Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Big google redirect virus


  • This topic is locked This topic is locked
67 replies to this topic

#1 P3T3RG

P3T3RG

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 23 June 2010 - 12:29 PM

Hi,
I've got a really annoying google redirecting virus. It also stops me downloading any anti malware programs like malware bytes hitman pro ect. Even once I've downloaded these programs from an alterative link the setup fails. I think ive tried everying but it all fails. Ive also got a bad image virus that appears alot randomly, please can you help. Here is my log from hijackthis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:04:10, on 23/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21183)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ASUS\WLAN Card Utilities\RaUI.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\DVDGhost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox3.exe
C:\DOCUME~1\XPPROS~1\LOCALS~1\Temp\Hhx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra73.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ASUS_Utility] "C:\Program Files\ASUS\WLAN Card Utilities\RaUI.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\DVDGhost.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOCUME~1\XPPROS~1\LOCALS~1\Temp\Hhx.exe
O4 - HKCU\..\Run: [{FF29BBF6-746D-DEB2-8780-782F80271D91}] "C:\Documents and Settings\XP PRO SP3 User\Application Data\Mure\keka.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Styler.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: Styler.lnk = ? (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: HD Writer AE.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{96E789A4-8CAD-42F7-A05B-952FD224FFCC}: NameServer = 93.188.163.10,93.188.166.245
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8AF78BC-D0E6-4C8E-9429-9CCE964B76AC}: NameServer = 93.188.163.10,93.188.166.245
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.10,93.188.166.245
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.10,93.188.166.245
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.10,93.188.166.245
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

I also have an external with progrmas installed. I am a novice when it comes to computers so can you bear this in mind.

Many thanks,
Peter


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:16 AM

Posted 23 June 2010 - 02:17 PM

Good evening. smile.gif

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop - this is important.
  • You will then need to extract the file(s) from the zipped folder.

  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish


  • Close all open programs as a reboot may be required.
  • Go to Start > Run, copy and paste the following into the text box and hit OK:

    "%userprofile%\desktop\tdsskiller\TDSSKiller.exe" -l report.txt

  • A Command Window will open and the tool will scan and produce a log called report.txt that can be found in the TDSSKiller folder that you unzipped.
  • If the tool prompts for a reboot, please allow it to do so; if it fails to reboot after prompting, reboot manually
Please post the contents of the log, report.txt, in your next reply and let me know if the PC is still misbehaving.

So long, and thanks for all the fish.

 

 


#3 P3T3RG

P3T3RG
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 24 June 2010 - 10:36 AM

Hi,

Since yesterday i have done a scan with avast anti virus it said a very dangerous virus has been discovered. It then reboted my computer and done an internal scan. The computer found a virus and then froze so i had to restart the computer. When I restarted the computer it only showed a background on the decktop with no icons or start menu. To access the internet i had to go through task manager. I am in despair on what to do, there is also a virus where the radio starts playing randomly. I've tried the method below and had no success, no virus was found. Please Help mellow.gif

#4 P3T3RG

P3T3RG
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 24 June 2010 - 12:25 PM

I've now managed to get the icon back by going through task manager then run and typing C:/

#5 P3T3RG

P3T3RG
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 24 June 2010 - 12:35 PM

17:33:38:015 2208 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
17:33:38:015 2208 ================================================================================
17:33:38:015 2208 SystemInfo:

17:33:38:015 2208 OS Version: 5.1.2600 ServicePack: 3.0
17:33:38:015 2208 Product type: Workstation
17:33:38:015 2208 ComputerName: XP-44C44E360303
17:33:38:015 2208 UserName: XP PRO SP3 User
17:33:38:015 2208 Windows directory: C:\WINDOWS
17:33:38:015 2208 Processor architecture: Intel x86
17:33:38:015 2208 Number of processors: 4
17:33:38:015 2208 Page size: 0x1000
17:33:38:031 2208 Boot type: Normal boot
17:33:38:031 2208 ================================================================================
17:33:38:625 2208 Initialize success
17:33:38:625 2208
17:33:38:625 2208 Scanning Services ...
17:33:38:671 2208 Raw services enum returned 367 services
17:33:38:671 2208
17:33:38:671 2208 Scanning Drivers ...
17:33:38:953 2208 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:33:39:000 2208 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:33:39:031 2208 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:33:39:062 2208 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:33:39:093 2208 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:33:39:140 2208 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
17:33:39:203 2208 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
17:33:39:250 2208 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
17:33:39:250 2208 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
17:33:39:281 2208 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
17:33:39:296 2208 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
17:33:39:296 2208 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
17:33:39:312 2208 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:33:39:328 2208 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:33:39:343 2208 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:33:39:375 2208 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:33:39:406 2208 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:33:39:421 2208 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
17:33:39:437 2208 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:33:39:468 2208 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:33:39:500 2208 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:33:39:500 2208 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:33:39:531 2208 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
17:33:39:546 2208 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:33:39:578 2208 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:33:39:609 2208 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:33:39:625 2208 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:33:39:640 2208 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:33:39:687 2208 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:33:39:718 2208 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
17:33:39:734 2208 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:33:39:765 2208 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:33:39:781 2208 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:33:39:796 2208 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
17:33:39:828 2208 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:33:39:828 2208 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:33:39:875 2208 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:33:39:875 2208 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:33:39:890 2208 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:33:39:906 2208 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
17:33:39:937 2208 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:33:40:000 2208 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
17:33:40:015 2208 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:33:40:062 2208 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:33:40:109 2208 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:33:40:171 2208 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:33:40:187 2208 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:33:40:328 2208 IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:33:40:375 2208 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:33:40:390 2208 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:33:40:390 2208 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:33:40:421 2208 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:33:40:437 2208 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:33:40:453 2208 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:33:40:484 2208 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:33:40:531 2208 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
17:33:40:546 2208 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:33:40:562 2208 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:33:40:578 2208 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
17:33:40:609 2208 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:33:40:625 2208 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:33:40:656 2208 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
17:33:40:703 2208 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
17:33:40:750 2208 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
17:33:40:875 2208 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
17:33:40:937 2208 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:33:40:984 2208 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
17:33:41:031 2208 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:33:41:062 2208 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:33:41:062 2208 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:33:41:078 2208 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:33:41:125 2208 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:33:41:125 2208 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:33:41:140 2208 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:33:41:156 2208 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:33:41:187 2208 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:33:41:203 2208 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:33:41:234 2208 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:33:41:234 2208 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:33:41:250 2208 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:33:41:281 2208 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:33:41:296 2208 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:33:41:312 2208 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:33:41:328 2208 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:33:41:328 2208 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:33:41:343 2208 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:33:41:343 2208 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:33:41:359 2208 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:33:41:375 2208 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:33:41:375 2208 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:33:41:421 2208 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:33:41:593 2208 nv (02e3a5cf6de77dba144550fd1c4a4cd9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:33:41:640 2208 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\drivers\nvatabus.sys
17:33:41:656 2208 NVENETFD (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:33:41:656 2208 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
17:33:41:687 2208 nvnetbus (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:33:41:703 2208 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:33:41:718 2208 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:33:41:734 2208 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:33:41:750 2208 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:33:41:765 2208 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:33:41:796 2208 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:33:41:812 2208 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:33:41:812 2208 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:33:41:843 2208 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
17:33:41:890 2208 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
17:33:41:890 2208 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:33:41:890 2208 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:33:41:906 2208 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:33:41:906 2208 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:33:41:937 2208 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:33:41:968 2208 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:33:41:968 2208 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:33:41:984 2208 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:33:41:984 2208 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:33:42:000 2208 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:33:42:000 2208 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:33:42:031 2208 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:33:42:078 2208 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:33:42:093 2208 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:33:42:140 2208 RT61 (ef64988c8e699e2481d1fd45bf472ef0) C:\WINDOWS\system32\DRIVERS\RT61.sys
17:33:42:171 2208 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:33:42:171 2208 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:33:42:171 2208 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:33:42:203 2208 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:33:42:250 2208 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:33:42:265 2208 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
17:33:42:312 2208 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:33:42:328 2208 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:33:42:359 2208 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
17:33:42:375 2208 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:33:42:375 2208 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:33:42:390 2208 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:33:42:406 2208 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:33:42:453 2208 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:33:42:500 2208 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:33:42:500 2208 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:33:42:500 2208 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:33:42:515 2208 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:33:42:531 2208 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:33:42:609 2208 UnlockerDriver5 (b2af2ba8a3205a8458b61f638fb431dd) C:\Program Files\Unlocker\UnlockerDriver5.sys
17:33:42:609 2208 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:33:42:656 2208 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:33:42:687 2208 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:33:42:703 2208 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:33:42:718 2208 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:33:42:734 2208 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:33:42:781 2208 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:33:42:828 2208 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:33:42:843 2208 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:33:42:843 2208 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:33:42:890 2208 VIAHdAudAddService (242a8309b952f7ca9e220d3439955b0e) C:\WINDOWS\system32\drivers\viahduaa.sys
17:33:42:921 2208 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:33:42:921 2208 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:33:42:937 2208 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:33:42:984 2208 WN111v2 (966860e5ea3591aa471ec9ced49dc8d2) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
17:33:43:015 2208 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:33:43:046 2208 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
17:33:43:078 2208 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:33:43:078 2208 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:33:43:093 2208 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:33:43:093 2208
17:33:43:093 2208 Completed
17:33:43:093 2208
17:33:43:093 2208 Results:
17:33:43:093 2208 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:33:43:093 2208 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:33:43:093 2208
17:33:43:093 2208 KLMD(ARK) unloaded successfully

Here is the log anyway,

Thanks,
Peter

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:16 AM

Posted 24 June 2010 - 01:48 PM

Good evening. smile.gif

You need to give me more information about the virus that Avast detected. What was the name that it gave it and what was the filename, or file names, that it identified as infected?

So long, and thanks for all the fish.

 

 


#7 P3T3RG

P3T3RG
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 24 June 2010 - 03:47 PM

Hi,

Avast didn't give a name and there was no alert which strange, it just found it on the memory test on the start up of the anti virus software and asked for a reboot. I'm doing a search on avast now and its found a few viruses C:\WINDOWS\system32\spool\prtprocs\w32x86\ alot seem to be coming from these two folders and this C:/system volume information/ every week viruses seem to keep poping up there.

Thanks for you help,
Peter

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:16 AM

Posted 24 June 2010 - 05:15 PM

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *
  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#9 P3T3RG

P3T3RG
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 25 June 2010 - 10:39 AM

Hi,

I ran combo fix and the computer restarted with still just a background image and a open documents folder. I cannot get the desktop icons back by typing C:/ into task manager, it just says that there is an error but all of the programs installed on c drive are still there. I tried running C:\ComboFix.txt but it cannot be found. I followed all of your specific intructions disabling the anti virus and firewall and not touching the computer at all. What should I do?

Thanks,
Peter

#10 P3T3RG

P3T3RG
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 25 June 2010 - 12:22 PM

Hi,

It looks like it has worked i restarted the computer and entered c:/ into taskmanager and accessed the internet and there looks like there are no pop ups or a virus blocking me from sites, like malwarebytes.org. There is still the promlem of no desktop icons on start up and I've only been on the computer for 5 minutes but it looks good thanks. Here is the combofix log, I couldn't get the windows recovery console working as it couldn't find the download. Here is the log,

ComboFix 10-06-24.03 - XP PRO SP3 User 25/06/2010 15:13:47.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2574 [GMT 0:00]
Running from: c:\documents and settings\XP PRO SP3 User\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100625-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\XP PRO SP3 User\Application Data\inst.exe
c:\documents and settings\XP PRO SP3 User\Application Data\Mure\keka.exe
c:\windows\system32\l0wsec
c:\windows\system32\l0wsec\l0cal.ds
c:\windows\system32\l0wsec\us3r.ds
c:\windows\system32\sdra73.exe
c:\windows\system32\systeminfo.dll
c:\windows\TEMP\logishrd\LVPrcInj06.dll
G:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMOKO
-------\Legacy_IPOKORAID
-------\Service_dmoko


((((((((((((((((((((((((( Files Created from 2010-05-25 to 2010-06-25 )))))))))))))))))))))))))))))))
.

2010-06-25 15:19 . 2010-06-25 15:19 -------- d-----w- c:\windows\system32\wbem\snmp
2010-06-25 15:19 . 2010-06-25 15:19 -------- d-----w- c:\windows\system32\xircom
2010-06-25 15:19 . 2010-06-25 15:19 -------- d-----w- c:\program files\microsoft frontpage
2010-06-25 15:13 . 2008-04-14 12:00 1033728 ----a-w- c:\windows\system32\userinit.exe
2010-06-23 17:03 . 2010-06-23 17:03 -------- d-----w- c:\program files\Trend Micro
2010-06-20 17:10 . 2010-06-20 17:10 355904 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-20 13:53 . 2010-06-20 13:53 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Autodesk
2010-06-20 13:53 . 2010-06-20 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-06-20 13:53 . 2010-06-20 13:53 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Autodesk
2010-06-20 13:49 . 2010-06-20 13:49 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-20 13:48 . 2010-06-20 13:48 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-06-20 13:47 . 2010-06-20 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-06-20 13:46 . 2010-06-20 13:49 -------- d-----w- c:\program files\Autodesk
2010-06-20 13:46 . 2008-07-31 10:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-06-20 13:46 . 2008-07-31 10:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-06-20 13:46 . 2008-07-31 10:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-06-20 13:46 . 2008-07-12 08:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-06-20 13:46 . 2008-07-12 08:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-06-20 13:46 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-06-20 13:26 . 2010-06-20 13:26 -------- d-----w- c:\windows\Logs
2010-06-20 13:24 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-06-20 13:23 . 2010-06-20 13:24 -------- d-----w- C:\64a352206356e957171b2323a1
2010-06-19 21:02 . 2008-04-14 12:00 26112 ----a-w- c:\windows\system32\stu2.exe
2010-06-17 18:00 . 2010-06-17 18:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-15 15:43 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-06-15 15:43 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-06-15 15:43 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-06-15 15:43 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-06-15 15:43 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-06-15 15:43 . 2010-06-17 19:51 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Simply Super Software
2010-06-15 15:43 . 2010-06-15 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-06-13 13:21 . 2005-07-28 08:18 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys
2010-06-13 13:21 . 2005-06-21 12:10 24576 ----a-w- c:\windows\system32\hdsuinst.exe
2010-06-13 13:21 . 2001-09-28 19:00 164864 ----a-w- c:\windows\system32\UNWISE.EXE
2010-06-13 13:21 . 2005-09-28 14:24 2164411 ----a-w- c:\windows\system32\haspds_windows.dll
2010-06-12 21:06 . 2010-06-12 21:08 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\MAXON
2010-06-12 18:57 . 2010-06-13 11:40 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Azureus
2010-06-12 18:57 . 2010-06-12 18:57 -------- d-----w- c:\program files\Vuze
2010-06-12 16:24 . 2010-06-23 14:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-11 19:50 . 2010-06-11 19:50 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Help
2010-06-11 16:18 . 2010-06-11 16:18 -------- d-----w- C:\spoolerlogs
2010-06-11 15:11 . 2010-06-11 16:21 -------- d-----w- c:\program files\Common Files\Akamai
2010-06-06 15:30 . 2010-06-06 15:30 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Apple Computer
2010-06-02 22:32 . 2010-06-24 22:20 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Ewdag
2010-05-30 11:47 . 2010-06-23 14:56 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\vlc
2010-05-29 13:17 . 2010-05-29 13:22 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Vso
2010-05-29 13:16 . 2010-02-09 16:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-05-29 13:16 . 2010-02-09 16:37 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-05-29 13:16 . 2010-02-09 16:37 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-05-29 13:16 . 2010-02-09 16:37 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-05-29 13:16 . 2010-02-09 16:37 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-05-29 13:16 . 2010-02-09 16:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-05-29 13:16 . 2010-02-09 16:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-05-29 13:12 . 2010-05-29 13:12 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\AnvSoft
2010-05-29 13:07 . 2010-05-29 13:07 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\GeoVid
2010-05-29 13:07 . 2007-06-28 18:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-05-29 13:07 . 2007-06-28 18:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2010-05-29 13:07 . 2005-06-07 15:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2010-05-29 12:17 . 2010-05-29 12:17 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\WMTools Downloaded Files
2010-05-29 12:10 . 2010-05-29 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-29 12:09 . 2010-05-29 12:09 -------- d-----w- c:\program files\Common Files\Apple
2010-05-29 12:08 . 2010-05-29 12:08 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Apple
2010-05-29 12:08 . 2010-05-29 12:08 -------- d-----w- c:\program files\Apple Software Update
2010-05-29 12:08 . 2010-05-29 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 17:07 . 2010-02-01 23:00 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\skypePM
2010-06-25 16:41 . 2010-02-02 20:55 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-25 16:41 . 2010-02-02 20:55 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-06-25 15:32 . 2010-01-30 17:23 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\HPAppData
2010-06-25 15:13 . 2010-02-01 22:56 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Skype
2010-06-24 22:27 . 2009-08-14 03:04 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Mure
2010-06-23 17:03 . 2010-06-23 17:03 388096 ----a-r- c:\documents and settings\XP PRO SP3 User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-20 13:54 . 2009-07-21 15:26 66664 ----a-w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-13 13:35 . 2009-07-21 15:26 -------- d-----w- c:\program files\PCBugDoctor
2010-06-11 22:35 . 2009-07-21 14:57 -------- d-----w- c:\program files\Unlocker
2010-06-11 22:32 . 2009-07-21 15:03 -------- d-----w- c:\program files\CCleaner
2010-06-11 21:35 . 2009-09-13 04:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-11 19:50 . 2009-07-21 15:04 -------- d-----w- c:\program files\Resource Hacker 3.4.0
2010-06-11 13:25 . 2010-05-01 19:21 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\gtk-2.0
2010-05-30 19:22 . 2010-05-22 16:39 -------- d-----w- c:\program files\Google
2010-05-29 13:17 . 2010-05-29 13:17 47360 ----a-w- c:\documents and settings\XP PRO SP3 User\Application Data\pcouffin.sys
2010-05-29 13:17 . 2010-05-29 13:17 47360 ----a-w- c:\documents and settings\XP PRO SP3 User\Application Data\pcouffin.sys
2010-05-29 13:17 . 2009-07-21 15:31 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-29 13:16 . 2009-07-21 15:31 -------- d-----w- c:\program files\vso
2010-05-29 12:11 . 2010-01-31 14:27 -------- d-----w- c:\program files\QuickTime
2010-05-24 21:15 . 2010-05-24 21:15 503808 ----a-w- c:\documents and settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1fdc4864-n\msvcp71.dll
2010-05-24 21:15 . 2010-05-24 21:15 499712 ----a-w- c:\documents and settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1fdc4864-n\jmc.dll
2010-05-24 21:15 . 2010-05-24 21:15 348160 ----a-w- c:\documents and settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1fdc4864-n\msvcr71.dll
2010-05-24 21:15 . 2010-05-24 21:15 61440 ----a-w- c:\documents and settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7a80e5d5-n\decora-sse.dll
2010-05-24 21:15 . 2010-05-24 21:15 12800 ----a-w- c:\documents and settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7a80e5d5-n\decora-d3d.dll
2010-05-12 20:43 . 2010-05-12 20:43 -------- d-----w- c:\program files\Total Uninstall 5
2010-05-10 21:48 . 2010-01-28 22:32 1 ----a-w- c:\documents and settings\XP PRO SP3 User\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-08 21:53 . 2010-05-08 21:51 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\WhatPulse
2010-05-08 21:53 . 2010-05-08 21:51 -------- d-----w- c:\program files\WhatPulse
2010-05-03 12:47 . 2010-05-03 12:47 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Sony Creative Software
2010-05-03 10:19 . 2009-07-21 15:03 -------- d-----w- c:\program files\Common Files\Java
2010-05-03 10:19 . 2010-05-03 10:19 503808 ----a-w- c:\documents and settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5fd270b0-n\msvcp71.dll
2010-05-03 10:19 . 2010-05-03 10:19 499712 ----a-w- c:\documents and settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5fd270b0-n\jmc.dll
2010-05-03 10:19 . 2010-05-03 10:19 348160 ----a-w- c:\documents and settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5fd270b0-n\msvcr71.dll
2010-05-03 10:19 . 2010-05-03 10:19 61440 ----a-w- c:\documents and settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-27f895ea-n\decora-sse.dll
2010-05-03 10:19 . 2010-05-03 10:19 12800 ----a-w- c:\documents and settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-27f895ea-n\decora-d3d.dll
2010-05-03 10:18 . 2009-07-21 15:03 -------- d-----w- c:\program files\Java
2010-04-21 17:42 . 2010-03-31 17:02 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-18 20:00 . 2010-01-30 16:17 164906 ----a-w- c:\windows\hpoins21.dat
2010-04-12 17:29 . 2010-05-03 10:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-22 1271808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"DVDXGhost"="c:\program files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\DVDGhost.exe" [2006-01-18 1552384]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"Evidence Eliminator"="c:\program files\Evidence Eliminator\ee.exe" [2001-04-04 767081]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13684736]
"nwiz"="nwiz.exe" [2009-04-14 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 86016]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ASUS_Utility"="c:\program files\ASUS\WLAN Card Utilities\RaUI.exe" [2009-05-13 2228224]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2010-01-05 124928]

c:\documents and settings\XP PRO SP3 User\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HD Writer AE.lnk - c:\program files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2010-1-31 210264]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-3-25 1503290]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\ExecuteHooker.dll" [2005-11-14 90112]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 9.0\\VegSrv90.exe"=
"g:\\TOSHIBA\\Peter\\Windows playable video\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:LitvinenKO

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29/07/2009 07:32 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/07/2009 07:32 20560]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 17:36 86016]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 11:31 92008]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [01/10/2008 16:45 57440]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [09/08/2009 13:35 1358720]
S0 gucgwu;gucgwu;c:\windows\system32\drivers\yzuigcg.sys --> c:\windows\system32\drivers\yzuigcg.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24/07/2003 12:10 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [27/02/2008 11:54 360547]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14/01/2009 02:23 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
rpcSsc REG_MULTI_SZ ipokoraid

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2010-01-05 09:57 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-01-28 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]

2010-01-28 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-05-21 18:25]

2010-06-25 c:\windows\Tasks\User_Feed_Synchronization-{479ED8AD-700D-40D2-AAC4-5341B9455E95}.job
- c:\windows\system32\msfeedssync.exe [2009-07-21 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{FF29BBF6-746D-DEB2-8780-782F80271D91} - c:\documents and settings\XP PRO SP3 User\Application Data\Mure\keka.exe
AddRemove-Any Video Converter_is1 - g:\toshiba\Downloads\Any Video Converter\unins000.exe
AddRemove-Xilisoft Video Converter - c:\program files\Xilisoft\Video Converter 3\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 17:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4108)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\ieframe.dll
c:\program files\LClock\LC.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\acs.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-06-25 17:12:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-25 17:12

Pre-Run: 967,237,050,368 bytes free
Post-Run: 967,586,222,080 bytes free

- - End Of File - - 8F4C24589594FB1D7E363AA313E9EAEB

Thankyou so much for your help so far,
Peter

#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:16 AM

Posted 25 June 2010 - 03:17 PM

Good evening. smile.gif

Will you follow step 7 here and post accordingly.

So long, and thanks for all the fish.

 

 


#12 P3T3RG

P3T3RG
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 25 June 2010 - 05:00 PM

Hi,

Here is the log, hopefully I've done everything correct.


DDS (Ver_10-03-17.01) - NTFSx86
Run by XP PRO SP3 User at 21:43:45.51 on 25/06/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2647 [GMT 0:00]

AV: avast! antivirus 4.8.1368 [VPS 100625-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ASUS\WLAN Card Utilities\RaUI.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\DVDGhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\XP PRO SP3 User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DVDXGhost] c:\program files\dvd x studios\dvd x utilities v2.1.1\dvdghost\DVDGhost.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [WhatPulse] c:\program files\whatpulse\WhatPulse.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LClock] c:\program files\lclock\LClock.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [Evidence Eliminator] c:\program files\evidence eliminator\ee.exe /m
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ASUS_Utility] "c:\program files\asus\wlan card utilities\RaUI.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\xppros~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\xppros~1\startm~1\programs\startup\Styler.lnk -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hdwrit~1.lnk - c:\program files\common files\panasonic\hd writer autostart\HDWriterAutoStart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ExecuteHooker Class: {569dac0f-2791-46ab-8efc-a54b77c04c20} - c:\program files\dvd x studios\dvd x utilities v2.1.1\dvdghost\ExecuteHooker.dll
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-29 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-29 138680]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-8-9 1358720]
S0 gucgwu;gucgwu;c:\windows\system32\drivers\yzuigcg.sys --> c:\windows\system32\drivers\yzuigcg.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-29 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-29 352920]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-1-14 458752]

=============== Created Last 30 ================

2010-06-25 15:19:59 0 d-----w- c:\windows\system32\wbem\snmp
2010-06-25 15:19:58 0 d-----w- c:\windows\system32\xircom
2010-06-25 15:19:58 0 d-----w- c:\program files\msn gaming zone
2010-06-25 15:13:41 1033728 ----a-w- c:\windows\system32\userinit.exe
2010-06-25 15:10:44 98816 ----a-w- c:\windows\sed.exe
2010-06-25 15:10:44 77312 ----a-w- c:\windows\MBR.exe
2010-06-25 15:10:44 256512 ----a-w- c:\windows\PEV.exe
2010-06-25 15:10:44 161792 ----a-w- c:\windows\SWREG.exe
2010-06-25 15:10:39 0 d-----w- C:\ComboFix
2010-06-25 06:13:25 0 ----a-w- C:\񀿉
2010-06-23 17:03:49 0 d-----w- c:\program files\Trend Micro
2010-06-22 14:33:42 0 ----a-w- c:\documents and settings\xp pro sp3 user\煗煗
2010-06-21 14:59:56 0 ----a-w- c:\documents and settings\xp pro sp3 user\;;
2010-06-20 13:53:42 0 d-----w- c:\docume~1\xppros~1\applic~1\Autodesk
2010-06-20 13:49:15 0 d-----w- c:\program files\common files\Macrovision Shared
2010-06-20 13:48:36 0 d-----w- c:\program files\common files\Autodesk Shared
2010-06-20 13:46:50 0 d-----w- c:\program files\Autodesk
2010-06-20 13:46:44 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-06-20 13:46:44 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-06-20 13:46:44 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-06-20 13:46:43 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-06-20 13:46:43 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-06-20 13:46:42 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-06-20 13:26:21 0 d-----w- c:\windows\Logs
2010-06-20 13:23:56 0 d-----w- C:\64a352206356e957171b2323a1
2010-06-19 21:02:14 26112 ----a-w- c:\windows\system32\stu2.exe
2010-06-17 18:00:16 0 d-----w- c:\program files\Hitman Pro 3.5
2010-06-15 15:43:27 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-06-15 15:43:27 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-06-15 15:43:27 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-06-15 15:43:27 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-06-15 15:43:27 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-06-15 15:43:24 0 d-----w- c:\docume~1\xppros~1\applic~1\Simply Super Software
2010-06-15 15:43:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-06-15 15:38:36 45 ----a-w- c:\windows\system32\initdebug.nfo
2010-06-13 13:21:49 8405015 ----a-w- c:\windows\TempFile
2010-06-13 13:21:49 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys
2010-06-13 13:21:25 24576 ----a-w- c:\windows\system32\hdsuinst.exe
2010-06-13 13:21:25 164864 ----a-w- c:\windows\system32\UNWISE.EXE
2010-06-13 13:21:17 2164411 ----a-w- c:\windows\system32\haspds_windows.dll
2010-06-12 21:06:32 0 d-----w- c:\docume~1\xppros~1\applic~1\MAXON
2010-06-12 18:57:47 0 d-----w- c:\docume~1\xppros~1\applic~1\Azureus
2010-06-12 18:57:11 0 d-----w- c:\program files\Vuze
2010-06-12 16:24:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-11 16:18:33 0 d-----w- C:\spoolerlogs
2010-06-11 15:11:24 0 d-----w- c:\program files\common files\Akamai
2010-06-11 13:25:36 2198 ----a-w- c:\documents and settings\xp pro sp3 user\.recently-used.xbel
2010-06-02 22:32:55 0 d-----w- c:\docume~1\xppros~1\applic~1\Ewdag
2010-05-29 13:17:55 47360 ----a-w- c:\docume~1\xppros~1\applic~1\pcouffin.sys
2010-05-29 13:16:58 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-05-29 13:16:58 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-05-29 13:16:58 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-05-29 13:16:58 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-05-29 13:16:58 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-05-29 13:16:57 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-05-29 13:16:56 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-05-29 13:12:20 0 d-----w- c:\docume~1\xppros~1\applic~1\AnvSoft
2010-05-29 13:07:49 0 d-----w- c:\docume~1\xppros~1\applic~1\GeoVid
2010-05-29 13:07:27 77824 ----a-w- c:\windows\system32\xvid.ax
2010-05-29 13:07:27 765952 ----a-w- c:\windows\system32\xvidcore.dll
2010-05-29 13:07:27 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-05-29 13:07:26 60416 ----a-w- c:\windows\system32\dsetup.dll

==================== Find3M ====================

2010-06-25 21:35:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-06-25 16:41:40 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-12 16:33:38 31680 ----a-w- c:\windows\fonts\Technical_forest_v_2_1_by_SergeantSwierq.ttf
2010-05-29 13:17:56 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-04-18 20:00:12 164906 ----a-w- c:\windows\hpoins21.dat
2010-04-12 17:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-07-21 15:06:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009072120090722\index.dat

============= FINISH: 21:44:02.14 ===============


Thanks for your help,
Peter

Attached Files



#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:16 AM

Posted 25 June 2010 - 06:28 PM

Download RegQuery from here and save it to your Desktop.
  • Double click the file to run it.
  • Copy the following keyname to your clipboard - either CTRL + C or right click will do.

      HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

  • Click Paste from Clipboard and then Query.
  • A Notepad window should open with some text it - either that or you'll get a pop-up telling you to check the keyname.
  • Let me have the contents of the file.

So long, and thanks for all the fish.

 

 


#14 P3T3RG

P3T3RG
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 26 June 2010 - 04:55 AM

Hi,

Here is the contents of the file

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
"NoDrives"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

Many Thanks,
Peter

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:16 AM

Posted 26 June 2010 - 02:12 PM

Good evening. smile.gif

Copy and paste the following into Notepad (Start > All Programs > Accessories > Notepad):

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"=-


Save it to your Desktop with the following filename: CFScript
Drag and drop CFScript.txt onto your copy of Combofix and let it do it's thing.
Reboot the computer and then let me have the log produced and a description of how the PC is behaving.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users