Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Requesting help. Virus removed restore points, disables security and redirects browser


  • This topic is locked This topic is locked
24 replies to this topic

#1 RSKRC

RSKRC

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York USA
  • Local time:01:00 AM

Posted 31 January 2011 - 05:16 AM

Greetings! My first post here. I infected our computer by activating two .exe files. Symptoms were: restore points disappeared, Microsoft Security disabled, browser redirects to incorrect pages. I tried to reboot in safe mode but that would disable my keyboard from entering my password. Ultimately I rebooted normally which seemed to activate the virus. My initial reaction was to let SpyBot S&D remove what it had found until only the Security deactivation remained. Realizing that I still had problems I am turning to this forum to see if there is any remedy. I understand now that letting SpyBot remove items before contacting you may have been a mistake. I have read the preamble and downloaded the requested items. However GMER would become inactive and hang up the computer. I would have to reboot each time I tried. I was unable to save a file from GMER. The other two logs I was able to create and will paste and attach as instructed. I am running Windows XP Pro. v. 2002 SP 3. Thank you for any help you can provide.

RSKRC

DDS (Ver_10-12-12.02) - NTFSx86
Run by AIPUSER at 2:50:50.28 on Mon 01/31/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.151 [GMT -5:00]

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AIPUSER\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.live.com/
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-rel
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [CE8SIIFGSU] c:\docume~1\aipuser\locals~1\temp\Orv.exe
uRun: [NtWqIVLZEWZU] c:\docume~1\aipuser\locals~1\temp\Orw.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [UniPrint] c:\program files\uniprint\client\SetDfltSettings.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Cisco Systems VPN Client.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aipuser\applic~1\mozilla\firefox\profiles\19bf02a6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
S1 MpKsl5a739613;MpKsl5a739613;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed71b7a5-bfa3-4195-8634-57ccbbb8d425}\mpksl5a739613.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed71b7a5-bfa3-4195-8634-57ccbbb8d425}\MpKsl5a739613.sys [?]
S1 MpKslb5307f03;MpKslb5307f03;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf62c915-5c39-4655-b596-2277894110c6}\mpkslb5307f03.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf62c915-5c39-4655-b596-2277894110c6}\MpKslb5307f03.sys [?]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [2009-5-6 21240]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-3-16 189792]

=============== Created Last 30 ================

2011-01-31 06:03:45 -------- d-----w- c:\docume~1\aipuser\applic~1\Malwarebytes
2011-01-31 06:03:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 06:03:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-31 06:03:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 06:03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 15:47:23 135168 --sha-r- c:\windows\system32\csrssh.dll
2011-01-30 15:46:58 267776 ----a-w- c:\windows\Otubia.exe
2011-01-30 15:15:25 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{ca650b9c-9121-42cc-8e48-26c336a79078}\mpengine.dll
2011-01-30 15:14:18 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-30 15:14:18 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-16 23:10:40 1409 ----a-w- c:\windows\QTFont.for
2011-01-15 00:49:00 -------- d-----w- c:\program files\MSECache
2011-01-05 22:15:03 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-01-05 15:45:05 215920 ----a-w- c:\windows\system32\muweb.dll
2011-01-05 15:45:04 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-05 15:45:04 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-01-04 19:59:34 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-04 19:57:35 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-04 18:00:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-04 18:00:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-01-03 22:17:13 -------- d-----w- c:\docume~1\aipuser\locals~1\applic~1\Mozilla
2011-01-02 20:23:32 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-01-02 20:23:30 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-01-02 15:39:56 -------- d-----w- c:\program files\common files\HP
2011-01-02 15:36:35 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2011-01-02 15:36:34 74240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
2011-01-02 15:36:34 48128 ----a-w- c:\windows\system32\hpzll054.dll

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

============= FINISH: 2:52:01.45 ===============

In addition, I see on the previous post the Response team member advised the use of Rootkit Unhooker. Perhaps the scan report from it would be equivalent to the one GMER would generate. I saved a .txt of the report with drivers and stealth selected only and have attached it to this reply. Thank you again for any help you can provide.

RKSRC

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 31 January 2011 - 04:21 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 04 February 2011 - 09:39 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 RSKRC

RSKRC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York USA
  • Local time:01:00 AM

Posted 05 February 2011 - 09:40 PM

Hello m0le. Thank you for your response. I am here awaiting your instructions. I have not run any fixes other than what I indicated in my initial posting. The logs I posted are also from that same day.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 06 February 2011 - 05:30 AM

Let's run TDSSKiller to make sure we don't have that rootkit to deal with

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 RSKRC

RSKRC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York USA
  • Local time:01:00 AM

Posted 06 February 2011 - 12:47 PM

Hello M0le.

Sorry I missed your posting earlier. I am in NY USA. I have pasted in the report from TDSS Killer. Initially I only scanned the 'C' drive. I did not see where I could get back into the preferences to scan another partition. TDSS Killer did not locate any malicious items. Some other symptoms I noticed is that the audio is affected. Audio playback is slow and the start-up chime is broken up and choppy. Also, the google search page selections redirect to a different site. Before I posted to Bleeping Computer I ran a scan with Malwarebytes Anti-Malware without doing any fixes. Malwarebytes' Anti-Malware revealed some registry values and keys that were infected. I did not remove or fix any items, but I did save a log from it if that's helpful. Let me know if you want me to attach or post it.


2011/02/06 12:41:30.0515 3696 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/06 12:41:30.0655 3696 ================================================================================
2011/02/06 12:41:30.0655 3696 SystemInfo:
2011/02/06 12:41:30.0655 3696
2011/02/06 12:41:30.0655 3696 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/06 12:41:30.0655 3696 Product type: Workstation
2011/02/06 12:41:30.0655 3696 ComputerName: AIP-COTTAGE-21
2011/02/06 12:41:30.0655 3696 UserName: AIPUSER
2011/02/06 12:41:30.0655 3696 Windows directory: C:\WINDOWS
2011/02/06 12:41:30.0655 3696 System windows directory: C:\WINDOWS
2011/02/06 12:41:30.0655 3696 Processor architecture: Intel x86
2011/02/06 12:41:30.0655 3696 Number of processors: 1
2011/02/06 12:41:30.0655 3696 Page size: 0x1000
2011/02/06 12:41:30.0655 3696 Boot type: Normal boot
2011/02/06 12:41:30.0655 3696 ================================================================================
2011/02/06 12:41:30.0874 3696 Initialize success
2011/02/06 12:41:37.0202 1392 ================================================================================
2011/02/06 12:41:37.0202 1392 Scan started
2011/02/06 12:41:37.0202 1392 Mode: Manual;
2011/02/06 12:41:37.0202 1392 ================================================================================
2011/02/06 12:41:38.0421 1392 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/06 12:41:38.0921 1392 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/06 12:41:39.0374 1392 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/06 12:41:39.0859 1392 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/06 12:41:40.0359 1392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/06 12:41:40.0906 1392 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/06 12:41:41.0406 1392 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/06 12:41:41.0921 1392 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/06 12:41:42.0421 1392 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/06 12:41:42.0874 1392 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/06 12:41:43.0359 1392 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/06 12:41:43.0828 1392 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/06 12:41:44.0312 1392 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/06 12:41:44.0765 1392 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/06 12:41:45.0234 1392 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/06 12:41:45.0703 1392 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/06 12:41:46.0171 1392 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/06 12:41:46.0609 1392 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/06 12:41:47.0140 1392 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/02/06 12:41:47.0609 1392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/06 12:41:48.0109 1392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/06 12:41:49.0015 1392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/06 12:41:49.0484 1392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/06 12:41:49.0937 1392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/06 12:41:50.0406 1392 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/06 12:41:50.0859 1392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/06 12:41:51.0344 1392 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/06 12:41:51.0812 1392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/06 12:41:52.0344 1392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/06 12:41:52.0812 1392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/06 12:41:53.0734 1392 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/06 12:41:54.0234 1392 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/06 12:41:54.0687 1392 CSVirtA (9cab153e79c37ef7666fb83c5ec77c0d) C:\WINDOWS\system32\DRIVERS\CSVirtA.sys
2011/02/06 12:41:55.0172 1392 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/02/06 12:41:55.0734 1392 CVPNDRVA (091581087292b681725e6bc623ef2f82) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/02/06 12:41:56.0297 1392 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/06 12:41:56.0750 1392 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/06 12:41:57.0250 1392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/06 12:41:58.0016 1392 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/06 12:41:58.0516 1392 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/06 12:41:59.0000 1392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/06 12:41:59.0469 1392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/06 12:41:59.0985 1392 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/02/06 12:42:00.0453 1392 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2011/02/06 12:42:00.0938 1392 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/06 12:42:01.0360 1392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/06 12:42:01.0531 1392 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/02/06 12:42:01.0953 1392 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/02/06 12:42:02.0531 1392 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/06 12:42:03.0063 1392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/06 12:42:03.0532 1392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/06 12:42:04.0000 1392 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/06 12:42:04.0453 1392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/06 12:42:04.0938 1392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/06 12:42:05.0422 1392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/06 12:42:05.0938 1392 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/06 12:42:06.0422 1392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/06 12:42:06.0875 1392 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/06 12:42:07.0422 1392 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
2011/02/06 12:42:07.0907 1392 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/06 12:42:08.0391 1392 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/06 12:42:08.0844 1392 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/06 12:42:09.0313 1392 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/06 12:42:09.0876 1392 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/06 12:42:10.0329 1392 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/06 12:42:10.0782 1392 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/06 12:42:11.0282 1392 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/06 12:42:12.0204 1392 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/02/06 12:42:12.0719 1392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/06 12:42:13.0204 1392 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/06 12:42:13.0641 1392 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/06 12:42:14.0126 1392 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/06 12:42:14.0594 1392 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/06 12:42:15.0079 1392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/06 12:42:15.0563 1392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/06 12:42:16.0048 1392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/06 12:42:16.0532 1392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/06 12:42:16.0985 1392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/06 12:42:17.0516 1392 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/06 12:42:18.0001 1392 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/06 12:42:18.0470 1392 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/06 12:42:18.0985 1392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/06 12:42:19.0470 1392 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/06 12:42:20.0376 1392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/06 12:42:20.0845 1392 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/06 12:42:21.0298 1392 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/06 12:42:21.0767 1392 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/06 12:42:22.0235 1392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/06 12:42:22.0798 1392 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/02/06 12:42:23.0439 1392 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/06 12:42:23.0939 1392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/06 12:42:24.0564 1392 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/06 12:42:25.0032 1392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/06 12:42:25.0501 1392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/06 12:42:25.0954 1392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/06 12:42:26.0423 1392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/06 12:42:26.0861 1392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/06 12:42:27.0361 1392 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/06 12:42:27.0923 1392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/06 12:42:28.0392 1392 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/06 12:42:28.0829 1392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/06 12:42:29.0345 1392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/06 12:42:29.0814 1392 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/06 12:42:30.0267 1392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/06 12:42:30.0783 1392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/06 12:42:31.0267 1392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/06 12:42:31.0908 1392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/06 12:42:32.0408 1392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/06 12:42:33.0564 1392 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/06 12:42:34.0033 1392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/06 12:42:34.0501 1392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/06 12:42:34.0970 1392 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/06 12:42:35.0486 1392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/06 12:42:36.0189 1392 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/06 12:42:36.0861 1392 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/06 12:42:38.0064 1392 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/06 12:42:38.0814 1392 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/06 12:42:41.0049 1392 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/06 12:42:41.0502 1392 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/06 12:42:41.0986 1392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/06 12:42:42.0486 1392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/06 12:42:42.0986 1392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/06 12:42:43.0471 1392 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/06 12:42:43.0939 1392 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/06 12:42:44.0439 1392 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/06 12:42:44.0924 1392 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/06 12:42:45.0392 1392 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/06 12:42:45.0861 1392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/06 12:42:46.0346 1392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/06 12:42:46.0799 1392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/06 12:42:47.0299 1392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/06 12:42:47.0783 1392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/06 12:42:48.0314 1392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/06 12:42:48.0830 1392 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/06 12:42:49.0361 1392 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/06 12:42:49.0815 1392 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/06 12:42:50.0283 1392 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
2011/02/06 12:42:50.0752 1392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/06 12:42:51.0502 1392 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/02/06 12:42:51.0971 1392 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/06 12:42:52.0455 1392 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/06 12:42:52.0908 1392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/06 12:42:53.0862 1392 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/06 12:42:54.0440 1392 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
2011/02/06 12:42:54.0908 1392 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/06 12:42:55.0362 1392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/06 12:42:55.0846 1392 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/06 12:42:56.0424 1392 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/06 12:42:56.0877 1392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/06 12:42:57.0346 1392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/06 12:42:57.0815 1392 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/06 12:42:58.0315 1392 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/06 12:42:58.0784 1392 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/06 12:42:59.0252 1392 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/06 12:42:59.0737 1392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/06 12:43:00.0362 1392 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/06 12:43:00.0799 1392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/06 12:43:01.0252 1392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/06 12:43:01.0737 1392 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/06 12:43:02.0206 1392 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/06 12:43:02.0690 1392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/06 12:43:03.0159 1392 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/06 12:43:03.0799 1392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/06 12:43:04.0268 1392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/06 12:43:04.0753 1392 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/06 12:43:05.0221 1392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/06 12:43:05.0706 1392 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/06 12:43:06.0159 1392 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/06 12:43:06.0643 1392 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/06 12:43:07.0081 1392 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/06 12:43:07.0550 1392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/06 12:43:08.0034 1392 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/06 12:43:08.0518 1392 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/06 12:43:08.0987 1392 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/06 12:43:09.0472 1392 vsdatant (d658e49302c382b88c8e9a08e20b2e82) C:\WINDOWS\system32\vsdatant.sys
2011/02/06 12:43:09.0956 1392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/06 12:43:11.0284 1392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/06 12:43:11.0440 1392 ================================================================================
2011/02/06 12:43:11.0440 1392 Scan finished
2011/02/06 12:43:11.0440 1392 ================================================================================

Edited by RSKRC, 06 February 2011 - 01:00 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 06 February 2011 - 07:52 PM

The TDSSKiller log shows nothing so now we go to the next level.

Run Combofix as shown

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 RSKRC

RSKRC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York USA
  • Local time:01:00 AM

Posted 06 February 2011 - 09:50 PM

M0le,

Combo fix ran but did not appear to restart the computer, but it did finish and create the log pasted here. I restarted the computer and the start up chime and audio are still choppy and broken up.


ComboFix 11-02-05.01 - AIPUSER 02/06/2011 21:13:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.110 [GMT -5:00]
Running from: c:\documents and settings\AIPUSER\Desktop\comfix.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\AIPUSER\Recent\017808pre_pr.pdf
c:\windows\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2011-01-07 to 2011-02-07 )))))))))))))))))))))))))))))))
.

2011-02-06 18:04 . 2011-02-06 18:05 -------- d-----w- c:\windows\system32\NtmsData
2011-02-05 19:31 . 2011-02-05 19:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-01-31 06:03 . 2011-01-31 06:03 -------- d-----w- c:\documents and settings\AIPUSER\Application Data\Malwarebytes
2011-01-31 06:03 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 06:03 . 2011-01-31 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-31 06:03 . 2011-01-31 06:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 06:03 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 15:47 . 2011-01-30 15:47 135168 --sha-r- c:\windows\system32\csrssh.dll
2011-01-30 15:46 . 2011-01-30 15:46 267776 ----a-w- c:\windows\Otubia.exe
2011-01-30 15:15 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CA650B9C-9121-42CC-8E48-26C336A79078}\mpengine.dll
2011-01-30 15:14 . 2011-01-30 15:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-16 23:10 . 2011-01-16 23:10 1409 ----a-w- c:\windows\QTFont.for
2011-01-15 00:49 . 2011-01-15 00:49 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 09:41 . 2011-01-05 22:15 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-18 18:12 . 2004-08-11 23:12 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 23:53 . 2010-05-22 18:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34 . 2007-08-01 11:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2004-08-11 23:00 249856 ----a-w- c:\windows\system32\odbc32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-14 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-14 98304]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"UniPrint"="c:\program files\UniPrint\Client\SetDfltSettings.exe" [2005-07-20 131072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-10-06 53248]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Cisco Systems VPN Client.lnk.disabled [2006-3-16 1762]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

S1 MpKsl5a739613;MpKsl5a739613;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED71B7A5-BFA3-4195-8634-57CCBBB8D425}\MpKsl5a739613.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED71B7A5-BFA3-4195-8634-57CCBBB8D425}\MpKsl5a739613.sys [?]
S1 MpKslb5307f03;MpKslb5307f03;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF62C915-5C39-4655-B596-2277894110C6}\MpKslb5307f03.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF62C915-5C39-4655-B596-2277894110C6}\MpKslb5307f03.sys [?]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [5/6/2009 8:18 AM 21240]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\AIPUSER\Application Data\Mozilla\Firefox\Profiles\19bf02a6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-06 21:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
Completion time: 2011-02-06 21:27:36
ComboFix-quarantined-files.txt 2011-02-07 02:27

Pre-Run: 24,450,469,888 bytes free
Post-Run: 24,621,686,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 011CAD4623AB784FEE4DB6FBCA2BD584

Edited by RSKRC, 06 February 2011 - 11:01 PM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 07 February 2011 - 02:15 PM

I restarted the computer and the start up chime and audio are still choppy and broken up.


Is that the only remaining symptom?
Posted Image
m0le is a proud member of UNITE

#9 RSKRC

RSKRC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York USA
  • Local time:01:00 AM

Posted 07 February 2011 - 03:14 PM

m0le.

At first glance, Windows is starting slower. Browser windows hanging up but not redirecting anymore. Still have broken up start up chime as well as the audio being choppy and video sluggish. Security Essentials is working again. Security Center looks like it should. I have not restarted the Security Essentials or Spybot as of yet. I did a Malmwarebytes scan without any fixes and it shows 2 infected items. 1 registry key and 1 file. I saved a log only. Trojan.Dropper and Trojan.FakeAlert.

Edited by RSKRC, 07 February 2011 - 05:28 PM.


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 07 February 2011 - 07:09 PM

Run MBAM again and remove the items. Post the log. Then rerun and post the log for that one too.
Posted Image
m0le is a proud member of UNITE

#11 RSKRC

RSKRC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York USA
  • Local time:01:00 AM

Posted 07 February 2011 - 09:15 PM

m0le.

Pasted here are both logs from MBAM. The 1st log was generated after removing the items. The 2nd log is from the final pass and pasted below after the dashed lines. MBAM requested a restart to remove the items. The start up chime and audio is still very broken up while restarting before, after and final. While researching it, I discovered this post . . .

http://forum.eeeuser.com/viewtopic.php?id=86363

My Primary IDE Channel Device '0' is in 'PIO' mode although it is set to request 'DMA if Available' even after rebooting. Secondary IDE Channel is set for 'Ultra DMA Mode 2'. Device '1' is 'Not Applicable' for both primary and secondary channels although DMA is requested. I do not have an original start up disk so I am hesitant to uninstall the driver. Is it really safe to uninstall the driver and reboot to reinstall? Will windows automatically reinstall the drivers even without the original Windows disk?

1st Log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5706

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/7/2011 8:55:47 PM
mbam-log-2011-02-07 (20-55-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 199472
Time elapsed: 1 hour(s), 33 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\3ETECE6I8G (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\AIPUSER\local settings\application data\Mozilla\Firefox\Profiles\19bf02a6.default\Cache(2)\89211650d01 (Trojan.Dropper) -> Quarantined and deleted successfully.


-------------------------------------------------------------------------
--------------------------------------------------------------------------

2nd Log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5707

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/7/2011 10:53:18 PM
mbam-log-2011-02-07 (22-53-18).txt

Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 199636
Time elapsed: 1 hour(s), 33 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by RSKRC, 08 February 2011 - 12:51 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 08 February 2011 - 07:54 PM

MBAM says we're good on the malware. The choppy sound was never a symptom of that which is why I needed to check what was still happening.

As for the Esus forum, yes, it is perfectly safe to uninstall certain drives as they do get reinstalled automatically on a reboot. This sound driver is one of these that is available for this operation.

Let me know if it fixes the problem. Also, let me know how the machine is in general.
Posted Image
m0le is a proud member of UNITE

#13 RSKRC

RSKRC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York USA
  • Local time:01:00 AM

Posted 09 February 2011 - 02:09 AM

m0le.

Uninstalling/reinstalling the driver for the primary IDE did fix the audio problem. Also the machine seems much more responsive now. Starts up faster too. However the browser windows are still drawing slowly and hang up occasionally. Both devices are running in DMA mode now. I restarted and updated Microsoft Security Essentials. I then ran a scan with Microsoft Security Essentials which detected and removed 2 more TrojanDownloaders: Win32/Renos.LX and Win32/Renos. I hope it's OK that it removed them before contacting you. I'd like to run some more scans with MBAM, SpyBot and Microsoft Security Essentials. But generally the computer seems to be rid of the symptoms. I just want to be sure I'm clear of the problems especially since Microsoft Security Essentials found a couple more items. Perhaps I could try to run DDS and GMER again and post some logs. I was unable to run GMER initially. It would be interesting to see if it runs now. What about CCleaner? Is that something I should follow up with? I am assuming that the virus had something to do with the primary IDE drivers getting corrupted. You said the choppy sound was never a symptom of the malware problem. Do we know what malware I encountered? Seemed to be a mixed bag. Before the infection the computer's audio and performance was fine. Is it really fruitless to empty the prefetch folder? Please let me know where we go from here.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 09 February 2011 - 04:16 PM

There seems to be something hanging on here. I meant to say that choppy sound isn't a direct cause but of course drivers can be corrupted by malware.

Please rerun Combofix and see if anything has returned. The renos trojan is also known as FakeAlert - not a nice one.
Posted Image
m0le is a proud member of UNITE

#15 RSKRC

RSKRC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York USA
  • Local time:01:00 AM

Posted 11 February 2011 - 02:04 PM

Hey m0le.

Ran Combo Fix again. It updated Combo Fix prior to running. Apparently no reboot. I presume that 'PEV.cfxxe' corrupt file, Dir: C unreadable, run ChkDsk message I get while running Combo Fix is just a funtionality of Combo Fix. Everything seems to be running OK at first glance. Directory and browser windows as well as the cursor hang up occasionally. Dragging open directory windows across open browser windows leaves an echo trail which disappears. I'll take note of any other symptoms. I have pasted the Combo Fix log here.

ComboFix 11-02-09.05 - AIPUSER 02/10/2011 22:11:56.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.307 [GMT -5:00]
Running from: c:\documents and settings\AIPUSER\Desktop\comfix.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((( Files Created from 2011-01-11 to 2011-02-11 )))))))))))))))))))))))))))))))
.

2011-02-11 02:41 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-02-11 02:33 . 2011-02-11 02:33 -------- d-----w- c:\program files\Windows Media Connect 2
2011-02-11 02:32 . 2011-02-11 02:33 -------- d-----w- C:\c4652e4257dcb9cad17a441fb9
2011-02-11 02:30 . 2011-02-11 02:31 -------- d-----w- C:\9f92a50f557a37c571b071deec48aa4c
2011-02-11 02:30 . 2011-02-11 02:31 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-02-11 02:28 . 2011-02-11 02:30 -------- d-----w- C:\1cbdd664ff64729b0e02f43785
2011-02-10 22:46 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{369A1059-6525-4BB3-8B58-13A5D26D3C24}\mpengine.dll
2011-02-09 05:10 . 2011-02-09 05:10 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-07 23:08 . 2011-02-07 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-02-07 07:18 . 2011-02-07 07:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-02-06 18:04 . 2011-02-06 18:05 -------- d-----w- c:\windows\system32\NtmsData
2011-02-05 19:31 . 2011-02-05 19:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-01-31 06:03 . 2011-01-31 06:03 -------- d-----w- c:\documents and settings\AIPUSER\Application Data\Malwarebytes
2011-01-31 06:03 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 06:03 . 2011-01-31 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-31 06:03 . 2011-01-31 06:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 06:03 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 15:47 . 2011-01-30 15:47 135168 --sha-r- c:\windows\system32\csrssh.dll
2011-01-21 14:44 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-16 23:10 . 2011-01-16 23:10 1409 ----a-w- c:\windows\QTFont.for
2011-01-15 00:49 . 2011-01-15 00:49 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-11 23:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 09:41 . 2011-01-05 22:15 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-07 14:09 . 2004-08-11 23:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 23:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-11 23:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-11 23:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-11 23:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-11 23:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-11 23:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 04:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12 . 2004-08-11 23:12 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-07_02.21.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-23 17:44 . 2006-03-23 17:44 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80u.dll
+ 2006-03-23 17:44 . 2006-03-23 17:44 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80.dll
+ 2006-03-23 16:15 . 2006-03-23 16:15 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2011-02-11 03:02 . 2011-02-11 03:02 16384 c:\windows\Temp\Perflib_Perfdata_298.dat
+ 2006-09-28 23:56 . 2006-09-28 23:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-29 01:13 . 2006-09-29 01:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 38400 c:\windows\system32\wpdshextres.dll
+ 2006-10-19 01:00 . 2006-10-19 01:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2006-03-14 18:35 . 2006-10-19 02:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2006-03-14 18:35 . 2006-10-19 02:47 35840 c:\windows\system32\wpdconns.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 99840 c:\windows\system32\wmpshell.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 37376 c:\windows\system32\wmdmps.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 33792 c:\windows\system32\wmdmlog.dll
+ 2011-02-11 02:33 . 2007-07-28 04:11 16760 c:\windows\system32\spmsg.dll
- 2004-08-11 23:00 . 2011-02-07 01:55 70262 c:\windows\system32\perfc009.dat
+ 2004-08-11 23:00 . 2011-02-11 03:06 70262 c:\windows\system32\perfc009.dat
+ 2004-08-11 23:00 . 2006-10-19 02:47 27136 c:\windows\system32\mspmsnsv.dll
- 2004-08-11 23:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-11 23:00 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 08:31 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 08:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 11264 c:\windows\system32\LAPRXY.dll
+ 2004-08-11 23:00 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
- 2004-08-11 23:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2006-09-29 00:00 . 2006-09-29 00:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 23:55 . 2006-09-28 23:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2006-03-14 18:35 . 2006-10-19 01:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2009-07-15 15:26 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-07-15 15:26 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 99840 c:\windows\system32\dllcache\wmpshell.dll
+ 2004-08-11 23:12 . 2006-10-19 02:46 64000 c:\windows\system32\dllcache\wmplayer.exe
+ 2004-08-11 23:12 . 2006-10-19 02:47 96256 c:\windows\system32\dllcache\wmpband.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 33792 c:\windows\system32\dllcache\wmdmlog.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 27136 c:\windows\system32\dllcache\mspmsnsv.dll
- 2009-03-08 08:31 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 08:31 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-08-31 14:15 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-08-31 14:15 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 08:34 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 08:34 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 11264 c:\windows\system32\dllcache\LAPRXY.dll
+ 2009-03-08 08:33 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 08:33 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2006-03-16 20:02 . 2011-02-09 22:26 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-03-16 20:02 . 2011-01-06 15:38 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-03-16 20:02 . 2011-01-06 15:38 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-03-16 20:02 . 2011-02-09 22:26 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-03-16 20:02 . 2011-02-09 22:26 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-03-16 20:02 . 2011-01-06 15:38 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-03-16 20:02 . 2011-02-09 22:26 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-03-16 20:02 . 2011-01-06 15:38 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-03-16 20:02 . 2011-02-09 22:26 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-03-16 20:02 . 2011-01-06 15:38 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2006-03-16 20:02 . 2011-02-09 22:26 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-03-16 20:02 . 2011-01-06 15:38 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-02-07 23:08 . 2011-02-07 23:08 10134 c:\windows\Installer\{36FDBE6E-6684-462B-AE98-9A39A1B200CC}\ARPPRODUCTICON.exe
+ 2011-02-09 22:21 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-09 22:21 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-09 22:21 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-09 22:21 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-09 22:21 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 4096 c:\windows\system32\wmvdmoe2.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 4096 c:\windows\system32\wmvdmod.dll
+ 2006-03-14 18:35 . 2006-10-19 02:47 4096 c:\windows\system32\WMVADVE.DLL
+ 2006-03-14 18:35 . 2006-10-19 02:47 4096 c:\windows\system32\WMVADVD.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 4096 c:\windows\system32\wmsdmoe2.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 4096 c:\windows\system32\wmsdmod.dll
+ 2006-03-14 18:35 . 2006-10-19 02:58 8704 c:\windows\system32\wdfmgr.exe
+ 2006-03-14 18:35 . 2006-10-19 02:47 4096 c:\windows\system32\wdfapi.dll
+ 2006-03-14 18:35 . 2006-10-19 02:58 8704 c:\windows\system32\uwdf.exe
+ 2004-08-11 23:00 . 2006-10-19 02:47 4096 c:\windows\system32\MPG4DMOD.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 4096 c:\windows\system32\MP4SDMOD.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 4096 c:\windows\system32\MP43DMOD.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 4096 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 4096 c:\windows\system32\dllcache\wmvdmod.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 4096 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 4096 c:\windows\system32\dllcache\wmsdmod.dll
+ 2010-04-05 16:54 . 2006-10-19 02:47 4096 c:\windows\system32\dllcache\MP4SDMOD.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 7168 c:\windows\system32\dllcache\asferror.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 7168 c:\windows\system32\asferror.dll
- 2006-03-16 20:02 . 2011-01-06 15:38 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-03-16 20:02 . 2011-02-09 22:26 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-03-23 16:14 . 2006-03-23 16:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2006-03-23 16:14 . 2006-03-23 16:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2006-03-23 16:14 . 2006-03-23 16:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2006-09-28 23:56 . 2006-09-28 23:56 316416 c:\windows\system32\WUDFx.dll
+ 2006-09-28 23:56 . 2006-09-28 23:56 165376 c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 23:56 . 2006-09-28 23:56 146432 c:\windows\system32\WudfHost.exe
+ 2006-03-14 18:35 . 2006-10-19 02:47 356352 c:\windows\system32\wpdsp.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 133632 c:\windows\system32\WPDShServiceObj.dll
+ 2006-03-14 18:35 . 2006-10-19 02:47 154624 c:\windows\system32\wpdmtp.dll
+ 2006-03-14 18:35 . 2006-10-19 02:47 629760 c:\windows\system32\wpd_ci.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 656896 c:\windows\system32\WMVXENCD.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 767488 c:\windows\system32\WMVSENCD.dll
+ 2004-08-11 23:00 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-03-14 18:35 . 2006-10-19 02:47 204288 c:\windows\system32\wmpsrcwp.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 130048 c:\windows\system32\wmpps.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 613376 c:\windows\system32\wmpmde.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-11 23:00 . 2009-07-14 04:43 286208 c:\windows\system32\wmpdxm.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 242688 c:\windows\system32\wmpasf.dll
+ 2004-08-11 23:00 . 2008-06-18 10:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 157184 c:\windows\system32\wmidx.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 227328 c:\windows\system32\wmerror.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 535040 c:\windows\system32\wmdrmsdk.dll
+ 2006-03-14 18:35 . 2006-10-19 02:47 348672 c:\windows\system32\wmdrmnet.dll
+ 2006-03-14 18:35 . 2006-10-19 02:47 429056 c:\windows\system32\wmdrmdev.dll
+ 2004-08-11 23:00 . 2007-10-27 22:40 222720 c:\windows\system32\wmasf.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 757248 c:\windows\system32\WMADMOD.dll
+ 2004-08-11 23:00 . 2010-11-06 00:26 916480 c:\windows\system32\wininet(3).dll
+ 2011-01-30 13:36 . 2011-02-09 05:11 680872 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-11 23:00 . 2006-10-19 02:47 211456 c:\windows\system32\qasf.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 199168 c:\windows\system32\PortableDeviceWMDRM.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 132096 c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 166912 c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 101888 c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 284160 c:\windows\system32\PortableDeviceApi.dll
- 2004-08-11 23:00 . 2011-02-07 01:55 430408 c:\windows\system32\perfh009.dat
+ 2004-08-11 23:00 . 2011-02-11 03:06 430408 c:\windows\system32\perfh009.dat
+ 2004-08-11 23:00 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll
- 2004-08-11 23:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 321536 c:\windows\system32\mswmdm.dll
+ 2004-08-11 23:00 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll
- 2004-08-11 23:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 414208 c:\windows\system32\msscp.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 175616 c:\windows\system32\mspmsp.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 179712 c:\windows\system32\msnetobj.dll
- 2009-03-08 08:32 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 08:32 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll
+ 2006-10-02 20:28 . 2006-10-02 20:28 312128 c:\windows\system32\msdelta.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 259072 c:\windows\system32\MPG4DECD.dll
+ 2006-10-19 02:47 . 2010-03-30 17:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 259072 c:\windows\system32\MP43DECD.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 212992 c:\windows\system32\MFPLAT.dll
+ 2004-08-11 23:00 . 2008-06-18 06:09 100864 c:\windows\system32\logagent.exe
+ 2004-08-11 23:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos(3).dll
+ 2011-02-09 03:08 . 2011-02-11 03:02 214466 c:\windows\system32\inetsrv\MetaBase.bin
- 2011-01-30 13:51 . 2011-02-07 01:51 214466 c:\windows\system32\inetsrv\MetaBase.bin
+ 2004-08-11 23:00 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll
- 2004-08-11 23:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
+ 2004-08-11 23:00 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-11 23:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-11 23:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 23:00 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
- 2004-08-11 23:06 . 2011-01-30 16:02 211288 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 23:06 . 2011-02-09 22:36 211288 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 23:00 . 2006-10-19 02:47 991744 c:\windows\system32\drmv2clt.dll
+ 2006-10-19 01:00 . 2006-10-19 01:00 249856 c:\windows\system32\drmupgds.exe
+ 2006-10-19 02:47 . 2006-10-19 02:47 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
+ 2004-08-11 23:00 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-11 23:00 . 2009-07-14 04:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 242688 c:\windows\system32\dllcache\wmpasf.dll
+ 2004-08-11 23:00 . 2008-06-18 10:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 157184 c:\windows\system32\dllcache\wmidx.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 227328 c:\windows\system32\dllcache\wmerror.dll
+ 2004-08-11 23:00 . 2007-10-27 22:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 757248 c:\windows\system32\dllcache\WMADMOD.dll
- 2008-04-21 06:44 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-21 06:44 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-11 23:00 . 2006-11-01 23:31 315904 c:\windows\system32\dllcache\unregmp2.exe
+ 2004-08-11 23:00 . 2006-10-19 02:47 211456 c:\windows\system32\dllcache\qasf.dll
+ 2009-03-08 08:34 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 08:34 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-04-14 23:19 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 321536 c:\windows\system32\dllcache\mswmdm.dll
- 2009-03-08 08:32 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 08:32 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 414208 c:\windows\system32\dllcache\msscp.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 175616 c:\windows\system32\dllcache\mspmsp.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 179712 c:\windows\system32\dllcache\msnetobj.dll
+ 2009-08-31 14:15 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-08-31 14:15 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2004-08-11 23:12 . 2006-10-19 02:47 243712 c:\windows\system32\dllcache\mpvis.dll
+ 2010-03-30 17:24 . 2010-03-30 17:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
- 2009-04-14 23:19 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-04-14 23:19 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-11 23:00 . 2008-06-18 06:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-07-15 15:26 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-07-15 15:26 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 08:31 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 08:31 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 03:10 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 03:10 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 18:09 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 18:09 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 08:32 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 08:32 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-11 23:00 . 2006-10-19 02:47 991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 542720 c:\windows\system32\dllcache\blackbox.dll
- 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-04-20 05:30 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 229376 c:\windows\system32\cewmdm.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 542720 c:\windows\system32\blackbox.dll
+ 2006-03-14 18:35 . 2006-10-19 02:47 276992 c:\windows\system32\audiodev.dll
+ 2004-08-11 23:00 . 2010-10-28 13:13 290048 c:\windows\system32\atmfd(2).dll
+ 2011-02-07 23:08 . 2011-02-07 23:08 348672 c:\windows\Installer\4258319.msi
+ 2006-03-16 20:02 . 2011-02-09 22:26 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-03-16 20:02 . 2011-01-06 15:38 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-03-16 20:02 . 2011-02-09 22:26 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-03-16 20:02 . 2011-01-06 15:38 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-03-16 20:02 . 2011-01-06 15:38 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-03-16 20:02 . 2011-02-09 22:26 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-03-16 20:02 . 2011-01-06 15:38 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-03-16 20:02 . 2011-02-09 22:26 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-03-16 20:02 . 2011-01-06 15:38 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-03-16 20:02 . 2011-02-09 22:26 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-03-16 20:02 . 2011-02-09 22:26 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2006-03-16 20:02 . 2011-01-06 15:38 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2004-08-11 23:00 . 2006-11-01 23:31 315904 c:\windows\inf\unregmp2.exe
+ 2011-02-09 22:21 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-09 22:21 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-09 22:21 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-09 22:21 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-09 22:21 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-09 22:21 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-09 22:21 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-09 22:21 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-09 22:21 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-09 22:21 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-09 22:21 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2006-03-23 17:44 . 2006-03-23 17:44 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
+ 2006-03-23 17:44 . 2006-03-23 17:44 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 2603008 c:\windows\system32\WpdShext.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 1382912 c:\windows\system32\WMVSDECD.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 1574912 c:\windows\system32\WMVENCOD.dll
+ 2006-10-19 02:47 . 2006-10-19 02:47 1543680 c:\windows\system32\WMVDECOD.dll
+ 2004-08-11 23:00 . 2010-04-06 09:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 1329152 c:\windows\system32\WMSPDMOE.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 8231936 c:\windows\system32\wmploc.dll
+ 2006-03-14 18:35 . 2006-10-19 02:47 1661440 c:\windows\system32\wmpencen.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 1117696 c:\windows\system32\WMADMOE.dll
+ 2004-08-11 23:00 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll
- 2004-08-11 23:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll
+ 2004-08-11 23:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon(3).dll
+ 2004-08-11 23:00 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
- 2004-08-11 23:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2004-08-11 23:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32(3).dll
+ 2004-08-11 23:00 . 2010-12-20 23:59 5961216 c:\windows\system32\mshtml.dll
- 2009-03-08 08:32 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2009-03-08 08:32 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
+ 2004-08-11 23:00 . 2010-04-06 09:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 1329152 c:\windows\system32\dllcache\WMSPDMOE.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 8231936 c:\windows\system32\dllcache\wmploc.dll
+ 2004-08-11 23:00 . 2006-10-19 02:47 1117696 c:\windows\system32\dllcache\WMADMOE.dll
+ 2008-10-16 10:44 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:15 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2008-06-26 08:15 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-11 23:12 . 2006-11-01 23:31 1669120 c:\windows\system32\dllcache\setup_wm.exe
+ 2008-10-16 10:44 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 10:44 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 10:44 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 10:44 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-04-21 06:44 . 2010-12-20 23:59 5961216 c:\windows\system32\dllcache\mshtml.dll
- 2009-07-15 15:26 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2009-07-15 15:26 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-01-17 21:06 . 2011-01-17 21:06 5518848 c:\windows\Installer\f5cbd8.msp
+ 2006-08-31 15:45 . 2011-02-11 01:50 3817472 c:\windows\Installer\583f13.msi
- 2006-08-31 15:45 . 2011-02-06 13:25 3817472 c:\windows\Installer\583f13.msi
+ 2011-01-17 21:06 . 2011-01-17 21:06 5518848 c:\windows\Installer\22c3df7.msp
+ 2011-02-09 22:21 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-09 22:21 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-09 22:21 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2008-10-16 10:44 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 10:44 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 10:44 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 10:44 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2004-08-11 23:00 . 2010-08-26 04:36 10841088 c:\windows\system32\wmp.dll
+ 2006-03-16 17:46 . 2011-02-09 22:22 37443528 c:\windows\system32\MRT.exe
- 2009-03-08 08:39 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll
+ 2009-03-08 08:39 . 2010-12-21 10:29 11080704 c:\windows\system32\ieframe.dll
+ 2004-08-11 23:00 . 2010-08-26 04:36 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-15 15:26 . 2010-12-21 10:29 11080704 c:\windows\system32\dllcache\ieframe.dll
- 2009-07-15 15:26 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-09 22:21 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-14 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-14 98304]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"UniPrint"="c:\program files\UniPrint\Client\SetDfltSettings.exe" [2005-07-20 131072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-10-06 53248]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Cisco Systems VPN Client.lnk.disabled [2006-3-16 1762]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

S1 MpKsl5a739613;MpKsl5a739613;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED71B7A5-BFA3-4195-8634-57CCBBB8D425}\MpKsl5a739613.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED71B7A5-BFA3-4195-8634-57CCBBB8D425}\MpKsl5a739613.sys [?]
S1 MpKsl7deeb71a;MpKsl7deeb71a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6575DBB-6022-499B-BF39-DC1BCA2115C0}\MpKsl7deeb71a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6575DBB-6022-499B-BF39-DC1BCA2115C0}\MpKsl7deeb71a.sys [?]
S1 MpKslb5307f03;MpKslb5307f03;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF62C915-5C39-4655-B596-2277894110C6}\MpKslb5307f03.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF62C915-5C39-4655-B596-2277894110C6}\MpKslb5307f03.sys [?]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [5/6/2009 8:18 AM 21240]
.
Contents of the 'Scheduled Tasks' folder

2011-02-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\AIPUSER\Application Data\Mozilla\Firefox\Profiles\19bf02a6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 22:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(420)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-10 22:20:52
ComboFix-quarantined-files.txt 2011-02-11 03:20
ComboFix2.txt 2011-02-07 02:27

Pre-Run: 23,740,739,584 bytes free
Post-Run: 23,731,785,728 bytes free

- - End Of File - - A56DB16721EA2A0F2E488584AF3BA9FD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users