Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/patched.dx virus and unable to run dds or gmer


  • This topic is locked This topic is locked
23 replies to this topic

#1 Christo82

Christo82

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 29 August 2010 - 02:11 PM

EDIT: SORRY I FORGOT I SHOULDN'T POST HERE UNLESS I HAVE LOGS.

Hello. I hope someone can help me with this. Avg has shown that I have the virus win32/Patched.dx in the file C:\Windows\system32\drivers\intelide.sys. I followed the steps of the preparation guide. I ran defogger, which worked fine(I don't believe I had any CD emulator). I tired to run dds but a notepad document opened saying 'this program cannot run in DOS mode'. I then tried to run GMER several times but all times led to the computer restarting itself. I managed to take a screen grab of what it had found before rebooting, which I have attached to this post. My computer has been running slow for a while, though this could be due to the age and RAM of the computer. It's an emachine 5230 Pentium 4 with only 512MB Ram.

I hope someone can help. Thank you Attached File  Doc1.doc   75.5KB   10 downloads

Edited by Christo82, 29 August 2010 - 02:44 PM.


BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:31 PM

Posted 31 August 2010 - 05:43 AM

Hello and welcome to Bleeping Computer. smile.gif

*Please Subscribe to this Thread to get immediate notification of replies. See HERE

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

*You must reply within 5 days otherwise this topic will be closed.


================================


Please try using a different version of DDS, download it from the links below:

DDS.com => http://download.bleepingcomputer.com/sUBs/dds.com
DDS.pif => http://www.forospyware.com/sUBs/dds

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 Christo82

Christo82
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 31 August 2010 - 10:39 AM

Hello. Thanks for your help. I have now been able to run the DDS scan. Here is the log file:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Chris at 9:01:14.17 on 31/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.108 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ie/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{E1C956BA-1F5C-41BD-9E9C-09F6478D5444}
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [CHotkey] zHotkey.exe
mRun: [SunKistEM] c:\program files\emachines bay reader\shwiconem.exe
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio 10\uvPL.exe
mRun: [USB Storage Toolbox] c:\program files\usb disk win98 driver\Res.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [PVR Agent] c:\program files\kworld multimedia\pvr plus\tvr\Scheduled.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\remote~1.lnk - c:\program files\kworld multimedia\pvr-tv 713x utilities\P3XRCtl.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www3.snapfish.ie/SnapfishActivia.cab
DPF: {4F1D0C59-5ECC-4028-87F3-482191D2230F} - hxxp://134.226.124.250/activex/AMC.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175885820812
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://217.114.115.192/activex/AMC.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://druidphilip.viewnetcam.com/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://192.171.163.3/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.61.63.218/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by116fd.bay116.hotmail.msn.com/activex/HMAtchmt.ocx
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://ip-caseville.greatlakescam.com/user/TSBnwCam.CAB
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\nmyr175q.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.bigseekpro.com/hypercam/{97855B68-C8D4-1174-3E42-9A1858BB901B}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-12 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-12 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-12 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-6-15 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-12 308136]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-1 54752]
R3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2008-9-11 28512]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-12 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-6-15 14336]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]

=============== Created Last 30 ================

2010-08-25 01:13:26 0 d-----w- C:\THE GOLD RUSH BONUS
2010-08-12 09:46:15 0 d-----w- c:\program files\uTorrent
2010-08-12 09:45:39 0 d-----w- c:\docume~1\chris\applic~1\uTorrent
2010-08-12 09:18:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-12 09:18:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-12 09:17:58 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-12 09:17:38 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-12 09:00:34 0 d-----w- C:\AVGTemp
2010-08-11 02:08:52 0 d-----w- C:\AVATAR
2010-08-10 11:16:59 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2010-08-10 11:15:59 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-08-10 11:14:59 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-08-10 11:13:52 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-08-10 11:12:59 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2010-08-10 11:11:58 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-08-10 11:11:54 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-08-10 11:11:54 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-08-10 11:11:54 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-08-10 11:11:53 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-08-10 11:11:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-08-10 11:09:54 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2010-08-10 11:08:59 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2010-08-10 11:07:59 283904 -c--a-w- c:\windows\system32\dllcache\emu10k1m.sys
2010-08-10 11:06:59 3072 -c--a-w- c:\windows\system32\dllcache\cwbase.sys
2010-08-10 11:05:59 66082 -c--a-w- c:\windows\system32\dllcache\c_20106.nls
2010-08-10 11:04:57 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-08-10 10:45:36 24576 -c--a-w- c:\windows\system32\dllcache\agcgauge.ax
2010-08-10 10:29:48 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2010-08-10 04:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-03 21:04:34 0 d-----w- c:\program files\NirSoft
2010-08-03 09:03:50 0 d-----w- c:\program files\Magical Jelly Bean
2010-08-02 18:18:47 0 d-s---w- C:\ComboFix
2010-08-02 18:14:18 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-08-06 14:10:39 4240 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2008-09-23 11:39:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 9:02:44.92 ===============

Attached Files



#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:31 PM

Posted 31 August 2010 - 11:48 AM

P2P Warning:
Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent).

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."



=================================


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.
Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:
  1. Leave your computer alone while ComboFix is running.
  2. ComboFix will restart your computer if malware is found; allow it to do so.
  3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  4. Please do not mouseclick combofix's window while its running because it may call it to stall.
  5. ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 Christo82

Christo82
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 01 September 2010 - 05:34 AM

Hi, here is the log from Combofix below:

ComboFix 10-08-31.02 - Chris 01/09/2010 10:48:44.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.272 [GMT 1:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-08-25 01:13 . 2010-08-25 01:13 -------- d-----w- C:\THE GOLD RUSH BONUS
2010-08-13 07:51 . 2010-08-13 07:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-12 09:46 . 2010-08-12 09:46 -------- d-----w- c:\program files\uTorrent
2010-08-12 09:45 . 2010-08-30 09:20 -------- d-----w- c:\documents and settings\Chris\Application Data\uTorrent
2010-08-12 09:18 . 2010-08-12 09:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-12 09:18 . 2010-08-12 09:18 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-12 09:17 . 2010-08-12 09:17 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-12 09:17 . 2010-08-12 09:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-12 09:17 . 2010-09-01 08:50 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-12 09:00 . 2010-08-12 09:00 -------- d-----w- C:\AVGTemp
2010-08-12 08:35 . 2010-08-12 08:35 -------- d-----w- c:\program files\NOS
2010-08-11 02:08 . 2010-08-11 02:08 -------- d-----w- C:\AVATAR
2010-08-10 11:16 . 2004-08-04 05:29 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2010-08-10 11:15 . 2001-08-17 21:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-08-10 11:14 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2010-08-10 11:13 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-08-10 11:12 . 2001-08-17 12:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2010-08-10 11:11 . 2008-04-13 18:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-08-10 11:11 . 2001-08-17 21:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-08-10 11:11 . 2001-08-17 12:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-08-10 11:11 . 2001-08-17 11:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-08-10 11:11 . 2001-08-17 12:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-08-10 11:11 . 2001-08-17 12:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-08-10 11:09 . 2008-04-13 18:41 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2010-08-10 11:08 . 2008-04-13 18:36 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2010-08-10 11:07 . 2001-08-17 11:19 283904 -c--a-w- c:\windows\system32\dllcache\emu10k1m.sys
2010-08-10 11:06 . 2001-08-17 11:19 3072 -c--a-w- c:\windows\system32\dllcache\cwbase.sys
2010-08-10 11:05 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-08-10 11:04 . 2001-08-17 21:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-08-10 10:29 . 2001-08-17 13:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-08-06 18:01 . 2010-08-06 18:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-08-04 17:48 . 2010-08-04 17:48 -------- d-----w- c:\documents and settings\Administrator\Tracing
2010-08-03 21:04 . 2010-08-03 21:04 -------- d-----w- c:\program files\NirSoft
2010-08-03 09:03 . 2010-08-03 09:03 -------- d-----w- c:\program files\Magical Jelly Bean
2010-08-02 18:14 . 2010-08-02 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-02 18:11 . 2010-08-12 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-02 17:43 . 2010-08-02 17:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 10:19 . 2010-01-23 22:51 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-29 19:55 . 2008-05-09 00:06 -------- d-----w- c:\program files\PokerStars
2010-08-27 08:46 . 2010-05-16 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-27 08:46 . 2007-08-28 16:04 -------- d-----w- c:\program files\DivX
2010-08-23 02:44 . 2007-10-24 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-08-17 08:00 . 2004-06-15 07:50 -------- d-----w- c:\program files\QuickTime
2010-08-17 07:59 . 2008-04-24 10:03 -------- d-----w- c:\program files\Common Files\Apple
2010-08-12 09:46 . 2007-04-07 18:42 -------- d-----w- c:\documents and settings\Chris\Application Data\Azureus
2010-08-12 09:13 . 2010-03-21 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-07 07:20 . 2007-04-06 19:19 -------- d-----w- c:\program files\Azureus
2010-08-06 14:10 . 2009-03-26 17:41 4240 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-02 18:13 . 2010-07-12 09:58 -------- d-----w- c:\program files\NetMeter
2010-08-02 18:10 . 2009-09-20 09:18 -------- d-----w- c:\program files\Vuze
2010-07-16 11:36 . 2007-04-21 09:55 128096 ----a-w- c:\documents and settings\Mary\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-07 07:57 . 2007-04-06 19:20 -------- d-----w- c:\program files\Java
2010-06-30 12:31 . 2004-06-15 14:33 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-06-23 10:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-06-15 14:34 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-06-15 14:33 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-06-15 14:33 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-06-15 06:47 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2006-09-13 05:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2007-07-26 19:52 . 2007-08-21 21:10 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-26 19:52 . 2007-08-21 21:10 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-26 19:52 . 2007-08-21 21:10 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-07-26 19:52 . 2007-08-21 21:10 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-07-26 19:52 . 2007-08-21 21:10 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-29 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-12-15 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"CHotkey"="zHotkey.exe" [2003-06-03 496640]
"SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"PVR Agent"="c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe" [2005-04-13 751104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-12 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Chris\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2008-10-21 106551]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2004-6-15 1742384]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-5-1 118784]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
Remote Control.lnk - c:\program files\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe [2008-9-11 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-12 09:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^J@CK TV.lnk]
path=c:\documents and settings\Chris\Start Menu\Programs\Startup\J@CK TV.lnk
backup=c:\windows\pss\J@CK TV.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Celtx\\celtx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Save Tube Video Company\\SaveTubeVideoBurn\\downloader.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"= 50000:TCP:Azureus1
"50001:UDP"= 50001:UDP:Azureus2
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/08/2010 10:17 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/08/2010 10:18 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 09:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 09:43 74480]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15/06/2004 15:34 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/08/2010 10:15 308136]
R3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [11/09/2008 21:19 28512]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/03/2010 21:19 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [15/06/2004 15:34 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 09:43 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:19]

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:19]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3089717478-2898385862-2090695895-1009Core.job
- c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-27 17:32]

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3089717478-2898385862-2090695895-1009UA.job
- c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-27 17:32]

2010-09-01 c:\windows\Tasks\User_Feed_Synchronization-{C3D03F10-885E-421E-B274-E5E3C94C4FA8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{E1C956BA-1F5C-41BD-9E9C-09F6478D5444}
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {4F1D0C59-5ECC-4028-87F3-482191D2230F} - hxxp://134.226.124.250/activex/AMC.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.61.63.218/activex/AMC.cab
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://ip-caseville.greatlakescam.com/user/TSBnwCam.CAB
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\nmyr175q.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.bigseekpro.com/hypercam/{97855B68-C8D4-1174-3E42-9A1858BB901B}
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 11:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WlNotify.dll

- - - - - - - > 'explorer.exe'(5524)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-01 11:28:04
ComboFix-quarantined-files.txt 2010-09-01 10:28
ComboFix2.txt 2009-12-03 15:41

Pre-Run: 6,272,233,472 bytes free
Post-Run: 7,268,347,904 bytes free

- - End Of File - - D44254E7A53F47D76DF3ABAF3CC09AB4



As regards the peer to peer program I use, I only download legal live bootlegs from bands that actively encourage it and from safe community websites.
Thanks for your help,
Chris

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:31 PM

Posted 01 September 2010 - 08:02 AM

1. We need to execute a ComboFix script. (Tutorials on how to disable your anti virus and anti malware programs can be found HERE.)
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

CODE
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-

DDS::
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


4. Save this as CFScript.txt, in the same location as ComboFix.exe




5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




2. Please download Malwarebytes' Anti-Malware from here:
MalwareBytes' AntiMalware download link

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 Christo82

Christo82
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 02 September 2010 - 04:08 AM

Here is the CF log:

ComboFix 10-08-31.02 - Chris 02/09/2010 8:51.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.202 [GMT 1:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-08-25 01:13 . 2010-08-25 01:13 -------- d-----w- C:\THE GOLD RUSH BONUS
2010-08-13 07:51 . 2010-08-13 07:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-12 09:46 . 2010-08-12 09:46 -------- d-----w- c:\program files\uTorrent
2010-08-12 09:45 . 2010-08-30 09:20 -------- d-----w- c:\documents and settings\Chris\Application Data\uTorrent
2010-08-12 09:18 . 2010-08-12 09:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-12 09:18 . 2010-08-12 09:18 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-12 09:17 . 2010-08-12 09:17 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-12 09:17 . 2010-08-12 09:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-12 09:17 . 2010-09-02 07:35 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-12 09:00 . 2010-08-12 09:00 -------- d-----w- C:\AVGTemp
2010-08-12 08:35 . 2010-08-12 08:35 -------- d-----w- c:\program files\NOS
2010-08-11 02:08 . 2010-08-11 02:08 -------- d-----w- C:\AVATAR
2010-08-10 11:16 . 2004-08-04 05:29 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2010-08-10 11:15 . 2001-08-17 21:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-08-10 11:14 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2010-08-10 11:13 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-08-10 11:12 . 2001-08-17 12:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2010-08-10 11:11 . 2008-04-13 18:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-08-10 11:11 . 2001-08-17 21:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-08-10 11:11 . 2001-08-17 12:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-08-10 11:11 . 2001-08-17 11:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-08-10 11:11 . 2001-08-17 12:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-08-10 11:11 . 2001-08-17 12:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-08-10 11:09 . 2008-04-13 18:41 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2010-08-10 11:08 . 2008-04-13 18:36 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2010-08-10 11:07 . 2001-08-17 11:19 283904 -c--a-w- c:\windows\system32\dllcache\emu10k1m.sys
2010-08-10 11:06 . 2001-08-17 11:19 3072 -c--a-w- c:\windows\system32\dllcache\cwbase.sys
2010-08-10 11:05 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-08-10 11:04 . 2001-08-17 21:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-08-10 10:29 . 2001-08-17 13:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-08-06 18:01 . 2010-08-06 18:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-08-04 17:48 . 2010-08-04 17:48 -------- d-----w- c:\documents and settings\Administrator\Tracing
2010-08-03 21:04 . 2010-08-03 21:04 -------- d-----w- c:\program files\NirSoft
2010-08-03 09:03 . 2010-08-03 09:03 -------- d-----w- c:\program files\Magical Jelly Bean

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 08:17 . 2010-01-23 22:51 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-01 21:52 . 2008-05-09 00:06 -------- d-----w- c:\program files\PokerStars
2010-08-27 08:46 . 2010-05-16 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-27 08:46 . 2007-08-28 16:04 -------- d-----w- c:\program files\DivX
2010-08-23 02:44 . 2007-10-24 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-08-17 08:00 . 2004-06-15 07:50 -------- d-----w- c:\program files\QuickTime
2010-08-17 07:59 . 2008-04-24 10:03 -------- d-----w- c:\program files\Common Files\Apple
2010-08-12 09:46 . 2007-04-07 18:42 -------- d-----w- c:\documents and settings\Chris\Application Data\Azureus
2010-08-12 09:13 . 2010-03-21 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-12 08:38 . 2010-08-02 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-07 07:20 . 2007-04-06 19:19 -------- d-----w- c:\program files\Azureus
2010-08-06 14:10 . 2009-03-26 17:41 4240 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-02 18:13 . 2010-07-12 09:58 -------- d-----w- c:\program files\NetMeter
2010-08-02 18:10 . 2009-09-20 09:18 -------- d-----w- c:\program files\Vuze
2010-07-16 11:36 . 2007-04-21 09:55 128096 ----a-w- c:\documents and settings\Mary\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-07 07:57 . 2007-04-06 19:20 -------- d-----w- c:\program files\Java
2010-06-30 12:31 . 2004-06-15 14:33 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-06-23 10:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-06-15 14:34 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-06-15 14:33 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-06-15 14:33 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-06-15 06:47 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2006-09-13 05:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2007-07-26 19:52 . 2007-08-21 21:10 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-26 19:52 . 2007-08-21 21:10 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-26 19:52 . 2007-08-21 21:10 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-07-26 19:52 . 2007-08-21 21:10 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-07-26 19:52 . 2007-08-21 21:10 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-29 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-12-15 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"CHotkey"="zHotkey.exe" [2003-06-03 496640]
"SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"PVR Agent"="c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe" [2005-04-13 751104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-12 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Chris\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2008-10-21 106551]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2004-6-15 1742384]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-5-1 118784]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
Remote Control.lnk - c:\program files\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe [2008-9-11 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-12 09:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^J@CK TV.lnk]
path=c:\documents and settings\Chris\Start Menu\Programs\Startup\J@CK TV.lnk
backup=c:\windows\pss\J@CK TV.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Celtx\\celtx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Save Tube Video Company\\SaveTubeVideoBurn\\downloader.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"= 50000:TCP:Azureus1
"50001:UDP"= 50001:UDP:Azureus2
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/08/2010 10:17 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/08/2010 10:18 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 09:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 09:43 74480]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15/06/2004 15:34 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/08/2010 10:15 308136]
R3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [11/09/2008 21:19 28512]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/03/2010 21:19 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [15/06/2004 15:34 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 09:43 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:19]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:19]

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3089717478-2898385862-2090695895-1009Core.job
- c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-27 17:32]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3089717478-2898385862-2090695895-1009UA.job
- c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-27 17:32]

2010-09-02 c:\windows\Tasks\User_Feed_Synchronization-{C3D03F10-885E-421E-B274-E5E3C94C4FA8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{E1C956BA-1F5C-41BD-9E9C-09F6478D5444}
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {4F1D0C59-5ECC-4028-87F3-482191D2230F} - hxxp://134.226.124.250/activex/AMC.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.61.63.218/activex/AMC.cab
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://ip-caseville.greatlakescam.com/user/TSBnwCam.CAB
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\nmyr175q.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.bigseekpro.com/hypercam/{97855B68-C8D4-1174-3E42-9A1858BB901B}
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-02 09:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL

- - - - - - - > 'explorer.exe'(3296)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-02 09:28:14
ComboFix-quarantined-files.txt 2010-09-02 08:28
ComboFix2.txt 2010-09-01 10:28
ComboFix3.txt 2009-12-03 15:41

Pre-Run: 7,162,515,456 bytes free
Post-Run: 7,228,817,408 bytes free

- - End Of File - - BCC96C83BB03992CA3D0C09942919FB4


And here is the MBAM log:

Malwarebytes' Anti-Malware 1.43
Database version: 3468
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/09/2010 10:05:24
mbam-log-2010-09-02 (10-05-24).txt

Scan type: Quick Scan
Objects scanned: 192943
Time elapsed: 31 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thank you

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:31 PM

Posted 02 September 2010 - 04:29 AM

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 Christo82

Christo82
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 05 September 2010 - 09:05 AM

I've tried running this scan several times, but it keeps ending up freezing at different files, probably down to my poor processor and RAM. The furthest it got was 67%, and was scanning the Program files at the time. Up to this point it had found 4 threats:

'Probably a variant of Win32/Agent.KDDGVMK trojan'
'Probably a variant of Win32/Agent.JAMZZKT trojan'
'Probably a variant of Win32/Agent.JAMZZKT trojan'
'Probably a variant of Win32/Agent.GPMVPCJ trojan'

I don't know how much help this information is to you. Hopefully of some help.

Thanks

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:31 PM

Posted 05 September 2010 - 09:22 AM

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.  
  • Reboot your computer into SafeMode.
    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 Christo82

Christo82
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 06 September 2010 - 02:31 PM

Here is the list of virus/malware:

Autoscan: completed 6 minutes ago (events: 18, objects: 947550, time: 10:27:31)
06/09/2010 09:39:57 Task started
06/09/2010 09:44:00 Detected: Virus.Win32.TDSS.b C:\WINDOWS\System32\drivers\intelide.sys
06/09/2010 09:50:16 Disinfected: Virus.Win32.TDSS.b C:\WINDOWS\System32\drivers\intelide.sys
06/09/2010 09:50:17 Disinfected: Virus.Win32.TDSS.b C:\WINDOWS\System32\drivers\intelide.sys
06/09/2010 14:13:07 Detected: Net-Worm.Win32.Kolabc.ifh C:\Documents and Settings\Chris\My Documents\Steinberg Cubase SX v2.2\Steinberg Cubase SX v2.2\Cubase SX v2.2 FULL.iso/Crack/synsoacc.dll/NeoLite
06/09/2010 15:02:01 Deleted: Net-Worm.Win32.Kolabc.ifh C:\Documents and Settings\Chris\My Documents\Steinberg Cubase SX v2.2\Steinberg Cubase SX v2.2\Cubase SX v2.2 FULL.iso
06/09/2010 17:53:02 Detected: Trojan-Dropper.Win32.Delf.fgn C:\Program Files\Dvd-cloner\Dvd-cloner4.exe/UPX
06/09/2010 17:57:15 Deleted: Trojan-Dropper.Win32.Delf.fgn C:\Program Files\Dvd-cloner\Dvd-cloner4.exe
06/09/2010 18:26:28 Detected: Net-Worm.Win32.Kolabc.ifh C:\Program Files\Steinberg\Cubase SX\synsoacc.dll/NeoLite
06/09/2010 18:36:02 Deleted: Net-Worm.Win32.Kolabc.ifh C:\Program Files\Steinberg\Cubase SX\synsoacc.dll
06/09/2010 19:01:46 Detected: Virus.Win32.TDSS.b C:\System Volume Information\_restore{F3CAB467-0DFF-45C7-AD76-A5067FF759EA}\RP1273\A0342788.sys
06/09/2010 19:01:47 Disinfected: Virus.Win32.TDSS.b C:\System Volume Information\_restore{F3CAB467-0DFF-45C7-AD76-A5067FF759EA}\RP1273\A0342788.sys
06/09/2010 19:01:47 Detected: Net-Worm.Win32.Kolabc.ifh C:\System Volume Information\_restore{F3CAB467-0DFF-45C7-AD76-A5067FF759EA}\RP1273\A0342790.dll/NeoLite
06/09/2010 19:01:48 Disinfected: Virus.Win32.TDSS.b C:\System Volume Information\_restore{F3CAB467-0DFF-45C7-AD76-A5067FF759EA}\RP1273\A0342788.sys
06/09/2010 19:01:53 Detected: Trojan-Dropper.Win32.Delf.fgn C:\System Volume Information\_restore{F3CAB467-0DFF-45C7-AD76-A5067FF759EA}\RP1273\A0342789.exe/UPX
06/09/2010 19:46:06 Deleted: Net-Worm.Win32.Kolabc.ifh C:\System Volume Information\_restore{F3CAB467-0DFF-45C7-AD76-A5067FF759EA}\RP1273\A0342790.dll
06/09/2010 19:46:29 Deleted: Trojan-Dropper.Win32.Delf.fgn C:\System Volume Information\_restore{F3CAB467-0DFF-45C7-AD76-A5067FF759EA}\RP1273\A0342789.exe
06/09/2010 20:07:29 Task completed


#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:31 PM

Posted 07 September 2010 - 07:35 AM

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  1. Extract the zip file to its own folder.
  2. Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  3. Click Start scan to start scanning.
  4. If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  5. Click on Report to generate a log.
  6. Please post that log when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 Christo82

Christo82
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 08 September 2010 - 03:46 AM

hey, here is the log. No Infections found

2010/09/08 09:43:23.0609 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/08 09:43:23.0609 ================================================================================
2010/09/08 09:43:23.0609 SystemInfo:
2010/09/08 09:43:23.0609
2010/09/08 09:43:23.0609 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/08 09:43:23.0609 Product type: Workstation
2010/09/08 09:43:23.0609 ComputerName: ODWCOMPUTER
2010/09/08 09:43:23.0609 UserName: Chris
2010/09/08 09:43:23.0609 Windows directory: C:\WINDOWS
2010/09/08 09:43:23.0609 System windows directory: C:\WINDOWS
2010/09/08 09:43:23.0609 Processor architecture: Intel x86
2010/09/08 09:43:23.0609 Number of processors: 1
2010/09/08 09:43:23.0609 Page size: 0x1000
2010/09/08 09:43:23.0609 Boot type: Normal boot
2010/09/08 09:43:23.0609 ================================================================================
2010/09/08 09:43:24.0328 Initialize success
2010/09/08 09:43:39.0562 ================================================================================
2010/09/08 09:43:39.0562 Scan started
2010/09/08 09:43:39.0562 Mode: Manual;
2010/09/08 09:43:39.0562 ================================================================================
2010/09/08 09:43:41.0828 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/09/08 09:43:42.0031 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/08 09:43:42.0187 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/08 09:43:42.0375 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/08 09:43:42.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/08 09:43:42.0609 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/08 09:43:43.0000 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2010/09/08 09:43:43.0250 ALCXWDM (4dd2c10fc6434fedcb7c71fbdc1f107a) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/09/08 09:43:43.0484 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/08 09:43:43.0843 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2010/09/08 09:43:43.0968 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/08 09:43:44.0140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/08 09:43:44.0359 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/09/08 09:43:44.0593 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/08 09:43:44.0734 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/08 09:43:44.0953 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/09/08 09:43:45.0046 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys
2010/09/08 09:43:45.0203 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/09/08 09:43:45.0343 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/09/08 09:43:45.0406 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/09/08 09:43:45.0515 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/08 09:43:45.0750 BlueletAudio (852a1bd08e7dfeb9e30b5440881c0501) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
2010/09/08 09:43:45.0890 BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
2010/09/08 09:43:45.0953 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2010/09/08 09:43:46.0031 Btcsrusb (da473d279420234170da795f1cad4479) C:\WINDOWS\system32\Drivers\btcusb.sys
2010/09/08 09:43:46.0171 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys
2010/09/08 09:43:46.0265 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
2010/09/08 09:43:46.0437 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
2010/09/08 09:43:46.0656 Cap7134 (cd40d79d2037224068502436b15384e5) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
2010/09/08 09:43:46.0984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/08 09:43:47.0156 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/08 09:43:47.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/08 09:43:47.0484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/08 09:43:47.0593 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/08 09:43:47.0921 CnxTrLan (d1b80ebca699c5f059e7a79fa122baee) C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys
2010/09/08 09:43:48.0078 CnxTrUsb (b8f24a0a1b1b26b62e6da44099433bc8) C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys
2010/09/08 09:43:48.0406 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/08 09:43:48.0531 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/08 09:43:48.0734 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/08 09:43:48.0843 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/08 09:43:48.0953 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/08 09:43:49.0171 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/08 09:43:49.0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/08 09:43:49.0531 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/08 09:43:49.0703 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/08 09:43:49.0937 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/08 09:43:50.0093 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/08 09:43:50.0312 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/09/08 09:43:50.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/08 09:43:50.0500 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/08 09:43:50.0625 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/09/08 09:43:50.0750 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/08 09:43:50.0968 hcwPP2 (1419517f08acf738f1e37e2095693293) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
2010/09/08 09:43:51.0218 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/08 09:43:51.0515 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/08 09:43:51.0734 ialm (3db0a9c35a5cf76386aadceda014e5e6) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/09/08 09:43:51.0984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/08 09:43:52.0187 InCDfs (d8a77fc386f9297ce4b692fc83b4ba02) C:\WINDOWS\system32\drivers\InCDfs.sys
2010/09/08 09:43:52.0843 InCDPass (433bb499bcea1c88b55aa67d1b3ef1dc) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2010/09/08 09:43:52.0984 InCDrec (12dbb035cd2ed0313fab864470f31c23) C:\WINDOWS\system32\drivers\InCDrec.sys
2010/09/08 09:43:53.0140 incdrm (9d1adfe6ce5c2e2a42f3b8aa57821d87) C:\WINDOWS\system32\drivers\incdrm.sys
2010/09/08 09:43:53.0359 IntelIde (97058f425ba5a37a454ec16f79e28e32) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/08 09:43:53.0593 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/08 09:43:53.0687 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/08 09:43:53.0828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/08 09:43:54.0015 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/08 09:43:54.0125 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/08 09:43:54.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/08 09:43:54.0437 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/08 09:43:54.0625 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/08 09:43:54.0687 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/08 09:43:54.0906 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/08 09:43:55.0000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/08 09:43:55.0265 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/08 09:43:55.0421 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/08 09:43:55.0578 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/09/08 09:43:55.0718 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/08 09:43:55.0796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/08 09:43:55.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/08 09:43:56.0062 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/08 09:43:56.0328 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/09/08 09:43:56.0453 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/08 09:43:56.0687 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/08 09:43:56.0937 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/08 09:43:57.0078 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/08 09:43:57.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/08 09:43:57.0250 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys
2010/09/08 09:43:57.0484 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/08 09:43:57.0859 Mtlmnt5 (1216d4313e1860da4bc449ae3ca2dec5) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2010/09/08 09:43:58.0187 Mtlstrm (130992c33bc9161b17211793dafc95be) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2010/09/08 09:43:58.0421 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/08 09:43:58.0625 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/08 09:43:58.0796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/08 09:43:59.0015 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/08 09:43:59.0218 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/08 09:43:59.0406 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/08 09:43:59.0546 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/08 09:43:59.0734 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/08 09:43:59.0906 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/08 09:44:00.0000 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/08 09:44:00.0234 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/08 09:44:00.0390 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/09/08 09:44:00.0562 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/08 09:44:00.0687 Nsynas32 (4b4a21e158c039ee0888741bfe1d24e0) C:\WINDOWS\system32\drivers\Nsynas32.sys
2010/09/08 09:44:00.0953 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/08 09:44:01.0156 NtMtlFax (1b073810ee2270cac9e532d1bcd826cf) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2010/09/08 09:44:01.0375 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/08 09:44:01.0500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/08 09:44:01.0625 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/08 09:44:01.0750 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/08 09:44:01.0921 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/08 09:44:02.0078 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/08 09:44:02.0234 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/08 09:44:02.0359 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/08 09:44:02.0656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/08 09:44:02.0890 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/08 09:44:03.0406 PhTVTune (048dc9c664facb1a60ebf352013ee414) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
2010/09/08 09:44:03.0562 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/08 09:44:03.0718 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/08 09:44:03.0906 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/08 09:44:04.0062 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/08 09:44:04.0265 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/08 09:44:04.0640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/08 09:44:04.0750 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/08 09:44:04.0921 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/08 09:44:05.0031 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/08 09:44:05.0218 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/08 09:44:05.0359 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/08 09:44:05.0562 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/08 09:44:05.0750 RecAgent (822bf566b72cae7ca1d93b69bd706075) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
2010/09/08 09:44:05.0937 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/08 09:44:06.0187 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/08 09:44:06.0421 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
2010/09/08 09:44:06.0656 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/08 09:44:06.0843 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/09/08 09:44:07.0093 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/09/08 09:44:07.0406 SCDEmu (85a26c37b91b1187550c99b046840691) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/09/08 09:44:07.0593 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/08 09:44:07.0750 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/08 09:44:07.0875 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/08 09:44:08.0031 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/08 09:44:08.0265 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/08 09:44:08.0453 Slntamr (6f09397beb4cc95a2466e8780f2d4587) C:\WINDOWS\system32\DRIVERS\slntamr.sys
2010/09/08 09:44:08.0609 SlNtHal (daa2b185b94d955fd8ebbf163418b7a7) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2010/09/08 09:44:08.0843 SlWdmSup (97d37e0af55256bf7307805654dfd472) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2010/09/08 09:44:09.0078 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/08 09:44:09.0156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/08 09:44:09.0312 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/08 09:44:09.0593 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/08 09:44:09.0765 SunkFilt (d8cbd8b4bf4dc9cd64b5cc8e2bec1b96) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2010/09/08 09:44:09.0953 SunkFilt39 (fabcc3bec89a2853958cefb28943c470) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
2010/09/08 09:44:10.0109 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/08 09:44:10.0250 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/08 09:44:10.0593 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/08 09:44:10.0734 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/08 09:44:10.0921 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/08 09:44:11.0093 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/08 09:44:11.0281 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/08 09:44:11.0500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/08 09:44:11.0781 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/08 09:44:11.0937 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/08 09:44:12.0140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/08 09:44:12.0296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/08 09:44:12.0515 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/08 09:44:12.0718 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/08 09:44:12.0890 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/08 09:44:13.0062 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/08 09:44:13.0312 VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys
2010/09/08 09:44:13.0421 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys
2010/09/08 09:44:13.0500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/08 09:44:13.0828 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
2010/09/08 09:44:13.0984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/08 09:44:14.0140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/08 09:44:14.0296 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/09/08 09:44:14.0531 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/08 09:44:14.0718 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/09/08 09:44:14.0968 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/08 09:44:15.0109 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/08 09:44:15.0281 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/08 09:44:15.0453 {6080A529-897E-4629-A488-ABA0C29B635E} (9c4b8ead60c0ce09c0fcf49f6788bb19) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/09/08 09:44:15.0656 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (5867ce254625645345c833510d24f124) C:\Program Files\CyberLink\PowerDVD\000.fcl
2010/09/08 09:44:15.0843 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (dfebdcc9e3678fad34b14867c47c1036) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/09/08 09:44:16.0015 ================================================================================
2010/09/08 09:44:16.0015 Scan finished
2010/09/08 09:44:16.0015 ================================================================================


Thanks

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:31 PM

Posted 08 September 2010 - 04:20 AM

How's the computer running?


If you're having some issues running GMER in normal windows, please try it in safe mode. How to boot in safe mode -> http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Download GMER Rootkit Scanner from here.
  • Extract the contents of the zipped file to the desktop.
  • Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO.
  • In the right panel you will see several boxes that have been checked. Unchecked the following checkboxes:
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Now click on the Scan button and wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.
  • Post the contents of that report when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 Christo82

Christo82
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 08 September 2010 - 10:54 AM

hey Sempai, at the moment I suppose my computer's running okay. It doesn't crash as much and is reasonably responsive.

I tried to run GMER in normal mode, but it caused a reboot, so I ran it in Safe Mode and it finished. When i tried to save the Log first of all it said 'Insufficient system resources to complete this task', but then it went to the normal save screen and I hit save on the desktop. But looking at it the desktop, there's no file. I managed to write down what it had found. Here is the list:

init C:\Windows\System32\Drivers\Sunkfilt.sys 0xF8815300
file C:\Windows\$hf_mig$\KB979482\update\branches.inf
file C:\Windows\$hf_mig$\KB979482\update\eula.txt
file C:\Windows\$hf_mig$\KB979482\update\KB979482.CAT
file C:\Windows\$hf_mig$\KB979482\update\spcustom.dll
file C:\Windows\$hf_mig$\KB979482\update\update.exe
file C:\Windows\$hf_mig$\KB979482\update\update.ver
file C:\Windows\$hf_mig$\KB979482\update\updatebr.inf
file C:\Windows\$hf_mig$\KB979482\update\update_SP3QFE.inf
file C:\Windows\$hf_mig$\KB979482\update\updspapi.dll

Thanks

Edited by Christo82, 08 September 2010 - 10:54 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users