Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows xp problem only when connected to internet


  • This topic is locked This topic is locked
6 replies to this topic

#1 tbird4

tbird4

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 22 September 2010 - 07:24 AM

hi, i have a confusing problem on my Dell Inspiron laptop with Windows XP that i originally thought was caused by overheating. the computer will randomly lock up, and no buttons, including CTRL-ALT-DEL, will work. a few times the termination blue screen ("blue screen of death") will show, but mostly the current screen just freezes. my only recourse is to hit the power button and reboot.

however, after running the software in safe mode or unplugging my internet connection, it appears that i have no problems. this suggests a software problem, not the hardware problem that i originally thought. but nothing in the Event Viewer log or HijackThis log or Combofix log looks suspicious, with the possible exceptions of JRSUKD25.SYS and JRSKD24.SYS. problems began from about September 10-15.

a possibly related problem is that i had a spam bot capture my MSN hotmail contact addresses and send spam mail. but i have since changed my hotmail password seem no longer to have that problem.

the logs are shown below:

Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 22/09/2010
Time: 01:23:46
User: N/A
Computer: TBIRD
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x100000d1 (0xcccccccc, 0x000000ff, 0x00000000, 0xcccccccc). A dump was saved in: C:\WINDOWS\Minidump\Mini092210-01.dmp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 20/09/2010
Time: 21:53:34
User: N/A
Computer: TBIRD
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x100000d1 (0x448bffdf, 0x000000ff, 0x00000000, 0x448bffdf). A dump was saved in: C:\WINDOWS\Minidump\Mini092010-01.dmp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 16/09/2010
Time: 02:07:35
User: N/A
Computer: TBIRD
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x100000d1 (0x978aad1e, 0x000000ff, 0x00000001, 0x8931201c). A dump was saved in: C:\WINDOWS\Minidump\Mini091610-01.dmp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 15/09/2010
Time: 17:05:58
User: N/A
Computer: TBIRD
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x100000d1 (0x00000000, 0x000000ff, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini091510-01.dmp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 14/09/2010
Time: 01:31:38
User: N/A
Computer: TBIRD
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x100000d1 (0x00000000, 0x000000ff, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini091410-01.dmp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 16/09/2010
Time: 03:16:21
User: N/A
Computer: TBIRD
Description:
Error code 100000d1, parameter1 978aad1e, parameter2 000000ff, parameter3 00000001, parameter4 8931201c.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 64 100000d
0020: 31 20 20 50 61 72 61 6d 1 Param
0028: 65 74 65 72 73 20 39 37 eters 97
0030: 38 61 61 64 31 65 2c 20 8aad1e,
0038: 30 30 30 30 30 30 66 66 000000ff
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 31 2c 20 38 39 33 31 01, 8931
0050: 32 30 31 63 201c

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 16/09/2010
Time: 01:57:21
User: N/A
Computer: TBIRD
Description:
Error code 100000d1, parameter1 00000000, parameter2 000000ff, parameter3 00000000, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 64 100000d
0020: 31 20 20 50 61 72 61 6d 1 Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 30 30 30 30 30 30 2c 20 000000,
0038: 30 30 30 30 30 30 66 66 000000ff
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 30 2c 20 30 30 30 30 00, 0000
0050: 30 30 30 30 0000

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 14/09/2010
Time: 01:37:04
User: N/A
Computer: TBIRD
Description:
Error code 100000d1, parameter1 00000000, parameter2 000000ff, parameter3 00000000, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 64 100000d
0020: 31 20 20 50 61 72 61 6d 1 Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 30 30 30 30 30 30 2c 20 000000,
0038: 30 30 30 30 30 30 66 66 000000ff
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 30 2c 20 30 30 30 30 00, 0000
0050: 30 30 30 30 0000
_____________________________________________________________________________________

ComboFix 10-09-17.04 - Thomas Bishop 22/09/2010 3:33.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1279.664 [GMT -7:00]
Running from: c:\documents and settings\Thomas Bishop\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
.

2010-09-22 10:30 . 2010-09-22 10:31 -------- dc----w- C:\32788R22FWJFW
2010-09-19 23:10 . 2010-09-21 04:56 664 -c--a-w- c:\windows\system32\d3d9caps.dat
2010-09-19 12:53 . 2010-09-19 12:53 -------- dc----w- c:\windows\HNSX27CHMRW16BGL
2010-09-16 09:29 . 2010-09-16 09:29 -------- dc----w- c:\program files\SIW
2010-09-14 09:34 . 2010-09-14 09:34 388096 -c--a-r- c:\documents and settings\Thomas Bishop\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-05 04:02 . 2010-09-05 04:02 -------- dc----w- c:\program files\iPod
2010-09-05 03:53 . 2010-09-05 03:55 -------- dc----w- c:\program files\QuickTime
2010-09-05 03:45 . 2010-09-05 03:45 73000 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-01 02:38 . 2010-07-09 14:26 475136 -c--a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
2010-09-01 02:38 . 2010-07-02 14:25 1118208 -c--a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll
2010-09-01 02:38 . 2010-07-02 14:25 60416 -c--a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll
2010-09-01 02:37 . 2010-08-17 18:10 372736 -c--a-w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 08:09 . 2004-08-05 22:02 -------- dc----w- c:\documents and settings\Thomas Bishop\Application Data\MSN6
2010-09-19 12:49 . 2005-04-17 22:41 -------- dc----w- c:\documents and settings\Thomas Bishop\Application Data\Skype
2010-09-19 12:48 . 2009-02-06 10:15 -------- dc----w- c:\documents and settings\Thomas Bishop\Application Data\skypePM
2010-09-18 10:13 . 2009-09-02 01:48 -------- dc----w- c:\program files\Spybot - Search & Destroy
2010-09-14 09:34 . 2009-08-28 01:54 -------- dc----w- c:\program files\Trend Micro
2010-09-08 05:59 . 2008-10-30 00:11 12728 -c--a-w- c:\windows\system32\JRSUKD25.SYS
2010-09-08 05:59 . 2007-10-29 03:31 35512 -c--a-w- c:\windows\system32\JRSKD24.sys
2010-09-05 04:04 . 2004-09-13 00:10 -------- dc----w- c:\program files\iTunes
2010-09-05 04:02 . 2010-08-16 06:03 -------- dc----w- c:\program files\Common Files\Apple
2010-09-04 13:40 . 2004-07-24 04:11 -------- dc----w- c:\documents and settings\All Users\Application Data\Dell
2010-08-17 13:17 . 2004-03-19 22:43 58880 -c--a-w- c:\windows\system32\spoolsv.exe
2010-08-16 06:04 . 2006-11-19 00:30 -------- dc----w- c:\program files\Apple Software Update
2010-08-16 03:31 . 2009-08-28 02:25 -------- dc----w- c:\program files\Panda Security
2010-08-08 02:08 . 2004-07-24 04:03 -------- dc----w- c:\program files\Common Files\Java
2010-08-08 02:07 . 2004-07-24 04:03 -------- dc----w- c:\program files\Java
2010-08-07 04:56 . 2010-08-07 04:56 61440 -c--a-w- c:\documents and settings\Thomas Bishop\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4ad1de12-n\decora-sse.dll
2010-08-07 04:56 . 2010-08-07 04:56 503808 -c--a-w- c:\documents and settings\Thomas Bishop\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-447fd392-n\msvcp71.dll
2010-08-07 04:56 . 2010-08-07 04:56 499712 -c--a-w- c:\documents and settings\Thomas Bishop\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-447fd392-n\jmc.dll
2010-08-07 04:56 . 2010-08-07 04:56 348160 -c--a-w- c:\documents and settings\Thomas Bishop\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-447fd392-n\msvcr71.dll
2010-08-07 04:56 . 2010-08-07 04:56 12800 -c--a-w- c:\documents and settings\Thomas Bishop\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4ad1de12-n\decora-d3d.dll
2010-08-02 03:03 . 2009-03-28 10:34 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-02 02:04 . 2009-08-08 17:47 -------- dc----w- c:\program files\Norton Utilities 14
2010-07-22 15:49 . 2004-03-06 02:16 590848 -c--a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 06:48 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 12:00 . 2010-07-23 12:37 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-03-30 01:48 149504 -c--a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-24 01:32 916480 -c--a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-09-18_15.17.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-22 09:45 . 2010-09-22 09:45 16384 c:\windows\Temp\Perflib_Perfdata_1b0.dat
+ 2010-09-22 09:45 . 2010-09-22 09:45 16384 c:\windows\Temp\Perflib_Perfdata_194.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2003-03-31 44032]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
1-Click Answers.lnk - c:\program files\1-Click Answers\answers.exe [2005-1-28 806912]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-10-10 01:57 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 16:43 53248 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 15:32 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2003-03-31 10:00 59392 -c--a-w- c:\windows\SYSTEM32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonUtilities]
2009-08-09 01:25 3831144 -c--a-w- c:\program files\Norton Utilities 14\nu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSWosCheck]
2008-09-25 21:52 160112 -c--a-w- c:\program files\Norton SystemWorks Basic Edition\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NswUiTray]
2008-09-25 21:52 85360 -c--a-w- c:\program files\Norton SystemWorks Basic Edition\NswUiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 03:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Syworks\\SafeNet\\SNLoader.exe"=
"c:\\Program Files\\Syworks\\SafeNet\\SafeNet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\SymEFA.sys [27/01/2010 20:24 310320]
R0 SYWORKS;SYWORKS;c:\windows\SYSTEM32\DRIVERS\Syworks.sys [25/12/2007 23:36 36352]
R1 AMonTDnt;AMonTDnt;c:\windows\SYSTEM32\DRIVERS\AmonTDNt.sys [18/08/2008 22:15 95592]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\BHDrvx86.sys [27/01/2010 20:24 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\cchpx86.sys [27/01/2010 20:23 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100920.001\IDSXpx86.sys [22/09/2010 01:59 331640]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [27/01/2010 20:23 117640]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [25/09/2008 14:53 95600]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 01:57 102448]
S2 SNService;SafeNET Client Service;c:\program files\Syworks\SafeNet\SNService.exe [25/12/2007 23:36 32768]
S3 CdmDrvNt;CdmDrvNt;c:\windows\SYSTEM32\DRIVERS\CdmDrvNt.sys [18/08/2008 22:15 19616]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys --> c:\windows\system32\DRIVERS\CSVirtA.sys [?]
S3 JRSKD24;JRSKD24;c:\windows\SYSTEM32\JRSKD24.sys [28/10/2007 20:31 35512]
S3 JRSUKD24;JRSUKD24;c:\windows\SYSTEM32\JRSUKD24.sys [28/10/2007 20:31 6784]
S3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [18/08/2008 22:15 101368]
S3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [18/08/2008 22:15 121536]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\SYSTEM32\DRIVERS\pcx500.sys [17/11/2006 13:04 169984]

--- Other Services/Drivers In Memory ---

*Deregistered* - cpuz134
.
Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-09-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]

2010-07-19 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Basic Edition\OBC.exe [2008-09-25 21:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = localhost;*.local
IE: Answers... - file://c:\program files\1-Click Answers\Html\atiemenu.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: icampus.ac.kr
Trusted Zone: skku.ac.kr
Trusted Zone: skku.edu
Trusted Zone: skku.edu\portal
TCP: {C5C93072-671A-4093-96EC-2110BEC1AB63} = 115.145.0.11,168.126.63.1
DPF: {03F49E0E-C43A-4037-BBD6-D681E998A08E} - hxxp://portal.skku.edu/EP/web/common/cabfiles/CM_CodeAx.cab
DPF: {0F026C11-5A66-4C2B-87B5-88DDEBAE72A1} - file:///C:/Documents%20and%20Settings/Thomas%20Bishop/Local%20Settings/Compatible%20LocalLow/TOBESOFT/MiPlatform320U/Setup/Win32U_3.2/vsflex8l.cab
DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBA} - hxxp://ecos.bok.or.kr/miplatform/install/MiPlatform_Updater320_20070614_0910.cab
DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBB} - hxxp://kosis.kr/gen_etl/miplatform/install/MiPlatform_Updater321_20090917_1403.cab
DPF: {1B5EE264-CCAB-48A4-B8DA-04D4BB004CC3} - hxxp://kupis.konkuk.ac.kr/MiKonkuk/kupis_update310/MiUpdater310-20050525_1300.cab
DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20090320.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://admin.skku.edu/co/initech/plugin/down/INIS60.cab
DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - hxxp://download1.answers.com/pub/AnswersSetup.cab
DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} - hxxp://pib.wooribank.com/com/common/SessionControl.cab
DPF: {3BEF2C40-DEE8-4046-AFB7-D602E20CF391} - hxxp://www.nytimes.com/ActiveX/IPAMControl.cab
DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab
DPF: {56299510-C3D6-4A61-B354-F97F3CC3A7F3} - hxxp://mail.skku.edu/cab/AttachDownEx.cab
DPF: {6491E7CB-F83B-4D31-8F99-6384A633FE58} - hxxp://www.mathxl.com/applets/EconCVX.cab
DPF: {67C19373-7A72-463B-8AB2-CBD6DEAC87B5} - hxxp://pib.wooribank.com/ccd/webreport/vista/cab/rxpptype2_en.cab
DPF: {6945949B-6562-420F-A5AD-36701D8E5E51} - hxxp://safenet.hanyang.ac.kr/ActiveX/SafeNetInstaller.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/CKKeyPro/wooribank/CKKeyPro3017_32k.cab
DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} - hxxp://admin.skku.edu/co/jsp/installer/ACUBETrustChecker.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.2.8/xw_install.cab
DPF: {A3F9657A-976F-4719-B370-C6F765728C4B} - hxxp://www.dfsshilla.com/secui/client/SecuiDfsShillaIE.cab
DPF: {A69C034C-75AB-49A0-A3F9-D0F8DCB76E43} - hxxp://admin.skku.edu/co/jsp/installer/SeedClientX.cab
DPF: {CC0270C2-1CB6-43D8-AD3F-02D95132C73C} - hxxp://mail.skku.edu/cab/AttachUpload.cab
DPF: {D279205A-818C-44A7-B3AF-EDB8E75EAF12} - hxxp://mail.skku.edu/customized/skkUniv/activex/HttpFileCtrl.cab
DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} - hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap4Asp_V2_0_0_18.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} - hxxp://www.skku.edu/initech/plugin/INIS50.cab
DPF: {F37520B6-4FBE-4814-9022-9AD83EF3E203} - hxxp://www.wooribank.com/download/RDServer/SmartUpdate.cab
DPF: {FA4D5ED0-2B96-48B7-9A36-69C4FE4F1744} - hxxp://www.kosis.kr/OLAP/cab/OctagonViewer.cab
DPF: {FAB9B41C-87D6-474D-AB7E-F07D78F2422E} - file:///C:/Documents%20and%20Settings/Thomas%20Bishop/Local%20Settings/Compatible%20LocalLow/TOBESOFT/MiPlatform320/Setup/Win32_3.2/teechart7Langs.cab
FF - ProfilePath - c:\documents and settings\Thomas Bishop\Application Data\Mozilla\Firefox\Profiles\ncijz5wm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://sn114w.snt114.mail.live.com/default.aspx?n=1681549455|https://mail.google.com/mail/h/1vdcoby922en7/?shva=1|http://us.mc560.mail.yahoo.com/mc/welcome?.gx=1&.tm=1275959905&.rand=2pr1ns0gdtgt9|http://global.nytimes.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\AhnLab\ASP\Components\aosmgr\conflict_342\npaosmgr.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npINISAFEWeb60.dll
FF - plugin: c:\program files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll
FF - plugin: c:\program files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 03:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1208)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1064)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-09-22 03:46:50
ComboFix-quarantined-files.txt 2010-09-22 10:46

Pre-Run: 17,042,784,256 bytes free
Post-Run: 17,517,486,080 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - AE2EB4737F6713A8C45610ACCC0A44D2

______________________________________________________________________________________


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:19:06, on 22/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\1-CLIC~1\agtserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Syworks\SafeNet\SNService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Answers... - file://C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.icampus.ac.kr
O15 - Trusted Zone: http://*.skku.ac.kr
O15 - Trusted Zone: http://portal.skku.edu
O15 - Trusted Zone: http://*.skku.edu
O16 - DPF: {03F49E0E-C43A-4037-BBD6-D681E998A08E} (CodeAx Class) - http://portal.skku.edu/EP/web/common/cabfiles/CM_CodeAx.cab
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} (Aosmgr Control) - http://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab
O16 - DPF: {0F026C11-5A66-4C2B-87B5-88DDEBAE72A1} (ComponentOne FlexGrid 8.0 (Light)) - file:///C:/Documents%20and%20Settings/Thomas%20Bishop/Local%20Settings/Compatible%20LocalLow/TOBESOFT/MiPlatform320U/Setup/Win32U_3.2/vsflex8l.cab
O16 - DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBA} - http://ecos.bok.or.kr/miplatform/install/M...070614_0910.cab
O16 - DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBB} - http://kosis.kr/gen_etl/miplatform/install...090917_1403.cab
O16 - DPF: {1B5EE264-CCAB-48A4-B8DA-04D4BB004CC3} (CyMiInstaller310 Class) - http://kupis.konkuk.ac.kr/MiKonkuk/kupis_u...050525_1300.cab
O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} (XacsPop Control) - http://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20090320.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://admin.skku.edu/co/initech/plugin/down/INIS60.cab
O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - http://download1.answers.com/pub/AnswersSetup.cab
O16 - DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} (SessionControl Control) - http://pib.wooribank.com/com/common/SessionControl.cab
O16 - DPF: {3BEF2C40-DEE8-4046-AFB7-D602E20CF391} - http://www.nytimes.com/ActiveX/IPAMControl.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {56299510-C3D6-4A61-B354-F97F3CC3A7F3} - http://mail.skku.edu/cab/AttachDownEx.cab
O16 - DPF: {6491E7CB-F83B-4D31-8F99-6384A633FE58} - http://www.mathxl.com/applets/EconCVX.cab
O16 - DPF: {67C19373-7A72-463B-8AB2-CBD6DEAC87B5} - http://pib.wooribank.com/ccd/webreport/vis...xpptype2_en.cab
O16 - DPF: {6945949B-6562-420F-A5AD-36701D8E5E51} - http://safenet.hanyang.ac.kr/ActiveX/SafeNetInstaller.cab
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} (XecureCKKB Class) - http://ck.softforum.co.kr/CKKeyPro/wooriba...Pro3017_32k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126393392840
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://admin.skku.edu/co/jsp/installer/ACUBETrustChecker.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/.../xw_install.cab
O16 - DPF: {819F123A-B24A-4EB8-BED1-B5DFC5CB5194} (ComponentOne VSPrinter 8.0) - file:///C:/Documents%20and%20Settings/Thomas%20Bishop/Local%20Settings/Compatible%20LocalLow/TOBESOFT/MiPlatform320U/Setup/Win32U_3.2/vsprint8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A3F9657A-976F-4719-B370-C6F765728C4B} (SecureSession Class) - http://www.dfsshilla.com/secui/client/SecuiDfsShillaIE.cab
O16 - DPF: {A69C034C-75AB-49A0-A3F9-D0F8DCB76E43} (CSeed Object) - http://admin.skku.edu/co/jsp/installer/SeedClientX.cab
O16 - DPF: {CC0270C2-1CB6-43D8-AD3F-02D95132C73C} - http://mail.skku.edu/cab/AttachUpload.cab
O16 - DPF: {D279205A-818C-44A7-B3AF-EDB8E75EAF12} (HttpFileCtrl Control) - http://mail.skku.edu/customized/skkUniv/ac...ttpFileCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://www.congnamul.com/ActiveX/Release/C...p_V2_0_0_18.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.skku.edu/initech/plugin/INIS50.cab
O16 - DPF: {F37520B6-4FBE-4814-9022-9AD83EF3E203} (RD_SmartUpdate Class) - http://www.wooribank.com/download/RDServer/SmartUpdate.cab
O16 - DPF: {FA4D5ED0-2B96-48B7-9A36-69C4FE4F1744} (OctagonViewer Class) - http://www.kosis.kr/OLAP/cab/OctagonViewer.cab
O16 - DPF: {FAB9B41C-87D6-474D-AB7E-F07D78F2422E} (TeeChart Pro Activex control v7) - file:///C:/Documents%20and%20Settings/Thomas%20Bishop/Local%20Settings/Compatible%20LocalLow/TOBESOFT/MiPlatform320/Setup/Win32_3.2/teechart7Langs.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C93072-671A-4093-96EC-2110BEC1AB63}: NameServer = 115.145.0.11,168.126.63.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SafeNET Client Service (SNService) - Unknown owner - C:\Program Files\Syworks\SafeNet\SNService.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13886 bytes

Edited by tbird4, 23 September 2010 - 01:30 AM.
Moved from XP forum to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:03:04 PM

Posted 28 September 2010 - 10:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

PW

#3 tbird4

tbird4
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 29 September 2010 - 07:57 AM

as requested, here are the logs:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Thomas Bishop at 0:47:46.79 on 29/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1279.656 [GMT -7:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Norton SystemWorks Basic Edition\NswUiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Norton Utilities 14\nu.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\1-Click Answers\answers.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Syworks\SafeNet\SNService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Thomas Bishop\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nytimes.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = localhost;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: 1-Click Answers: {7754c418-f62e-44aa-b169-e719e718bcfd} - c:\progra~1\1-clic~1\ietoolbar\AnswersToolbarU.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [NortonUtilities] c:\program files\norton utilities 14\nu.exe /H
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NswUiTray] c:\program files\norton systemworks basic edition\NswUiTray.exe
mRun: [NSWosCheck] "c:\program files\norton systemworks basic edition\osCheck.exe"
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\1-clic~1.lnk - c:\program files\1-click answers\answers.exe
IE: Answers... - file://c:\program files\1-click answers\html\atiemenu.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: icampus.ac.kr
Trusted Zone: skku.ac.kr
Trusted Zone: skku.edu
Trusted Zone: skku.edu\portal
DPF: {03F49E0E-C43A-4037-BBD6-D681E998A08E} - hxxp://portal.skku.edu/EP/web/common/cabfiles/CM_CodeAx.cab
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab
DPF: {0F026C11-5A66-4C2B-87B5-88DDEBAE72A1} - file:///C:/Documents%20and%20Settings/Thomas%20Bishop/Local%20Settings/Compatible%20LocalLow/TOBESOFT/MiPlatform320U/Setup/Win32U_3.2/vsflex8l.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBA} - hxxp://ecos.bok.or.kr/miplatform/install/MiPlatform_Updater320_20070614_0910.cab
DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBB} - hxxp://kosis.kr/gen_etl/miplatform/install/MiPlatform_Updater321_20090917_1403.cab
DPF: {1B5EE264-CCAB-48A4-B8DA-04D4BB004CC3} - hxxp://kupis.konkuk.ac.kr/MiKonkuk/kupis_update310/MiUpdater310-20050525_1300.cab
DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20090320.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://admin.skku.edu/co/initech/plugin/down/INIS60.cab
DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - hxxp://download1.answers.com/pub/AnswersSetup.cab
DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} - hxxp://pib.wooribank.com/com/common/SessionControl.cab
DPF: {3BEF2C40-DEE8-4046-AFB7-D602E20CF391} - hxxp://www.nytimes.com/ActiveX/IPAMControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://www.mathxl.com/applets/PearsonInstallAsst.cab
DPF: {56299510-C3D6-4A61-B354-F97F3CC3A7F3} - hxxp://mail.skku.edu/cab/AttachDownEx.cab
DPF: {6491E7CB-F83B-4D31-8F99-6384A633FE58} - hxxp://www.mathxl.com/applets/EconCVX.cab
DPF: {67C19373-7A72-463B-8AB2-CBD6DEAC87B5} - hxxp://pib.wooribank.com/ccd/webreport/vista/cab/rxpptype2_en.cab
DPF: {6945949B-6562-420F-A5AD-36701D8E5E51} - hxxp://safenet.hanyang.ac.kr/ActiveX/SafeNetInstaller.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/CKKeyPro/wooribank/CKKeyPro3017_32k.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126393392840
DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} - hxxp://admin.skku.edu/co/jsp/installer/ACUBETrustChecker.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.2.8/xw_install.cab
DPF: {819F123A-B24A-4EB8-BED1-B5DFC5CB5194} - file:///C:/Documents%20and%20Settings/Thomas%20Bishop/Local%20Settings/Compatible%20LocalLow/TOBESOFT/MiPlatform320U/Setup/Win32U_3.2/vsprint8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A3F9657A-976F-4719-B370-C6F765728C4B} - hxxp://www.dfsshilla.com/secui/client/SecuiDfsShillaIE.cab
DPF: {A69C034C-75AB-49A0-A3F9-D0F8DCB76E43} - hxxp://admin.skku.edu/co/jsp/installer/SeedClientX.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CC0270C2-1CB6-43D8-AD3F-02D95132C73C} - hxxp://mail.skku.edu/cab/AttachUpload.cab
DPF: {D279205A-818C-44A7-B3AF-EDB8E75EAF12} - hxxp://mail.skku.edu/customized/skkUniv/activex/HttpFileCtrl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} - hxxp://www.congnamul.com/ActiveX/Release/CongnamulMap4Asp_V2_0_0_18.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} - hxxp://www.skku.edu/initech/plugin/INIS50.cab
DPF: {F37520B6-4FBE-4814-9022-9AD83EF3E203} - hxxp://www.wooribank.com/download/RDServer/SmartUpdate.cab
DPF: {FA4D5ED0-2B96-48B7-9A36-69C4FE4F1744} - hxxp://www.kosis.kr/OLAP/cab/OctagonViewer.cab
DPF: {FAB9B41C-87D6-474D-AB7E-F07D78F2422E} - file:///C:/Documents%20and%20Settings/Thomas%20Bishop/Local%20Settings/Compatible%20LocalLow/TOBESOFT/MiPlatform320/Setup/Win32_3.2/teechart7Langs.cab
TCP: {48386160-A872-4DDF-A6BF-CD1CE1E042BD} = 115.145.0.11,168.126.63.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thomas~1\applic~1\mozilla\firefox\profiles\ncijz5wm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://sn114w.snt114.mail.live.com/default.aspx?n=1681549455|https://mail.google.com/mail/h/1vdcoby922en7/?shva=1|http://us.mc560.mail.yahoo.com/mc/welcome?.gx=1&.tm=1275959905&.rand=2pr1ns0gdtgt9|http://global.nytimes.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_342\npaosmgr.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npINISAFEWeb60.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin_file.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1008000.029\SymEFA.sys [2010-1-27 310320]
R0 SYWORKS;SYWORKS;c:\windows\system32\drivers\Syworks.sys [2007-12-25 36352]
R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AmonTDNt.sys [2008-8-18 95592]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1008000.029\BHDrvx86.sys [2010-1-27 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys [2010-1-27 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100920.001\IDSXpx86.sys [2010-9-22 331640]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.8.0.41\ccSvcHst.exe [2010-1-27 117640]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~1\norton~1\NPROTECT.EXE [2008-9-25 95600]
R2 SNService;SafeNET Client Service;c:\program files\syworks\safenet\SNService.exe [2007-12-25 32768]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100921.003\NAVENG.SYS [2010-9-22 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100921.003\NAVEX15.SYS [2010-9-22 1362608]
S3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2008-8-18 19616]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\csvirta.sys --> c:\windows\system32\drivers\CSVirtA.sys [?]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [2007-10-28 35512]
S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [2007-10-28 6784]
S3 MfFWEnt;MfFWEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mffwent.sys [2008-8-18 101368]
S3 MfIPSEnt;MfIPSEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mfipsent.sys [2008-8-18 121536]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [2006-11-17 169984]

=============== Created Last 30 ================

2010-09-29 07:37:30 446464 -c--a-r- c:\windows\system32\hhactivex.dll
2010-09-29 07:37:30 176128 -c--a-w- c:\windows\system32\RcdScan.dll
2010-09-29 07:37:29 7348 -c--a-w- c:\windows\system32\Odbcjet.cnt
2010-09-29 07:37:29 414944 -c--a-w- c:\windows\system32\COMCT332.OCX
2010-09-29 07:37:29 328480 -c--a-w- c:\windows\system32\ssa3d30.ocx
2010-09-29 07:37:29 171967 -c--a-w- c:\windows\system32\Odbcjet.hlp
2010-09-28 06:52:22 0 dc----w- c:\program files\Lavalys
2010-09-26 10:37:25 3245 -c--a-w- c:\windows\system32\wbem\Outlook_01cb5d66cf6e8650.mof
2010-09-24 07:05:50 175360 -c--a-w- c:\windows\system32\drivers\b57xp32.sys
2010-09-24 07:05:50 175360 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys
2010-09-24 05:42:42 0 dc----w- c:\windows\system32\CatRoot2
2010-09-23 10:26:48 0 dc----w- c:\program files\CCleaner
2010-09-23 10:19:25 0 dc----w- c:\program files\Free Window Registry Repair
2010-09-23 10:18:35 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-09-23 10:18:34 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-09-23 10:18:32 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-09-23 10:18:31 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-09-23 10:18:30 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-09-23 10:17:34 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-09-23 10:17:33 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-09-23 10:17:30 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-09-23 10:17:22 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-09-23 10:17:18 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-09-23 10:15:59 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2010-09-23 10:14:59 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-09-23 10:13:59 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-09-23 10:12:59 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2010-09-23 10:11:58 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2010-09-23 10:10:58 33280 -c--a-w- c:\windows\system32\dllcache\psisrndr.ax
2010-09-23 10:09:57 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-09-23 10:08:59 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2010-09-23 10:07:57 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-09-23 10:06:56 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2010-09-23 10:05:47 18432 -c--a-w- c:\windows\system32\dllcache\jupiw.dll
2010-09-23 10:04:50 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-09-23 10:03:59 48128 -c--a-w- c:\windows\system32\dllcache\hpgt33tk.dll
2010-09-23 10:02:59 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2010-09-23 10:01:57 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2010-09-23 10:00:59 28672 -c--a-w- c:\windows\system32\dllcache\cyycoins.dll
2010-09-23 09:59:59 37916 -c--a-w- c:\windows\system32\dllcache\cb102.sys
2010-09-23 09:58:59 36128 -c--a-w- c:\windows\system32\dllcache\banshee.sys
2010-09-23 09:57:57 24576 -c--a-w- c:\windows\system32\dllcache\agcgauge.ax
2010-09-23 09:56:51 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-09-23 09:56:22 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-09-23 09:56:22 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-09-23 09:56:21 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-09-23 09:56:20 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-09-23 09:56:20 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-09-23 09:56:19 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-09-23 09:56:06 94720 -c--a-w- c:\windows\system32\dllcache\certmap.ocx
2010-09-23 09:16:50 0 dc----w- c:\docume~1\thomas~1\applic~1\IObit
2010-09-23 09:16:49 0 dc----w- c:\program files\IObit
2010-09-23 07:48:46 0 dc----w- c:\documents and settings\all users\Uniblue
2010-09-23 07:40:49 0 dc----w- c:\docume~1\thomas~1\applic~1\Uniblue
2010-09-19 23:10:16 664 -c--a-w- c:\windows\system32\d3d9caps.dat
2010-09-19 12:53:16 0 dc----w- c:\windows\HNSX27CHMRW16BGL
2010-09-18 15:07:21 77312 -c--a-w- c:\windows\MBR.exe
2010-09-16 09:29:57 0 dc----w- c:\program files\SIW
2010-09-05 04:02:37 0 dc----w- c:\program files\iPod

==================== Find3M ====================

2010-09-08 05:59:25 35512 -c--a-w- c:\windows\system32\JRSKD24.sys
2010-09-08 05:59:25 12728 -c--a-w- c:\windows\system32\JRSUKD25.SYS
2010-08-17 13:17:06 58880 -c--a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 -c--a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 12:00:04 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2009-04-09 21:24:28 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-09-06 15:38:05 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat

============= FINISH: 0:48:46.70 ===============

Attached Files


Edited by tbird4, 29 September 2010 - 07:59 AM.


#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:04 PM

Posted 01 October 2010 - 01:00 PM

Hi tbird4,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. welcome.gif
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1
  1. Download TDSSKiller and save it to your Desktop.
  2. Extract its contents to your desktop.
  3. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  4. If an infected file is detected, the default action will be Cure, click on Continue.
  5. If a suspicious file is detected, the default action will be Skip, click on Continue.
  6. It may ask you to reboot the computer to complete the process. Click on Reboot Now
  7. If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  8. If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.

Step2
  1. Please download OTL and save it to your desktop.
  2. Double click on the icon on your desktop.
  3. Click the "Scan All Users" checkbox.
  4. Under the Custom Scan box paste the following bolded text:

    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  5. Click the "Quick Scan" button.
  6. The scan should take just a few minutes.
  7. OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  8. Copy and paste both logs back here in your next reply.


In your next reply, please post back:

1.TDSSKiller.txt
2.OTListIt.txt and Extra.txt Thanks

#5 tbird4

tbird4
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 03 October 2010 - 07:55 AM

here is the TDDSKiller log. the other logs are posted as attachments. according to my untrained eye, i found nothing suspcious in the logs, with the possible exception of driver files that are no longer found (shown in the OTL log).

because i can no longer find the Network Connections link to log on to the internet, i wonder now if the problem is caused by a corrupt driver file or possibly a network interface card problem. however, i ran a diagnostic test on my computer's hardware, including the NIC, and found no problems.


2010/10/03 05:49:03.0151 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/10/03 05:49:03.0151 ================================================================================
2010/10/03 05:49:03.0151 SystemInfo:
2010/10/03 05:49:03.0151
2010/10/03 05:49:03.0151 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/03 05:49:03.0151 Product type: Workstation
2010/10/03 05:49:03.0151 ComputerName: TBIRD
2010/10/03 05:49:03.0151 UserName: Thomas Bishop
2010/10/03 05:49:03.0151 Windows directory: C:\WINDOWS
2010/10/03 05:49:03.0151 System windows directory: C:\WINDOWS
2010/10/03 05:49:03.0151 Processor architecture: Intel x86
2010/10/03 05:49:03.0151 Number of processors: 1
2010/10/03 05:49:03.0151 Page size: 0x1000
2010/10/03 05:49:03.0151 Boot type: Normal boot
2010/10/03 05:49:03.0151 ================================================================================
2010/10/03 05:49:59.0983 Deinitialize success2010/10/03 05:50:01.0946 ================================================================================
2010/10/03 05:50:01.0946 Scan started
2010/10/03 05:50:01.0946 Mode: Manual;
2010/10/03 05:50:01.0946 ================================================================================
2010/10/03 05:50:02.0417 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/10/03 05:50:02.0537 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/03 05:50:02.0727 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/03 05:50:02.0877 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/10/03 05:50:03.0027 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/03 05:50:03.0248 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/03 05:50:03.0358 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/03 05:50:03.0468 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/10/03 05:50:03.0618 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/10/03 05:50:03.0809 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/10/03 05:50:04.0099 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/10/03 05:50:04.0189 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/10/03 05:50:04.0279 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/10/03 05:50:04.0319 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/10/03 05:50:04.0480 AMonTDnt (84cc198c95256fdeaaff604182ef2087) C:\WINDOWS\system32\Drivers\AMonTDnt.sys
2010/10/03 05:50:04.0590 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/10/03 05:50:04.0800 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/10/03 05:50:04.0920 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/10/03 05:50:05.0010 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/10/03 05:50:05.0191 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/03 05:50:05.0301 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/03 05:50:05.0571 ati2mtag (e9ebf7dca6c5eb9c597035a10a5a6a1b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/03 05:50:05.0701 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/03 05:50:05.0872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/03 05:50:06.0082 BCM43XX (ba58cf7f9e8243f19c3eed2f2dcec770) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/10/03 05:50:06.0352 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2010/10/03 05:50:06.0543 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/03 05:50:06.0743 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys
2010/10/03 05:50:06.0923 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/10/03 05:50:06.0973 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/10/03 05:50:07.0123 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/10/03 05:50:07.0244 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/10/03 05:50:07.0404 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/03 05:50:07.0514 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/03 05:50:07.0694 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys
2010/10/03 05:50:07.0814 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/10/03 05:50:07.0924 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/03 05:50:08.0075 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/03 05:50:08.0205 CdmDrvNt (21c0133490fc6afb1fbdc7ed9ee32312) C:\WINDOWS\system32\Drivers\CdmDrvNt.sys
2010/10/03 05:50:08.0345 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/03 05:50:08.0585 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/03 05:50:08.0696 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/10/03 05:50:08.0846 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/03 05:50:09.0026 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/10/03 05:50:09.0306 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/10/03 05:50:09.0417 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/10/03 05:50:09.0547 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/03 05:50:09.0727 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/03 05:50:09.0887 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/03 05:50:10.0068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/03 05:50:10.0438 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/03 05:50:10.0618 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/10/03 05:50:10.0769 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/10/03 05:50:10.0969 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2010/10/03 05:50:11.0079 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/10/03 05:50:11.0159 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/03 05:50:11.0430 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/10/03 05:50:11.0690 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/10/03 05:50:11.0910 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/10/03 05:50:12.0010 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/10/03 05:50:12.0211 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/03 05:50:12.0421 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/03 05:50:12.0501 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/03 05:50:12.0601 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/03 05:50:12.0741 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/03 05:50:12.0882 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/03 05:50:12.0982 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/03 05:50:13.0162 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/03 05:50:13.0292 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/03 05:50:13.0462 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys
2010/10/03 05:50:13.0663 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/03 05:50:13.0803 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/10/03 05:50:13.0943 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/03 05:50:14.0063 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/03 05:50:14.0183 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/10/03 05:50:14.0334 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/03 05:50:14.0654 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100920.001\IDSxpx86.sys
2010/10/03 05:50:14.0774 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/03 05:50:15.0015 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/10/03 05:50:15.0175 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/03 05:50:15.0245 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/03 05:50:15.0345 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/03 05:50:15.0455 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/03 05:50:15.0606 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/03 05:50:15.0766 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/03 05:50:15.0936 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/03 05:50:16.0066 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/03 05:50:16.0246 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/03 05:50:16.0457 JRSKD24 (8be25c260aa6d44d40c463281b155725) C:\WINDOWS\system32\JRSKD24.SYS
2010/10/03 05:50:16.0667 JRSUKD24 (9cc88aecca3a98abe936929570141d8a) C:\WINDOWS\system32\JRSUKD24.SYS
2010/10/03 05:50:16.0837 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/03 05:50:17.0028 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/03 05:50:17.0188 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/03 05:50:17.0548 MDC8021X (bee76ac58bb524523a84000ba8efe55a) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2010/10/03 05:50:17.0779 MfFWEnt (5a60a55f6b8af51a6b7642b8981fd834) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys
2010/10/03 05:50:17.0879 MfIPSEnt (99c7209b747e4d25afaf241a140e4be5) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys
2010/10/03 05:50:18.0039 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/03 05:50:18.0199 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/03 05:50:18.0299 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/03 05:50:18.0440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/03 05:50:18.0550 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/03 05:50:18.0710 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/10/03 05:50:18.0860 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/03 05:50:19.0020 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/03 05:50:19.0131 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/03 05:50:19.0381 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/03 05:50:19.0531 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
2010/10/03 05:50:19.0661 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/03 05:50:19.0772 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/03 05:50:19.0872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/03 05:50:19.0982 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/03 05:50:20.0082 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/03 05:50:20.0182 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/03 05:50:20.0603 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100921.003\NAVENG.SYS
2010/10/03 05:50:21.0174 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100921.003\NAVEX15.SYS
2010/10/03 05:50:21.0524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/03 05:50:21.0684 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/03 05:50:21.0784 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/03 05:50:21.0945 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/03 05:50:22.0195 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/03 05:50:22.0385 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/03 05:50:22.0536 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/03 05:50:22.0796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/03 05:50:22.0926 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/10/03 05:50:23.0227 NPDriver (65194f525aef541eaa5056eb3d53a25b) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
2010/10/03 05:50:23.0327 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/03 05:50:23.0577 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/03 05:50:23.0907 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/03 05:50:24.0108 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/03 05:50:24.0238 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/03 05:50:24.0438 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/10/03 05:50:24.0588 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/10/03 05:50:24.0679 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/10/03 05:50:24.0799 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2010/10/03 05:50:24.0949 O2SCBUS (c7d0c730d658089c3c500c7280d4001a) C:\WINDOWS\system32\DRIVERS\ozscr.sys
2010/10/03 05:50:25.0089 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/10/03 05:50:25.0289 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/03 05:50:25.0370 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/03 05:50:25.0490 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/03 05:50:25.0720 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/03 05:50:25.0900 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/03 05:50:25.0980 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/03 05:50:26.0131 PCX500 (592b9d0fb93647c35b6f6883c988d225) C:\WINDOWS\system32\DRIVERS\pcx500.sys
2010/10/03 05:50:26.0641 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/10/03 05:50:26.0752 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/10/03 05:50:26.0962 PhilCam8116 (a2b74f7dc4407be6a20808d00aeca9df) C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
2010/10/03 05:50:27.0182 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/03 05:50:27.0292 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/03 05:50:27.0453 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/03 05:50:27.0613 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/03 05:50:27.0733 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/10/03 05:50:27.0843 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/10/03 05:50:27.0973 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/10/03 05:50:28.0114 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/10/03 05:50:28.0234 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/10/03 05:50:28.0354 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/10/03 05:50:28.0514 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/03 05:50:28.0674 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/03 05:50:28.0774 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/03 05:50:28.0865 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/03 05:50:29.0025 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/03 05:50:29.0155 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/03 05:50:29.0275 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/03 05:50:29.0425 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/03 05:50:29.0646 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/03 05:50:29.0796 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/10/03 05:50:29.0916 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/10/03 05:50:30.0197 SDdriver (11b5e1da4566a68a881a7d73222f4c78) C:\WINDOWS\system32\Drivers\sddriver.sys
2010/10/03 05:50:30.0317 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/03 05:50:30.0457 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/03 05:50:30.0617 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/03 05:50:30.0717 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/03 05:50:30.0938 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/10/03 05:50:31.0048 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/03 05:50:31.0218 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/10/03 05:50:31.0679 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/03 05:50:31.0849 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/03 05:50:32.0069 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS
2010/10/03 05:50:32.0199 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS
2010/10/03 05:50:32.0370 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/03 05:50:32.0600 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\STAC97.sys
2010/10/03 05:50:32.0800 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/03 05:50:32.0910 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/03 05:50:33.0001 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/03 05:50:33.0141 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/10/03 05:50:33.0271 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/10/03 05:50:33.0762 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\NAV\1008000.029\SYMEFA.SYS
2010/10/03 05:50:33.0932 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/10/03 05:50:34.0042 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS
2010/10/03 05:50:34.0132 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS
2010/10/03 05:50:34.0302 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/10/03 05:50:34.0363 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/10/03 05:50:34.0503 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS
2010/10/03 05:50:34.0813 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS
2010/10/03 05:50:34.0963 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/10/03 05:50:35.0094 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/10/03 05:50:35.0544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/03 05:50:35.0714 SYWORKS (b58f4f880090bcdfb543deec776458e9) C:\WINDOWS\system32\drivers\SYWORKS.sys
2010/10/03 05:50:35.0945 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/03 05:50:36.0095 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/10/03 05:50:36.0215 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/03 05:50:36.0395 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/03 05:50:36.0486 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/03 05:50:36.0666 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/10/03 05:50:36.0816 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/10/03 05:50:36.0996 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/10/03 05:50:37.0126 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/03 05:50:37.0267 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/10/03 05:50:37.0447 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/03 05:50:37.0677 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/03 05:50:37.0817 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/03 05:50:37.0968 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/03 05:50:38.0068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/03 05:50:38.0188 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/03 05:50:38.0318 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/03 05:50:38.0468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/03 05:50:38.0629 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/03 05:50:38.0709 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/03 05:50:38.0839 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/10/03 05:50:38.0959 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/10/03 05:50:39.0089 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/03 05:50:39.0370 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/03 05:50:39.0620 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/03 05:50:39.0840 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/03 05:50:39.0961 ================================================================================
2010/10/03 05:50:39.0961 Scan finished
2010/10/03 05:50:39.0961 ================================================================================
2010/10/03 05:50:50.0646 Deinitialize success

Attached Files



#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:04 PM

Posted 03 October 2010 - 09:23 AM

Hi tbird4,



QUOTE
because i can no longer find the Network Connections link to log on to the internet

I can't see any outstanding objects on your log. Apparently, your problem isn't malware related. Do your mean you can't locate network connections icons?

If that's the case, please go to this thread for your reference. Let me know if you still need assistance.

Edited by sundavis, 05 October 2010 - 02:25 AM.


#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:04 PM

Posted 07 October 2010 - 10:46 PM

Since this issue appears resolved ... this Topic is closed.

Glad to have helped.

Everyone else please begin a New Topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users