2006-12-19 19:06 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll
2011-06-29 02:32 . 2006-11-30 12:50 34152 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-06-29 02:32 . 2006-11-30 12:50 72264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-06-29 02:32 . 2006-11-30 12:50 64360 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-06-29 02:32 . 2006-11-30 12:50 52136 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2011-06-29 02:32 . 2007-02-23 00:50 170408 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-06-29 02:31 . 2011-06-29 02:32 -------- d-----w- c:\program files\McAfee
2011-06-29 02:31 . 2011-06-29 02:31 -------- d-----w- c:\program files\Common Files\McAfee
2011-06-27 02:26 . 2011-07-10 14:12 -------- d-----w- c:\documents and settings\shera
2011-06-27 00:32 . 2011-06-27 00:32 -------- d-----w- c:\documents and settings\pooper\Application Data\Malwarebytes
2011-06-27 00:24 . 2011-06-27 00:24 -------- d-sh--w- c:\documents and settings\pooper\PrivacIE
2011-06-26 21:50 . 2011-06-26 21:50 0 ----a-w- c:\windows\Khewidimeqagu.bin
2011-06-26 21:42 . 2011-06-26 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\bA00000FnCkF00000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-10 22:57 . 1980-01-01 08:00 52352 ----a-w- c:\windows\system32\drivers\VolSnap.sys_backup
2011-05-29 13:11 . 2009-02-28 12:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 15:31 . 2004-08-09 18:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 1980-01-01 08:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 1980-01-01 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 1980-01-01 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 1980-01-01 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 1980-01-01 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 1980-01-01 08:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 1980-01-01 08:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2004-03-15 23:51 . 2004-03-15 23:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 14:36 . 2003-05-01 14:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\shera\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\shera\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\shera\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\shera\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-07-22 442368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4serv.exe" [2003-11-13 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TpShocks"="TpShocks.exe" [2004-03-27 102400]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-07 94208]
"TP4EX"="tp4ex.exe" [2002-09-04 53248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-07-27 122939]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-07-22 442368]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-06 218240]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 81920]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 395776]
"NIDAQmxDriverStatus"="c:\applications\National Instruments\NI-DAQ\HWConfig\nidevldstat.exe" [2004-07-14 11408]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\applications\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-07 267064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"KeePass 2 PreLoad"="c:\applications\KeePass Password Safe 2\KeePass.exe" [2010-09-05 1655296]
"QCTray"="c:\progra~1\ThinkPad\CONNEC~1\QCTray.exe" [2004-08-18 708608]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
.
c:\documents and settings\shera\Start Menu\Programs\Startup\
bmem.lnk - c:\applications\bmem\bmem.exe [2004-7-4 14848]
Dropbox.lnk - c:\documents and settings\shera\Application Data\Dropbox\bin\Dropbox.exe [2011-6-28 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\applications\WinZip\WZQKPICK.EXE [2004-12-14 106560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-08-18 11:30 258048 ----a-w- c:\windows\system32\QConGina.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\Applications\\National Instruments\\LabVIEW 7.1\\LabVIEW.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Applications\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\shera\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
.
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [12/7/2004 8:39 PM 16384]
R2 gpib420;GPIB Analyzer;c:\windows\system32\drivers\gpib420.sys [5/3/2004 2:42 AM 25600]
R2 GpibPrtK;Gpib Port;c:\windows\system32\drivers\GpibPrtK.sys [5/3/2004 2:18 AM 194048]
R2 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.dll [4/1/2004 11:16 AM 10829]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [7/15/2004 6:37 PM 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [7/15/2004 6:37 PM 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [7/15/2004 8:04 PM 674304]
R2 nidevldu;nidevldu;system32\nipalsm.exe --> system32\nipalsm.exe [?]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [3/26/2004 9:23 PM 108124]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [7/15/2004 8:07 PM 50688]
R2 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfk.dll [7/8/2004 5:54 PM 128117]
R2 nilvaik;nilvaik;c:\windows\system32\drivers\nilvaik.dll [7/9/2004 12:00 AM 18037]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [7/15/2004 6:38 PM 30208]
R2 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpk.dll [3/29/2004 1:24 PM 19570]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [7/7/2004 4:31 PM 41075]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [7/15/2004 6:39 PM 111616]
R2 niswdk;niswdk;c:\windows\system32\drivers\niswdk.dll [7/12/2004 7:32 PM 350829]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrk.dll [7/8/2004 6:44 PM 128112]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2k.dll [7/7/2004 8:17 PM 130141]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstsk.dll [7/8/2004 5:12 PM 44149]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdk.dll [7/8/2004 10:20 PM 396394]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1/1/1980 4:00 AM 13904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsark.dll [7/8/2004 11:39 PM 652906]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrk.dll [7/16/2004 12:49 PM 512619]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrk.dll [7/8/2004 8:01 PM 73858]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [3/29/2004 9:56 PM 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [3/29/2004 9:59 PM 151683]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigk.dll [7/10/2004 4:45 AM 204917]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdk.dll [7/8/2004 10:28 PM 68202]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrk.dll [7/16/2004 1:07 PM 513643]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2k.dll [3/29/2004 3:39 PM 121461]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrk.dll [7/8/2004 8:23 PM 91257]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiork.dll [7/8/2004 8:12 PM 1202809]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [7/14/2004 2:55 PM 24576]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrk.dll [7/16/2004 12:59 PM 417899]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrk.dll [7/16/2004 12:36 PM 828523]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [12/7/2004 8:36 PM 12288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - EGATHDRV
.
Contents of the 'Scheduled Tasks' folder
.
2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
2005-01-29 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-12-08 09:37]
.
2004-12-08 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-08 02:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\shera\Application Data\Mozilla\Firefox\Profiles\lv4ekymk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-UC_Start - c:\program files\IBM\Updater\\ucstartup.exe
HKLM-Run-UC_SMB - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-11 06:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(876)
c:\windows\system32\WININET.dll
c:\documents and settings\shera\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\windows\system32\niSvcLoc.exe
c:\windows\System32\QCONSVC.EXE
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\nipalsm.exe
c:\windows\system32\nipalsm.exe
c:\windows\system32\acs.exe
c:\windows\system32\tp4serv.exe
c:\windows\system32\TpShocks.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
.
**************************************************************************
.
Completion time: 2011-07-11 06:19:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-11 10:19
.
Pre-Run: 8,354,172,928 bytes free
Post-Run: 8,423,419,904 bytes free
.
- - End Of File - - 9D52DD3C3E1550B9315EACC5936A574C

#12 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,453
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 11 July 2011 - 06:36 AM

Hello


How is the computer doing now??


I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box

C:\Qoobox\Add-Remove Programs.txt

  • click ok


copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#13 User is offline   Bitten 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 10
  • Joined: 04-July 11

Posted 11 July 2011 - 05:45 PM

Hello,

The computer is doing much better, and is generally more responsive. Also I haven't noticed any Google redirects, and McAfee no longer finds TDSS e!rootkit in a memory scan after rebooting.

Here's the report you requested.
Thanks!


Access IBM
Access IBM Message Center
ACDSee 5.0 Standard
Adobe Flash Player 10 Plugin
Adobe Illustrator 9.0.1
Adobe Photoshop 6.0
Adobe Reader 8.1.7
Adobe SVG Viewer
AFPL Ghostscript 8.14
AFPL Ghostscript Fonts
Apple Mobile Device Support
Apple Software Update
Aspell English Dictionary-0.50-2
bmem
DirectX for Managed Code Update (December 2004)
DivX Codec
DivX Version Checker
FreeMind
getPlus®_ocx
GNU Aspell 0.50-3
GSview 4.6
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
IBM 32-bit Runtime Environment for Java 2, v1.4.1
IBM Access Connections
IBM Active Protection System
IBM DLA
IBM Integrated 56K Modem
IBM RecordNow!
IBM Rescue and Recovery with Rapid Restore
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
IBM ThinkVantage Technologies Welcome Message
IBM TrackPoint Accessibility Features
IBM TrackPoint Support
IBM Update Connector
IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD
ItsDeductible Express
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 22
Java™ 6 Update 5
JMP 7
KeePass Password Safe 2.13
LiveUpdate 1.90 (Symantec Corporation)
Lizardtech DjVu Control
Malwarebytes' Anti-Malware version 1.51.0.1200
Mathematica 5
MATLAB Family of Products Release 14
McAfee VirusScan Enterprise
Mendeley Desktop 0.9.4.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
MIT SecureCRT 4.0.3
MIT SecureFX 2.1.3
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NASA World Wind 1.3
National Instruments Software
NI-488.2 2.20
NI-488.2 Provider for MAX
NI-DAQ 7.0 Document Set 1.0.1
NI-DAQ 7.3, Traditional
NI-DAQ C API 7.2
NI-DAQ INF Files 7.3.0
NI-DAQ Provider for MAX
NI-DAQmx 7.3
NI-DAQmx Documentation 1.1.1
NI-DAQmx DSA Support 1.3.0
NI-DAQmx Expert Framework 1.2.0
NI-DAQmx MAX Support 1.2.0
NI-DAQmx support for LabVIEW
NI-DAQmx Switch Core 1.3.0
NI-DIM 1.1.0f0
NI-MDBG 1.1.0f0
NI-MRU 2.2.1f0
NI-MXDF 1.2.0f0
NI-ORB 1.1.0f1
NI-PAL 1.8.2f0
NI-RPC 3.1.1f0
NI-RPC 3.1.1f0 for PharLap
NI-VISA 3.2f1
NI-VISA Provider 3.2 for MAX
NI-VISA Runtime 3.2f1
NI-VISA Server 3.2f1
NI-VXI Support for LabVIEW 1.2.1f0
NI Assistant Framework
NI Assistant Framework LabVIEW Code Generator 61
NI Assistant Framework LabVIEW Code Generator 70
NI Assistant Framework LabVIEW Code Generator 71
NI Calibration Provider for MAX
NI Common Digital 1.2.0
NI DAQ Assistant 1.3.0
NI DDSP
NI Distribution Information - PDS English
NI DPPH
NI Example Finder 2.0
NI Instrument IO Assistant
NI Instrument IO Assistant for LabVIEW 7.1
NI LabVIEW 7.1
NI LabVIEW 7.1 Core Essentials
NI LabVIEW Advanced Analysis 7.1
NI LabVIEW Application Builder 7.1
NI LabVIEW Full 7.1
NI LabVIEW Picture Control and CIN Tools 7.1
NI LabVIEW Professional Tools 7.1
NI LabVIEW Run-Time Engine 7.0
NI LabVIEW Run-Time Engine 7.1
NI LabVIEW Service Locator 1.0
NI LabWindows/CVI 7.0 Code Generator
NI LVBroker
NI LVBrokerAux1071
NI LVBrokerAux70
NI LVBrokerAux71
NI Math Interface Toolkit 1.0
NI Measurement & Automation Explorer 3.1.1
NI Measurement Studio Recipe Processor
NI Measurements eXtensions for PAL 1.2.0
NI MIO Device Drivers 1.3.0
NI PXI Provider 1.4 for MAX
NI PXI Resource Manager 1.3.0
NI Remote Provider for MAX
NI Remote PXI Provider for MAX
NI SCXI 1.2.0
NI Software Provider for MAX
NI Spy 2.1.0f0
NI STC 1.2.0
NI Timing 1.2.0
NI Uninstaller
Norton WMI Update
OpenOffice.org 2.3
PC-Doctor for Windows
PCTeX version 6
PDFCreator
QuickTime
SAS Private JRE (J2SE™ Java Runtime Environment 1.4.2_09)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sonic Update Manager
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
Traditional NI-DAQ Documentation 1.0.3
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip

#14 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,453
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 12 July 2011 - 06:36 AM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Adobe Reader 8.1.7
    J2SE Runtime Environment 5.0 Update 6
    Java™ 6 Update 2
    Java™ 6 Update 5


    and click on remove


Update Adobe Reader

    Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

      If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.


Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts


Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files

    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

    I would like you to rerun MBAM

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


"information and logs"

    In your next post I need the following

    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#15 User is offline   Bitten 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 10
  • Joined: 04-July 11

Posted 12 July 2011 - 08:06 PM

Hello,

The computer seems to be running well now; I've had no signs of any trouble and had no problems doing the cleanup tasks you specified.
I've pasted the MBAM and HijackThis logs below.

Thanks so much for you help with this!




Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7092

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/12/2011 8:41:44 PM
mbam-log-2011-07-12 (20-41-44).txt

Scan type: Quick scan
Objects scanned: 191028
Time elapsed: 40 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:58:50 PM, on 7/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\nipalsm.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Applications\National Instruments\NI-DAQ\HWConfig\nidevldstat.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Applications\WinZip\WZQKPICK.EXE
C:\Applications\bmem\bmem.exe
C:\Applications\OpenOffice.org 2.3\program\soffice.exe
C:\Applications\OpenOffice.org 2.3\program\soffice.BIN
C:\Applications\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [NIDAQmxDriverStatus] C:\Applications\National Instruments\NI-DAQ\HWConfig\nidevldstat.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Applications\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Applications\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Startup: bmem.lnk = C:\Applications\bmem\bmem.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\shera\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Applications\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Applications\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1291466364281
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Applications\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9805 bytes

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users