Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer fails to connect to internet, GMER scan will not complete


  • This topic is locked This topic is locked
23 replies to this topic

#1 DnDer

DnDer

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 27 January 2011 - 12:10 AM

This is an older computer, running XP (managed to upgrade to SP3, though) and is unable to connect to my internet. I have attempted to use 2 wireless USB adapters, and then ran a cable directly from the router to the machine. IPCONFIG reveals that the computer is not picking up a gateway address at all, no matter what method is attempting to connect to it.

GMER locks up at a random point in the scan. I've seen it halt in at least two different places, and after waiting a few hours had to restart the computer when nothing would respond. On at least one of those occasions, I saw two red entries in the GMER window. GMER does not create a "not responding" dialogue or box that will let me force close. The system also hands to the point of CAD-salute not bringing up Task Manager, leaving reboot as the only option.

I am attaching the DDS and Attach logs. Could someone please help me clean this computer, and hopefully identify the problem with its internet connection?


DDS (Ver_10-12-12.02) - NTFSx86
Run by William Tierney at 22:57:15.14 on Mon 01/24/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.873 [GMT -6:00]

AV: McAfee VirusScan *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\William Tierney\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.comcast.net/a
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~2.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~2.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [Ink Monitor] c:\program files\epson\ink monitor\InkMonitor.exe
mRun: [MPTBox] c:\program files\canon\multipass4\MPTBox.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [UMonit] c:\windows\system32\umonit.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet d series\bin\hpoojd07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\sandisk\sandisk transfermate\SD Monitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: FlSvh - {58F8574A-F252-FDE0-2BC2-2EB476122E77} - c:\windows\system32\tcna.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\willia~1\applic~1\mozilla\firefox\profiles\vgc7abfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-6 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-6 359248]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-6-6 144704]
R2 tgsrvc_chatsupport.palm.com;SupportSoft Repair Service (chatsupport.palm.com);c:\program files\chatsupport.palm.com\bin\tgsrvc.exe [2008-1-11 148768]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-6-6 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-6-6 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-6-6 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-6-6 40488]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2006-1-22 6016]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-6-6 33832]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 594048]

=============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2011-01-24 04:26:59 884712 ------w- c:\program files\msn\msncorefiles\install\msn9components\digcore.exe
2011-01-24 04:26:59 1327320 ------w- c:\program files\msn\msncorefiles\install\msnsusii.exe
2011-01-24 04:26:59 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe
2011-01-24 04:26:59 -------- d-----w- c:\windows\system32\scripting
2011-01-24 04:26:58 966656 ------w- c:\program files\msn\msncorefiles\oobe\obemetal.dll
2011-01-24 04:26:58 86016 ------w- c:\program files\msn\msncorefiles\oobe\obepopc.dll
2011-01-24 04:26:58 77824 ------w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll
2011-01-24 04:26:58 229376 ------w- c:\program files\msn\msncorefiles\oobe\obelog.dll
2011-01-24 04:26:58 -------- d-----w- c:\windows\system32\en
2011-01-24 04:26:58 -------- d-----w- c:\windows\l2schemas
2011-01-24 04:23:08 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2011-01-24 04:23:08 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-01-24 04:21:16 19569 ----a-w- c:\windows\005723_.tmp
2011-01-24 03:45:58 -------- d-----w- c:\program files\Belkin
2011-01-24 03:45:26 -------- d-----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}
2011-01-24 01:54:58 -------- d-----w- C:\OEMSettings
2011-01-19 04:48:49 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-01-19 04:48:15 -------- d-----w- c:\program files\NETGEAR

==================== Find3M ====================

2001-08-18 12:00:00 94784 --sh--w- c:\windows\TWAIN.DLL
2008-04-14 11:42:08 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 11:42:02 57344 --sh--w- c:\windows\system32\msvcirt.dll

============= FINISH: 23:01:31.15 ===============

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:51 PM

Posted 02 February 2011 - 12:07 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 02 February 2011 - 02:16 PM

I'm still here.

I made 1 change to the computer: I remove McAfee from it. I now can establish a connection to the internet, but GMER will still not complete a full run. I apologize - I was beginning to worry I'd been forgotten.

Let me know what you need me to do.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:51 PM

Posted 02 February 2011 - 04:09 PM

Can you run TDSSKiller for me first

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 02 February 2011 - 07:50 PM

I am having trouble extracting it and copying it to the desktop from my USB key. (I can access the internet, but it won't let me connect to BC for a direct download. I'm having to download TDSS onto a key and taking it over to another computer.) It copies a blank icon with no text, and then nothing happens. I can open and run anything else, but that icon won't populate with the TDSS icon and program.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:51 PM

Posted 02 February 2011 - 07:56 PM

That's not helpful then.

Can you attempt to transfer Combofix over on a USB drive and run the program. If this borks then we need to have another look at the system.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 02 February 2011 - 09:17 PM

After running combofix, I now have tdss killer on the desktop as a proper icon. However, combo fix told me the following rootkits were detected and to write them down:

C:\WINDOWS\SYSTEM32\tdssl.dll
C:\WINDOWS\SYSTEM32\DRIVERS\tdssserv.sys

ComboFix 11-01-31.02 - (user) 02/02/2011 19:45:44.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.998 [GMT -6:00]
Running from: c:\documents and settings\(user)\Desktop\ComboFix.exe
.

(((((((((((((((((user)((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\(user)\Application Data\PrivacyControl
c:\documents and settings\(user)\Application Data\PrivacyControl\Log\2008 Jul 26 - 01_00_23 PM_171.log
c:\documents and settings\(user)\Application Data\PrivacyControl\Log\2008 Jul 26 - 12_27_51 PM_938.log
c:\documents and settings\(user)\Application Data\PrivacyControl\Log\2008 Jul 26 - 12_27_59 PM_656.log
c:\documents and settings\(user)\Application Data\PrivacyControl\Log\2008 Jul 26 - 12_28_00 PM_984.log
c:\documents and settings\(user)\Application Data\PrivacyControl\Log\2008 Jul 26 - 12_31_17 PM_406.log
c:\documents and settings\(user)\Application Data\PrivacyControl\Log\2008 Jul 26 - 12_31_17 PM_469.log
c:\documents and settings\(user)\Application Data\PrivacyControl\Log\2008 Jul 26 - 12_36_57 PM_312.log
c:\documents and settings\(user)\Application Data\PrivacyControl\Settings\CustomScan.stg
c:\documents and settings\(user)\Application Data\PrivacyControl\Settings\IgnoreList.stg
c:\documents and settings\(user)\Application Data\PrivacyControl\Settings\ScanInfo.stg
c:\documents and settings\(user)\Application Data\PrivacyControl\Settings\SelectedFolders.stg
c:\documents and settings\(user)\Application Data\PrivacyControl\Settings\Settings.stg
c:\documents and settings\(user)\Favorites\Thumbs.db
C:\smp.bat
c:\windows\SYSTEM32\DRIVERS\tdssserv.sys
c:\windows\SYSTEM32\tdssl.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_tdssserv


((((((((((((((((((((((((( Files Created from 2011-01-03 to 2011-02-03 )))))))))))))))))))))))))))))))
.

2011-01-24 04:26 . 2011-01-24 04:26 -------- d-----w- c:\windows\system32\scripting
2011-01-24 04:26 . 2007-04-03 06:12 1327320 ------w- c:\program files\MSN\MSNCoreFiles\install\msnsusii.exe
2011-01-24 04:26 . 2007-04-03 06:09 11053008 ------w- c:\program files\MSN\MSNCoreFiles\install\msn9components\msncli.exe
2011-01-24 04:26 . 2007-04-03 06:04 884712 ------w- c:\program files\MSN\MSNCoreFiles\install\msn9components\digcore.exe
2011-01-24 04:26 . 2011-01-24 04:26 -------- d-----w- c:\windows\system32\en
2011-01-24 04:26 . 2011-01-24 04:26 -------- d-----w- c:\windows\l2schemas
2011-01-24 04:26 . 2008-04-14 11:40 966656 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obemetal.dll
2011-01-24 04:26 . 2008-04-14 11:40 86016 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obepopc.dll
2011-01-24 04:26 . 2008-04-14 11:40 229376 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obelog.dll
2011-01-24 04:26 . 2007-04-03 06:14 77824 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obemtllc.dll
2011-01-24 04:23 . 2008-04-14 06:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-01-24 04:23 . 2008-04-14 04:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2011-01-24 04:21 . 2006-12-29 06:31 19569 ----a-w- c:\windows\005723_.tmp
2011-01-24 03:45 . 2011-01-24 03:45 -------- d-----w- c:\program files\Belkin
2011-01-24 03:45 . 2011-01-24 03:45 -------- d-----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}
2011-01-24 01:54 . 2011-01-24 01:54 -------- d-----w- C:\OEMSettings
2011-01-19 04:48 . 2011-01-19 04:48 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-01-19 04:48 . 2011-01-19 04:48 -------- d-----w- c:\program files\NETGEAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-10-11 08:04 . 2008-04-04 14:10 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-04-04 14:10 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-04-04 14:10 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-04-04 14:10 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-04-04 14:10 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2001-08-18 12:00 94784 --sh--w- c:\windows\TWAIN.DLL
2008-04-14 11:42 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 11:42 57344 --sh--w- c:\windows\SYSTEM32\msvcirt.dll
.

------- Sigcheck -------

[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2001-12-07 258118]
"MPTBox"="c:\program files\Canon\MultiPASS4\MPTBox.exe" [2001-10-20 159744]
"UMonit"="c:\windows\System32\umonit.exe" [2004-01-05 53248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-04 185896]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-12-29 98304]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-12-29 98304]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE [2002-12-29 135680]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HPAiODevice(hp officejet d series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe [2002-3-5 491582]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-29 67128]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2006-1-22 110592]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"FlSvh"= {58F8574A-F252-FDE0-2BC2-2EB476122E77} - c:\windows\System32\tcna.dll [2007-04-16 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R2 tgsrvc_chatsupport.palm.com;SupportSoft Repair Service (chatsupport.palm.com);c:\program files\chatsupport.palm.com\bin\tgsrvc.exe [1/11/2008 1:06 AM 148768]
S3 fixustor;fixustor;c:\windows\SYSTEM32\DRIVERS\fixustor.sys [1/22/2006 10:17 PM 6016]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\SYSTEM32\DRIVERS\wg111v3.sys [4/23/2007 2:11 PM 224896]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\SYSTEM32\DRIVERS\RTL8192su.sys [1/6/2010 5:21 PM 594048]
.
Contents of the 'Scheduled Tasks' folder

2002-06-13 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2001-08-18 11:42]

2002-06-13 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2001-08-18 11:42]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.comcast.net/a
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {434CE27D-B97C-4621-897F-67C95952DC71} = 8.8.8.8
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\(user)\Application Data\Mozilla\Firefox\Profiles\vgc7abfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe
AddRemove-FixUstor - c:\windows\temp\fixustor\remove.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-02 20:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\System32\umonit.exe?USB\Vid_0781&Pid_9940??VID808????8???D?USB\ROOT_H??????\????????? ???????8???????l????I?w?????????????b@??????$?w????????au?w?????u?wPr?w??@????w????????@???????????????????????????x??????????????w0!?w?????u?w???w??????????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6404)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2011-02-02 20:13:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-03 02:13

Pre-Run: 26,825,207,808 bytes free
Post-Run: 26,813,251,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - DA226202A1DFB3581A2EEBD0D9D0DFDF

Edited by DnDer, 02 February 2011 - 09:19 PM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:51 PM

Posted 03 February 2011 - 05:05 PM

Can you now run TDSSKiller?

If so, please do so now.
Posted Image
m0le is a proud member of UNITE

#9 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 03 February 2011 - 09:16 PM

2011/02/03 20:07:51.0015 3080 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/03 20:07:51.0125 3080 ================================================================================
2011/02/03 20:07:51.0125 3080 SystemInfo:
2011/02/03 20:07:51.0125 3080
2011/02/03 20:07:51.0125 3080 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/03 20:07:51.0125 3080 Product type: Workstation
2011/02/03 20:07:51.0125 3080 ComputerName: BILL
2011/02/03 20:07:51.0125 3080 UserName: (user)
2011/02/03 20:07:51.0125 3080 Windows directory: C:\WINDOWS
2011/02/03 20:07:51.0125 3080 System windows directory: C:\WINDOWS
2011/02/03 20:07:51.0125 3080 Processor architecture: Intel x86
2011/02/03 20:07:51.0125 3080 Number of processors: 1
2011/02/03 20:07:51.0125 3080 Page size: 0x1000
2011/02/03 20:07:51.0125 3080 Boot type: Normal boot
2011/02/03 20:07:51.0125 3080 ================================================================================
2011/02/03 20:07:51.0625 3080 Initialize success
2011/02/03 20:08:10.0000 3784 ================================================================================
2011/02/03 20:08:10.0000 3784 Scan started
2011/02/03 20:08:10.0000 3784 Mode: Manual;
2011/02/03 20:08:10.0000 3784 ================================================================================
2011/02/03 20:08:15.0468 3784 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/02/03 20:08:16.0218 3784 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/02/03 20:08:17.0406 3784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/03 20:08:18.0296 3784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/03 20:08:19.0187 3784 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/02/03 20:08:19.0843 3784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/03 20:08:20.0484 3784 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/02/03 20:08:21.0187 3784 AFD (e3049b90fe06f3f740b7cfda44995e2c) C:\WINDOWS\System32\drivers\afd.sys
2011/02/03 20:08:21.0812 3784 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/03 20:08:22.0437 3784 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/02/03 20:08:23.0000 3784 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/02/03 20:08:23.0625 3784 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/02/03 20:08:24.0234 3784 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/02/03 20:08:25.0406 3784 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/02/03 20:08:25.0937 3784 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/02/03 20:08:26.0515 3784 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/02/03 20:08:27.0093 3784 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/02/03 20:08:27.0812 3784 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/02/03 20:08:28.0375 3784 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/02/03 20:08:29.0343 3784 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/02/03 20:08:30.0312 3784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/03 20:08:31.0109 3784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/03 20:08:32.0062 3784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/03 20:08:32.0593 3784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/03 20:08:33.0109 3784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/03 20:08:33.0718 3784 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/02/03 20:08:34.0281 3784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/03 20:08:34.0718 3784 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/03 20:08:35.0265 3784 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/02/03 20:08:35.0750 3784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/03 20:08:36.0296 3784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/03 20:08:37.0203 3784 Cdr4_xp (4dee321b7d830231853bc722d3acfdf8) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/02/03 20:08:37.0781 3784 Cdralw2k (18eb04a0dfd3ffae2ab736c3c1dfea34) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/02/03 20:08:38.0359 3784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/03 20:08:39.0187 3784 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/02/03 20:08:40.0093 3784 cis1284 (7e1d1616c7e2fbba784e5dbd05d88eca) C:\WINDOWS\System32\drivers\cis1284.sys
2011/02/03 20:08:40.0531 3784 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/02/03 20:08:41.0187 3784 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/02/03 20:08:42.0265 3784 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/02/03 20:08:43.0218 3784 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/02/03 20:08:44.0000 3784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/03 20:08:45.0562 3784 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
2011/02/03 20:08:47.0234 3784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/03 20:08:49.0140 3784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/03 20:08:49.0906 3784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/03 20:08:50.0765 3784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/03 20:08:51.0812 3784 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/02/03 20:08:52.0859 3784 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/02/03 20:08:53.0640 3784 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/02/03 20:08:54.0734 3784 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/02/03 20:08:55.0750 3784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/03 20:08:56.0609 3784 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/02/03 20:08:57.0375 3784 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/02/03 20:08:58.0281 3784 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\System32\Drivers\EPLPDX02.SYS
2011/02/03 20:08:58.0828 3784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/03 20:08:59.0640 3784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/03 20:09:00.0656 3784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/03 20:09:01.0843 3784 fixustor (cdb568db5e8985dcc623da808ac61042) C:\WINDOWS\system32\drivers\fixustor.sys
2011/02/03 20:09:02.0656 3784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/03 20:09:04.0640 3784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/03 20:09:06.0843 3784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/03 20:09:08.0218 3784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/03 20:09:09.0375 3784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/03 20:09:11.0421 3784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/03 20:09:14.0750 3784 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/02/03 20:09:17.0234 3784 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
2011/02/03 20:09:18.0765 3784 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/03 20:09:20.0000 3784 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/03 20:09:21.0078 3784 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/03 20:09:22.0312 3784 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/03 20:09:23.0468 3784 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/03 20:09:24.0437 3784 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/02/03 20:09:25.0437 3784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/03 20:09:26.0468 3784 ialm (2b0a8fa7be10dfef9318757e4d6274b0) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/02/03 20:09:27.0421 3784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2011/02/03 20:09:28.0343 3784 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/02/03 20:09:29.0265 3784 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/02/03 20:09:30.0343 3784 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/03 20:09:31.0296 3784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/03 20:09:32.0171 3784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/03 20:09:33.0093 3784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/03 20:09:37.0390 3784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/03 20:09:39.0171 3784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/03 20:09:41.0093 3784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/03 20:09:44.0890 3784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/03 20:09:45.0500 3784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/03 20:09:46.0093 3784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/03 20:09:46.0765 3784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/03 20:09:48.0890 3784 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/02/03 20:09:52.0265 3784 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2011/02/03 20:09:53.0750 3784 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/02/03 20:09:54.0234 3784 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/02/03 20:09:54.0937 3784 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/02/03 20:09:55.0468 3784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/03 20:09:56.0218 3784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/03 20:09:56.0734 3784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/03 20:09:57.0515 3784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/03 20:09:58.0296 3784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/03 20:09:59.0250 3784 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/02/03 20:09:59.0781 3784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/03 20:10:00.0515 3784 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/03 20:10:01.0328 3784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/03 20:10:01.0781 3784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/03 20:10:02.0250 3784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/03 20:10:02.0781 3784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/03 20:10:03.0265 3784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/03 20:10:03.0703 3784 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/03 20:10:04.0234 3784 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/03 20:10:05.0171 3784 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/03 20:10:06.0031 3784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/03 20:10:06.0765 3784 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/03 20:10:07.0437 3784 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/03 20:10:07.0875 3784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/03 20:10:08.0703 3784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/03 20:10:09.0750 3784 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/03 20:10:10.0734 3784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/03 20:10:11.0437 3784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/03 20:10:12.0000 3784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/03 20:10:13.0390 3784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/03 20:10:14.0546 3784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/03 20:10:15.0968 3784 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/03 20:10:17.0609 3784 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
2011/02/03 20:10:18.0453 3784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/03 20:10:18.0953 3784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/03 20:10:19.0625 3784 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/02/03 20:10:20.0234 3784 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/02/03 20:10:20.0953 3784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/03 20:10:21.0765 3784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/03 20:10:22.0312 3784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/03 20:10:23.0125 3784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/03 20:10:25.0375 3784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/03 20:10:26.0562 3784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/03 20:10:31.0281 3784 pepifilter (c5d5ea6a29523e0f6016741e9851c6db) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/02/03 20:10:32.0203 3784 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/02/03 20:10:33.0406 3784 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/02/03 20:10:35.0625 3784 PID_PEPI (3f96dcd4ac98c8e0d3c03c24fd49a2fe) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/02/03 20:10:37.0656 3784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/03 20:10:39.0359 3784 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/03 20:10:40.0671 3784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/03 20:10:41.0437 3784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/03 20:10:42.0093 3784 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/02/03 20:10:42.0734 3784 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/02/03 20:10:43.0328 3784 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/02/03 20:10:43.0937 3784 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/02/03 20:10:44.0531 3784 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/02/03 20:10:45.0109 3784 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/02/03 20:10:45.0687 3784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/03 20:10:47.0453 3784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/03 20:10:48.0453 3784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/03 20:10:49.0015 3784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/03 20:10:49.0718 3784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/03 20:10:50.0390 3784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/03 20:10:51.0218 3784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/03 20:10:52.0468 3784 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/03 20:10:53.0546 3784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/03 20:10:54.0109 3784 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/02/03 20:10:54.0703 3784 RTL8187B (4e812ac89eec95aac9cacea29a0f8dc8) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
2011/02/03 20:10:55.0578 3784 RTL8192su (b29eeb1ea7971bd83069eb2e2258d224) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
2011/02/03 20:10:56.0468 3784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/03 20:10:57.0078 3784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/03 20:10:57.0656 3784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/03 20:10:58.0156 3784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/03 20:10:59.0437 3784 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/02/03 20:11:00.0250 3784 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/03 20:11:01.0328 3784 smwdm (b911c822922cf62df83ad36d5c9775cc) C:\WINDOWS\system32\drivers\smwdm.sys
2011/02/03 20:11:02.0265 3784 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/02/03 20:11:03.0031 3784 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/02/03 20:11:03.0546 3784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/03 20:11:04.0078 3784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/03 20:11:05.0046 3784 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/03 20:11:05.0812 3784 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/03 20:11:06.0968 3784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/03 20:11:08.0062 3784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/03 20:11:08.0796 3784 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/02/03 20:11:09.0453 3784 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/02/03 20:11:10.0015 3784 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/02/03 20:11:10.0750 3784 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/02/03 20:11:11.0265 3784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/03 20:11:12.0156 3784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/03 20:11:12.0859 3784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/03 20:11:13.0500 3784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/03 20:11:14.0265 3784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/03 20:11:15.0031 3784 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/02/03 20:11:15.0796 3784 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/02/03 20:11:16.0343 3784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/03 20:11:16.0859 3784 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/02/03 20:11:17.0531 3784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/03 20:11:18.0343 3784 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/03 20:11:18.0890 3784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/03 20:11:19.0406 3784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/03 20:11:19.0875 3784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/03 20:11:20.0515 3784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/03 20:11:21.0109 3784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/03 20:11:21.0765 3784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/03 20:11:22.0390 3784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/03 20:11:22.0890 3784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/03 20:11:23.0390 3784 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/02/03 20:11:23.0843 3784 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/02/03 20:11:24.0296 3784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/03 20:11:24.0937 3784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/03 20:11:26.0437 3784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/03 20:11:27.0281 3784 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/03 20:11:28.0031 3784 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/03 20:11:28.0609 3784 {6080A529-897E-4629-A488-ABA0C29B635E} (6f221e213521179132cf019d9dbf5cae) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/02/03 20:11:29.0203 3784 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d972db6f3fc84df74adc2a305e436301) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/02/03 20:11:29.0890 3784 ================================================================================
2011/02/03 20:11:29.0890 3784 Scan finished
2011/02/03 20:11:29.0890 3784 ================================================================================

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:51 PM

Posted 04 February 2011 - 02:29 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

FCopy::
c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 05 February 2011 - 11:42 AM

(user)ComboFix 11-01-31.02 - (user) 02/05/2011 2:17.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.918 [GMT -6:00]
Running from: c:\documents and settings\(user)\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\(user)\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
.

2011-02-05 08:12 . 2011-02-05 08:12 -------- d-----w- c:\windows\LastGood
2011-02-04 02:24 . 2011-02-04 02:24 -------- d-----w- c:\windows\system32\KB905474
2011-02-02 22:17 . 2009-08-13 15:16 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2011-02-02 22:17 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-02-02 22:17 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-02 22:17 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-02-02 22:16 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
2011-02-02 22:16 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-02-02 22:16 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-02 22:16 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-02-02 22:14 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-02 22:14 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-02 22:13 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-02-02 22:13 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-02-02 22:13 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-02-02 22:12 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-02-02 22:12 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2011-02-02 22:12 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-02-02 22:12 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-02-02 22:12 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-02-02 22:12 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-02-02 22:12 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-02-02 22:12 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-02-02 22:12 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-02-02 22:11 . 2010-04-27 13:59 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-02 22:11 . 2010-04-28 02:25 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-02 22:11 . 2010-04-27 13:05 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-02 22:11 . 2010-04-27 13:05 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-02-02 22:09 . 2010-06-14 07:41 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2011-02-02 22:02 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-02-02 22:02 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-02-02 22:01 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-02-02 22:00 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-02-02 22:00 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-02-02 22:00 . 2010-08-13 12:53 5120 ------w- c:\windows\system32\xpsp4res.dll
2011-01-24 04:26 . 2011-01-24 04:26 -------- d-----w- c:\windows\system32\scripting
2011-01-24 04:26 . 2007-04-03 06:12 1327320 ------w- c:\program files\MSN\MSNCoreFiles\install\msnsusii.exe
2011-01-24 04:26 . 2007-04-03 06:09 11053008 ------w- c:\program files\MSN\MSNCoreFiles\install\msn9components\msncli.exe
2011-01-24 04:26 . 2007-04-03 06:04 884712 ------w- c:\program files\MSN\MSNCoreFiles\install\msn9components\digcore.exe
2011-01-24 04:26 . 2011-01-24 04:26 -------- d-----w- c:\windows\system32\en
2011-01-24 04:26 . 2011-01-24 04:26 -------- d-----w- c:\windows\l2schemas
2011-01-24 04:26 . 2008-04-14 11:40 966656 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obemetal.dll
2011-01-24 04:26 . 2008-04-14 11:40 86016 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obepopc.dll
2011-01-24 04:26 . 2008-04-14 11:40 229376 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obelog.dll
2011-01-24 04:26 . 2007-04-03 06:14 77824 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obemtllc.dll
2011-01-24 04:23 . 2008-04-14 06:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-01-24 04:23 . 2008-04-14 04:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2011-01-24 04:21 . 2006-12-29 06:31 19569 ----a-w- c:\windows\005723_.tmp
2011-01-24 03:45 . 2011-01-24 03:45 -------- d-----w- c:\program files\Belkin
2011-01-24 03:45 . 2011-01-24 03:45 -------- d-----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}
2011-01-24 01:54 . 2011-01-24 01:54 -------- d-----w- C:\OEMSettings
2011-01-19 04:48 . 2011-01-19 04:48 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-01-19 04:48 . 2011-01-19 04:48 -------- d-----w- c:\program files\NETGEAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2001-08-18 12:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2001-08-18 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2006-10-11 08:04 . 2008-04-04 14:10 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-04-04 14:10 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-04-04 14:10 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-04-04 14:10 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-04-04 14:10 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2001-08-18 12:00 94784 --sh--w- c:\windows\TWAIN.DLL
2008-04-14 11:42 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 11:42 57344 --sh--w- c:\windows\SYSTEM32\msvcirt.dll
.

------- Sigcheck -------

[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SYSTEM32\DLLCACHE\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2001-12-07 258118]
"MPTBox"="c:\program files\Canon\MultiPASS4\MPTBox.exe" [2001-10-20 159744]
"UMonit"="c:\windows\System32\umonit.exe" [2004-01-05 53248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-04 185896]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-12-29 98304]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-12-29 98304]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE [2002-12-29 135680]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HPAiODevice(hp officejet d series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe [2002-3-5 491582]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-29 67128]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2006-1-22 110592]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"FlSvh"= {58F8574A-F252-FDE0-2BC2-2EB476122E77} - c:\windows\System32\tcna.dll [2007-04-16 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R2 tgsrvc_chatsupport.palm.com;SupportSoft Repair Service (chatsupport.palm.com);c:\program files\chatsupport.palm.com\bin\tgsrvc.exe [1/11/2008 1:06 AM 148768]
S3 fixustor;fixustor;c:\windows\SYSTEM32\DRIVERS\fixustor.sys [1/22/2006 10:17 PM 6016]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\SYSTEM32\DRIVERS\wg111v3.sys [4/23/2007 2:11 PM 224896]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\SYSTEM32\DRIVERS\RTL8192su.sys [1/6/2010 5:21 PM 594048]
.
Contents of the 'Scheduled Tasks' folder

2002-06-13 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2001-08-18 11:42]

2002-06-13 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2001-08-18 11:42]

2011-02-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-02-04 04:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.comcast.net/a
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {434CE27D-B97C-4621-897F-67C95952DC71} = 8.8.8.8
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\(user)\Application Data\Mozilla\Firefox\Profiles\vgc7abfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-05 02:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\System32\umonit.exe?USB\Vid_0781&Pid_9940??VID808????8???D?USB\ROOT_H??????\????????? ???????8???????l????I?w?????????????b@??????$?w????????au?w?????u?wPr?w??@????w????????@???????????????????????????x??????????????w0!?w?????u?w???w??????????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3220)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
Completion time: 2011-02-05 02:30:27
ComboFix-quarantined-files.txt 2011-02-05 08:30
ComboFix2.txt 2011-02-03 02:13

Pre-Run: 26,218,094,592 bytes free
Post-Run: 26,180,399,104 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 5B8B84D71CBCD46C1884769B001671B6

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:51 PM

Posted 05 February 2011 - 12:10 PM

I would like you to scan the machine with ESET now

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#13 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 05 February 2011 - 04:44 PM

C:\Program Files\ComcastToolbar\comcasttoolbar.dll_0_ probably a variant of Win32/Adware.BHO.MegaSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tdssl.dll.vir Win32/Agent.ODG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\tdssserv.sys.vir Win32/Agent.ODG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B5900582-1901-4F7E-BAFE-8FEB08721D95}\RP143\A0007001.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B5900582-1901-4F7E-BAFE-8FEB08721D95}\RP143\A0007002.sys Win32/Agent.ODG trojan cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\tcna.dll Win32/TrojanProxy.Agent.NCI trojan cleaned by deleting (after the next restart)
C:\WINDOWS\SYSTEM32\tdssadw.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\tdsslog.dll Win32/Agent.OBU trojan cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\tdssmain.dll Win32/Agent.ODG trojan cleaned by deleting - quarantined

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:51 PM

Posted 05 February 2011 - 05:26 PM

How is the machine running now?
Posted Image
m0le is a proud member of UNITE

#15 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 05 February 2011 - 09:06 PM

I think it's running better. A bit faster, at any rate. But I have a lot to clean up in the way of bloatware and standard disk cleanup after we're done here.

Have we cleared the infections?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users