Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe or something uses >90% CPU


  • This topic is locked This topic is locked
12 replies to this topic

#1 medavedude

medavedude

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 06 February 2011 - 11:20 PM

Hi

My explorer.exe process uses at least 50% CPU, and my total CPU usage is always 80-100%, though I may have literally nothing open except the task manager. I had problems with slow computer / 100% CPU usage before, tried all kinds of things like chkdsk and even system restore. Finally just factory reset my computer a week ago. Now this problem of explorer.exe creeping up on all my CPU usage--not sure if it's even possible to be related after a factory restore.

If I kill the explorer.exe process and then restart it, my total CPU usage goes below 10%, where it should be nothing open, but then slowly creeps up to nearly 100% even though I do nothing.

Please, please let me know if you can help.

Much thanks,
Dave

Here is my DDS log:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Dave at 16:15:46.97 on Sun 02/06/2011
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3069.1496 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\authServer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\System32\rpcnet.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\CE\nmSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\CE\nmFlt.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Taskmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dave\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2080222
uWindow Title = Internet Explorer provided by Dell
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [NMSVC] c:\program files\ce\nmSvc.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: CESpy.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\1mxw5agr.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-1-29 218688]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-2-21 73728]
R2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2011-1-29 245760]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-8-27 345432]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-8-27 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-21 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-8-27 566872]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-2-21 280392]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-21 30192]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-2-21 209408]

=============== Created Last 30 ================

2011-02-05 22:48:58 -------- d-----w- c:\program files\Advanced Wallpaper Changer
2011-02-05 22:44:33 -------- d-----w- c:\users\dave\appdata\roaming\GroovesharkDesktop.7F9BF17D6D9CB2159C78A6A6AB076EA0B1E0497C.1
2011-02-05 22:44:25 -------- d-----w- c:\program files\Grooveshark
2011-02-01 16:56:51 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-02-01 16:55:07 268800 ----a-w- c:\windows\system32\es.dll
2011-02-01 16:49:19 37376 ----a-w- c:\windows\system32\printcom.dll
2011-02-01 16:49:18 441856 ----a-w- c:\windows\system32\win32spl.dll
2011-02-01 16:49:11 2031104 ----a-w- c:\windows\system32\win32k.sys
2011-02-01 16:48:55 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-02-01 16:48:55 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-02-01 16:48:26 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-02-01 16:48:25 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-02-01 16:48:25 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-02-01 16:46:22 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-02-01 16:46:22 312320 ----a-w- c:\windows\system32\msdrm.dll
2011-02-01 16:46:22 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-02-01 16:46:21 515584 ----a-w- c:\windows\system32\RMActivate.exe
2011-02-01 16:46:21 472576 ----a-w- c:\windows\system32\secproc.dll
2011-02-01 16:46:21 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-02-01 16:46:21 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-02-01 16:46:20 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-02-01 16:46:20 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2011-02-01 16:45:59 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
2011-02-01 16:45:58 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
2011-02-01 16:45:58 11776 ----a-w- c:\windows\system32\sbunattend.exe
2011-02-01 16:45:44 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-01 16:45:44 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-02-01 06:21:10 -------- d-----w- c:\users\dave\appdata\local\Microsoft Games
2011-01-30 21:24:42 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-01-30 21:24:42 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-30 21:24:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-01-30 21:24:42 24064 ----a-w- c:\windows\system32\lpk.dll
2011-01-30 21:24:42 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-01-30 21:24:42 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-01-30 21:20:30 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-01-30 21:20:30 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-01-30 21:20:29 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-01-30 21:20:29 272896 ----a-w- c:\windows\system32\polstore.dll
2011-01-30 21:19:26 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-01-30 21:19:26 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-01-30 21:18:24 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-01-30 21:18:24 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-01-30 21:18:24 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-01-30 21:17:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-01-30 21:17:18 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-01-30 21:17:18 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-01-30 21:17:18 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-01-30 21:17:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-01-30 21:17:18 15360 ----a-w- c:\windows\system32\netevent.dll
2011-01-30 21:17:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-01-30 21:17:18 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-01-30 21:17:18 10240 ----a-w- c:\windows\system32\finger.exe
2011-01-30 21:15:56 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-01-30 21:15:56 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-01-30 21:14:57 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-01-30 21:14:55 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-01-30 21:14:55 502784 ----a-w- c:\windows\system32\wlansvc.dll
2011-01-30 21:14:55 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-01-30 21:14:55 299520 ----a-w- c:\windows\system32\wlansec.dll
2011-01-30 21:14:55 289280 ----a-w- c:\windows\system32\wlanmsm.dll
2011-01-30 21:13:48 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-01-30 21:13:48 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-01-30 21:13:47 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-01-30 21:13:47 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-01-30 21:12:36 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-01-30 21:11:25 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-01-30 21:11:24 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-01-30 21:11:24 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-01-30 21:10:23 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-30 21:10:23 2855424 ----a-w- c:\windows\system32\mf.dll
2011-01-30 21:10:22 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-01-30 21:10:22 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-30 21:10:22 2048 ----a-w- c:\windows\system32\mferror.dll
2011-01-30 21:09:16 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-01-30 21:09:15 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-01-30 21:07:12 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-01-30 21:06:13 71680 ----a-w- c:\windows\system32\atl.dll
2011-01-30 21:05:14 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-01-30 21:04:15 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2011-01-30 21:04:15 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-01-30 21:01:58 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-01-30 21:01:58 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-01-30 21:01:00 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-01-30 21:00:00 36352 ----a-w- c:\windows\system32\tsgqec.dll
2011-01-30 21:00:00 1871872 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 21:00:00 116736 ----a-w- c:\windows\system32\aaclient.dll
2011-01-30 20:58:55 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2011-01-30 20:56:54 713728 ----a-w- c:\windows\system32\timedate.cpl
2011-01-30 20:54:50 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2011-01-30 20:54:49 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2011-01-30 20:54:49 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2011-01-30 20:54:49 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2011-01-30 20:52:05 1244672 ----a-w- c:\windows\system32\mcmde.dll
2011-01-30 20:52:04 428032 ----a-w- c:\windows\system32\EncDec.dll
2011-01-30 20:52:04 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2011-01-30 20:52:03 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-01-30 20:52:03 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-01-30 20:52:03 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-01-30 20:52:03 292352 ----a-w- c:\windows\system32\psisdecd.dll
2011-01-30 20:52:03 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-01-30 20:49:24 2048 ----a-w- c:\windows\system32\tzres.dll
2011-01-30 20:48:25 696832 ----a-w- c:\windows\system32\localspl.dll
2011-01-30 20:46:32 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2011-01-30 20:46:32 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-01-30 20:46:32 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2011-01-30 20:46:32 110136 ----a-w- c:\windows\system32\drivers\ataport.sys
2011-01-30 20:46:31 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-01-30 20:46:31 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2011-01-30 20:45:39 2923520 ----a-w- c:\windows\explorer.exe
2011-01-30 20:44:46 7680 ----a-w- c:\windows\system32\lsass.exe
2011-01-30 20:44:46 72704 ----a-w- c:\windows\system32\secur32.dll
2011-01-30 20:44:46 494592 ----a-w- c:\windows\system32\kerberos.dll
2011-01-30 20:44:46 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-01-30 20:44:46 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-01-30 20:44:45 272384 ----a-w- c:\windows\system32\schannel.dll
2011-01-30 20:44:45 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2011-01-30 20:43:43 24064 ----a-w- c:\windows\system32\netcfg.exe
2011-01-30 20:42:02 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2011-01-30 20:42:01 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2011-01-30 20:42:01 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2011-01-30 20:42:01 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2011-01-30 20:42:01 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2011-01-30 20:42:00 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2011-01-30 20:42:00 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2011-01-30 20:42:00 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2011-01-30 20:38:58 29184 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-01-30 20:38:58 220160 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-01-30 20:38:58 19456 ----a-w- c:\windows\system32\drivers\bthenum.sys
2011-01-30 20:38:58 181760 ----a-w- c:\windows\system32\fsquirt.exe
2011-01-30 20:38:02 1585664 ----a-w- c:\windows\system32\setupapi.dll
2011-01-30 20:35:46 549888 ----a-w- c:\windows\system32\rpcss.dll
2011-01-30 20:35:45 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-30 20:35:44 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-30 20:35:43 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-01-30 20:35:43 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2011-01-30 20:35:43 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2011-01-30 20:35:43 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2011-01-30 20:35:42 97280 ----a-w- c:\windows\system32\iasrecst.dll
2011-01-30 20:35:42 53248 ----a-w- c:\windows\system32\iasads.dll
2011-01-30 20:35:42 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2011-01-30 20:35:42 158720 ----a-w- c:\windows\system32\sdohlp.dll
2011-01-30 20:34:56 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-01-30 20:34:56 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-01-30 20:33:31 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-01-30 20:33:31 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-01-30 20:33:31 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-01-30 20:33:30 818688 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-01-30 20:33:30 543232 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2011-01-30 20:33:30 22016 ----a-w- c:\windows\system32\netiougc.exe
2011-01-30 20:33:30 213896 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-30 20:33:30 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2011-01-30 20:33:29 85504 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-01-30 20:33:29 416768 ----a-w- c:\windows\system32\IKEEXT.DLL
2011-01-30 20:33:29 317440 ----a-w- c:\windows\system32\BFE.DLL
2011-01-30 20:32:59 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2011-01-30 20:32:22 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2011-01-30 20:32:22 223232 ----a-w- c:\windows\system32\WMASF.DLL
2011-01-30 20:32:22 2048 ----a-w- c:\windows\system32\asferror.dll
2011-01-30 20:29:41 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-01-30 20:29:41 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-01-30 20:29:40 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-01-30 20:20:32 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-01-30 20:20:32 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-01-30 20:20:32 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-01-30 20:20:32 11264 ----a-w- c:\windows\system32\icardres.dll
2011-01-30 20:20:26 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-01-30 20:20:24 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-01-30 20:20:24 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-01-30 20:20:24 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2011-01-30 20:09:25 96760 ----a-w- c:\windows\system32\dfshim.dll
2011-01-30 20:09:24 41984 ----a-w- c:\windows\system32\netfxperf.dll
2011-01-30 20:09:22 282112 ----a-w- c:\windows\system32\mscoree.dll
2011-01-30 20:09:21 83968 ----a-w- c:\windows\system32\mscories.dll
2011-01-30 20:09:21 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-01-30 20:03:46 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-01-30 20:03:44 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-01-30 20:03:43 1686528 ----a-w- c:\windows\system32\gameux.dll
2011-01-30 20:03:21 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-01-30 20:03:21 94720 ----a-w- c:\windows\system32\logagent.exe
2011-01-30 20:03:01 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-01-30 20:03:01 737792 ----a-w- c:\windows\system32\inetcomm.dll
2011-01-30 20:02:51 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-01-30 20:02:42 1645568 ----a-w- c:\windows\system32\connect.dll
2011-01-30 20:02:33 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2011-01-30 20:02:17 396800 ----a-w- c:\windows\system32\drivers\http.sys
2011-01-30 20:02:17 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-01-30 20:02:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-01-30 20:01:29 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-01-30 20:01:11 274432 ----a-w- c:\windows\system32\raschap.dll
2011-01-30 20:01:11 232960 ----a-w- c:\windows\system32\rastls.dll
2011-01-30 20:01:03 321536 ----a-w- c:\windows\system32\WSDApi.dll
2011-01-30 20:00:44 -------- d-----w- c:\program files\MSXML 4.0
2011-01-30 20:00:06 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-01-30 20:00:06 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-01-30 20:00:06 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-01-30 20:00:06 1327616 ----a-w- c:\windows\system32\quartz.dll
2011-01-30 20:00:06 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-01-30 20:00:06 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-01-30 20:00:05 88576 ----a-w- c:\windows\system32\avifil32.dll
2011-01-30 20:00:05 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-01-30 20:00:05 31232 ----a-w- c:\windows\system32\msvidc32.dll
2011-01-30 20:00:05 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-01-30 19:59:52 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-01-30 19:59:40 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2011-01-30 19:59:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-01-30 19:59:38 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-01-30 19:59:38 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-01-30 19:59:38 311296 ----a-w- c:\windows\system32\unregmp2.exe
2011-01-30 19:59:38 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-01-30 19:59:38 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe
2011-01-30 19:59:38 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2011-01-30 19:59:38 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2011-01-29 22:40:50 -------- d-----w- c:\users\dave\appdata\roaming\MathWorks
2011-01-29 22:37:48 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2011-01-29 22:37:48 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-01-29 22:20:35 -------- d-----w- c:\program files\awc
2011-01-29 22:12:14 -------- d-----w- c:\program files\MATLAB
2011-01-29 21:36:06 -------- d-----w- c:\users\dave\appdata\local\Adobe
2011-01-29 21:18:01 -------- d-----w- c:\users\dave\appdata\roaming\Intel
2011-01-29 21:14:26 -------- d-----w- c:\users\dave\appdata\local\SupportSoft
2011-01-29 20:28:23 52224 ----a-w- c:\windows\system32\rpcnet.dll
2011-01-29 20:28:05 52224 ------w- c:\windows\system32\rpcnet.exe
2011-01-29 20:27:57 -------- d-----w- C:\Temp
2011-01-29 20:26:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-01-29 20:12:26 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-01-29 20:12:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-01-29 20:11:48 -------- d-----w- c:\users\dave\appdata\roaming\DAEMON Tools Lite
2011-01-29 20:11:48 -------- d-----w- c:\progra~2\DAEMON Tools Lite
2011-01-29 20:02:37 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-01-29 20:02:36 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-01-29 20:00:16 -------- d-----w- c:\windows\PCHEALTH
2011-01-29 19:58:30 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-01-29 19:57:40 -------- d-----w- c:\users\dave\appdata\local\Microsoft Help
2011-01-29 19:36:31 245760 ----a-w- c:\windows\system32\authServer.exe
2011-01-29 19:36:31 241904 ----a-w- c:\windows\system32\nmNsp.dll
2011-01-29 19:36:31 193264 ----a-w- c:\windows\system32\CESpy.dll
2011-01-29 19:36:30 -------- d-----w- c:\program files\CE
2011-01-29 19:36:16 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-01-29 19:36:07 97792 ----a-w- c:\windows\system32\cabview.dll
2011-01-29 19:29:31 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-01-29 19:29:22 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-01-29 19:29:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-01-29 19:29:12 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-01-29 19:25:10 -------- d-----w- c:\users\dave\Bluetooth Software
2011-01-29 19:25:05 -------- d-----w- c:\users\dave\appdata\local\Google
2011-01-29 19:25:03 -------- d-----w- c:\users\dave\appdata\local\MediaDirect

==================== Find3M ====================

2011-01-30 21:22:50 72704 ----a-w- c:\windows\system32\admparse.dll
2011-01-30 21:22:49 832512 ----a-w- c:\windows\system32\wininet.dll
2011-01-30 21:22:49 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-01-30 21:22:45 389120 ----a-w- c:\windows\system32\html.iec
2011-01-30 21:22:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-01-30 21:22:44 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-01-30 21:22:43 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-30 21:22:41 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-30 21:22:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2011-01-30 21:22:37 56320 ----a-w- c:\windows\system32\iesetup.dll
2011-01-30 20:37:26 40960 ----a-w- c:\windows\system32\srclient.dll
2011-01-30 20:31:44 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2011-01-30 20:31:44 25600 ----a-w- c:\windows\system32\amxread.dll
2011-01-30 20:31:44 14848 ----a-w- c:\windows\system32\apilogen.dll
2011-01-30 20:31:02 33280 ----a-w- c:\windows\system32\slwmi.dll
2011-01-30 20:31:02 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2011-01-30 20:31:02 223232 ----a-w- c:\windows\system32\SLC.dll
2011-01-30 20:31:01 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2011-01-30 20:31:01 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2011-01-30 20:31:01 351232 ----a-w- c:\windows\system32\SLUI.exe
2011-01-30 20:31:01 186368 ----a-w- c:\windows\system32\SLLUA.exe
2011-01-30 20:31:00 39936 ----a-w- c:\windows\system32\slcinst.dll
2011-01-30 20:31:00 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2011-01-30 20:03:46 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-01-30 20:03:45 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-01-30 20:03:44 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-01-30 20:03:44 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-01-30 20:03:44 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

============= FINISH: 16:16:58.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 10 February 2011 - 08:19 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 medavedude

medavedude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 10 February 2011 - 08:28 PM

Hi m0le

Thanks very much. I'm here and watching for any help that might come my way.

Thanks,
Dave

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 11 February 2011 - 04:40 PM

Looks like explorer.exe has been infected but first let's check some other things out.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 medavedude

medavedude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 12 February 2011 - 06:45 PM

Hi m0le

Below is my report from the scan. No problems were found so that it needed to reboot.

Thanks!



2011/02/12 15:35:44.0403 6260 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/12 15:35:45.0007 6260 ================================================================================
2011/02/12 15:35:45.0007 6260 SystemInfo:
2011/02/12 15:35:45.0007 6260
2011/02/12 15:35:45.0007 6260 OS Version: 6.0.6000 ServicePack: 0.0
2011/02/12 15:35:45.0007 6260 Product type: Workstation
2011/02/12 15:35:45.0007 6260 ComputerName: DAVE-PC
2011/02/12 15:35:45.0008 6260 UserName: Dave
2011/02/12 15:35:45.0008 6260 Windows directory: C:\Windows
2011/02/12 15:35:45.0008 6260 System windows directory: C:\Windows
2011/02/12 15:35:45.0008 6260 Processor architecture: Intel x86
2011/02/12 15:35:45.0008 6260 Number of processors: 2
2011/02/12 15:35:45.0008 6260 Page size: 0x1000
2011/02/12 15:35:45.0008 6260 Boot type: Normal boot
2011/02/12 15:35:45.0008 6260 ================================================================================
2011/02/12 15:35:45.0938 6260 Initialize success
2011/02/12 15:35:51.0612 1512 ================================================================================
2011/02/12 15:35:51.0612 1512 Scan started
2011/02/12 15:35:51.0612 1512 Mode: Manual;
2011/02/12 15:35:51.0612 1512 ================================================================================
2011/02/12 15:35:53.0146 1512 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/02/12 15:35:53.0430 1512 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/12 15:35:53.0552 1512 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/12 15:35:53.0653 1512 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/12 15:35:53.0709 1512 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/12 15:35:53.0797 1512 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/02/12 15:35:54.0047 1512 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/02/12 15:35:54.0127 1512 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/12 15:35:54.0193 1512 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2011/02/12 15:35:54.0275 1512 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/02/12 15:35:54.0302 1512 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2011/02/12 15:35:54.0393 1512 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/12 15:35:54.0464 1512 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/02/12 15:35:54.0563 1512 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/02/12 15:35:54.0646 1512 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/12 15:35:54.0740 1512 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/12 15:35:54.0811 1512 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/12 15:35:54.0879 1512 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2011/02/12 15:35:54.0969 1512 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/02/12 15:35:55.0049 1512 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/12 15:35:55.0136 1512 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/12 15:35:55.0174 1512 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/12 15:35:55.0243 1512 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/12 15:35:55.0312 1512 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/12 15:35:55.0336 1512 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/12 15:35:55.0383 1512 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/12 15:35:55.0495 1512 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/02/12 15:35:55.0567 1512 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/12 15:35:55.0631 1512 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/02/12 15:35:55.0688 1512 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2011/02/12 15:35:55.0754 1512 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2011/02/12 15:35:55.0831 1512 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2011/02/12 15:35:55.0880 1512 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2011/02/12 15:35:55.0913 1512 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/02/12 15:35:55.0982 1512 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/12 15:35:56.0061 1512 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/12 15:35:56.0107 1512 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/12 15:35:56.0198 1512 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/02/12 15:35:56.0308 1512 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/12 15:35:56.0369 1512 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2011/02/12 15:35:56.0413 1512 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/12 15:35:56.0500 1512 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/12 15:35:56.0553 1512 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/12 15:35:56.0618 1512 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/02/12 15:35:56.0688 1512 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/02/12 15:35:56.0762 1512 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/02/12 15:35:56.0846 1512 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/02/12 15:35:57.0009 1512 DXGKrnl (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/12 15:35:57.0207 1512 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/02/12 15:35:57.0268 1512 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/12 15:35:57.0358 1512 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/02/12 15:35:57.0431 1512 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/12 15:35:57.0551 1512 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/02/12 15:35:57.0669 1512 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/12 15:35:57.0752 1512 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/02/12 15:35:57.0787 1512 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/02/12 15:35:57.0825 1512 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/12 15:35:57.0906 1512 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/02/12 15:35:58.0010 1512 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/12 15:35:58.0064 1512 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/12 15:35:58.0152 1512 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/12 15:35:58.0228 1512 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/12 15:35:58.0264 1512 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/12 15:35:58.0361 1512 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/12 15:35:58.0425 1512 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/12 15:35:58.0476 1512 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/02/12 15:35:58.0548 1512 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/12 15:35:58.0627 1512 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/12 15:35:58.0707 1512 iaNvStor (92b37e0a61cd710a0c66dc3567a8bf3c) C:\Windows\system32\drivers\ianvstor.sys
2011/02/12 15:35:58.0745 1512 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2011/02/12 15:35:58.0772 1512 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/12 15:35:58.0869 1512 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/12 15:35:58.0976 1512 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/12 15:35:59.0021 1512 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/12 15:35:59.0079 1512 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/12 15:35:59.0149 1512 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/12 15:35:59.0180 1512 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/12 15:35:59.0210 1512 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/02/12 15:35:59.0267 1512 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/02/12 15:35:59.0317 1512 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/12 15:35:59.0361 1512 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/12 15:35:59.0426 1512 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/12 15:35:59.0527 1512 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/12 15:35:59.0615 1512 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/12 15:35:59.0710 1512 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/12 15:35:59.0810 1512 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/12 15:35:59.0892 1512 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/12 15:35:59.0943 1512 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/12 15:36:00.0030 1512 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/12 15:36:00.0090 1512 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/02/12 15:36:00.0180 1512 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/12 15:36:00.0259 1512 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/02/12 15:36:00.0360 1512 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/12 15:36:00.0430 1512 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/12 15:36:00.0504 1512 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/12 15:36:00.0572 1512 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/02/12 15:36:00.0659 1512 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/12 15:36:00.0708 1512 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/12 15:36:00.0736 1512 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/12 15:36:00.0791 1512 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/02/12 15:36:00.0889 1512 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/12 15:36:00.0987 1512 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/12 15:36:01.0040 1512 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/12 15:36:01.0096 1512 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2011/02/12 15:36:01.0163 1512 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/12 15:36:01.0242 1512 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/02/12 15:36:01.0335 1512 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2011/02/12 15:36:01.0410 1512 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/12 15:36:01.0440 1512 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/12 15:36:01.0502 1512 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/02/12 15:36:01.0573 1512 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/02/12 15:36:01.0639 1512 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/12 15:36:01.0686 1512 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/02/12 15:36:01.0716 1512 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/02/12 15:36:01.0793 1512 NativeWifiP (1d162e52fb691eb555a476b04b4bff3f) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/12 15:36:01.0879 1512 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/02/12 15:36:02.0003 1512 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/12 15:36:02.0034 1512 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/12 15:36:02.0081 1512 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/12 15:36:02.0124 1512 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/02/12 15:36:02.0205 1512 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/12 15:36:02.0240 1512 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/12 15:36:02.0401 1512 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/02/12 15:36:02.0622 1512 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/12 15:36:02.0689 1512 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/02/12 15:36:02.0734 1512 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/12 15:36:02.0819 1512 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/02/12 15:36:02.0998 1512 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/12 15:36:03.0035 1512 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/02/12 15:36:03.0393 1512 nvlddmkm (8ead4e71cf31962b124cdace9c29c714) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/12 15:36:03.0957 1512 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/12 15:36:04.0016 1512 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/02/12 15:36:04.0083 1512 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/02/12 15:36:04.0235 1512 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2011/02/12 15:36:04.0307 1512 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2011/02/12 15:36:04.0381 1512 ohci1394 (953c1ba621f4da9dc7d268ae839a51fb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/12 15:36:04.0473 1512 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/12 15:36:04.0546 1512 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys
2011/02/12 15:36:04.0611 1512 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/12 15:36:04.0676 1512 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2011/02/12 15:36:04.0756 1512 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
2011/02/12 15:36:04.0816 1512 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/12 15:36:04.0929 1512 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/12 15:36:05.0098 1512 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/12 15:36:05.0161 1512 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/12 15:36:05.0259 1512 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/12 15:36:05.0357 1512 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/12 15:36:05.0442 1512 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/12 15:36:05.0570 1512 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/12 15:36:05.0652 1512 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/12 15:36:05.0750 1512 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/12 15:36:05.0905 1512 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/12 15:36:05.0986 1512 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/12 15:36:06.0022 1512 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/12 15:36:06.0076 1512 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/12 15:36:06.0128 1512 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/12 15:36:06.0203 1512 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/02/12 15:36:06.0233 1512 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/12 15:36:06.0284 1512 RDPWD (e2afac98fc6ca2ad2d09f2de1bc71ad9) C:\Windows\system32\drivers\RDPWD.sys
2011/02/12 15:36:06.0360 1512 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/02/12 15:36:06.0441 1512 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/02/12 15:36:06.0487 1512 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/02/12 15:36:06.0515 1512 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/02/12 15:36:06.0588 1512 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/12 15:36:06.0653 1512 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/12 15:36:06.0732 1512 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/12 15:36:06.0797 1512 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/12 15:36:06.0852 1512 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/12 15:36:06.0904 1512 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/12 15:36:06.0972 1512 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/02/12 15:36:07.0052 1512 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/02/12 15:36:07.0085 1512 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/12 15:36:07.0109 1512 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/12 15:36:07.0171 1512 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/12 15:36:07.0233 1512 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/02/12 15:36:07.0315 1512 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/12 15:36:07.0356 1512 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/12 15:36:07.0418 1512 Smb (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys
2011/02/12 15:36:07.0481 1512 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/02/12 15:36:07.0636 1512 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/02/12 15:36:07.0697 1512 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/12 15:36:07.0728 1512 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/12 15:36:07.0832 1512 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/02/12 15:36:07.0931 1512 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/12 15:36:08.0028 1512 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/12 15:36:08.0064 1512 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/12 15:36:08.0122 1512 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/12 15:36:08.0233 1512 Tcpip (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys
2011/02/12 15:36:08.0335 1512 Tcpip6 (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/12 15:36:08.0382 1512 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/12 15:36:08.0461 1512 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
2011/02/12 15:36:08.0508 1512 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/02/12 15:36:08.0544 1512 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/02/12 15:36:08.0661 1512 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/12 15:36:08.0772 1512 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/12 15:36:08.0918 1512 tmcfw (3929c6784db38788d76a88d9c4043dee) C:\Windows\system32\DRIVERS\TM_CFW.sys
2011/02/12 15:36:09.0013 1512 tmpreflt (0c89809f1df614bd42093a446b222a32) C:\Windows\system32\DRIVERS\tmpreflt.sys
2011/02/12 15:36:09.0079 1512 tmtdi (264ea39fdebd0b5e9d49d79923ed91ad) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/02/12 15:36:09.0168 1512 tmxpflt (3d473e97ff805dab903aa66f08286c90) C:\Windows\system32\drivers\TmXPFlt.sys
2011/02/12 15:36:09.0368 1512 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/12 15:36:09.0475 1512 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/12 15:36:09.0548 1512 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/12 15:36:09.0653 1512 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/02/12 15:36:10.0157 1512 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/12 15:36:10.0545 1512 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/12 15:36:10.0943 1512 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/12 15:36:11.0395 1512 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/12 15:36:11.0673 1512 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/12 15:36:11.0730 1512 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/12 15:36:11.0822 1512 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/12 15:36:11.0861 1512 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/12 15:36:11.0927 1512 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/12 15:36:11.0953 1512 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/12 15:36:12.0002 1512 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/02/12 15:36:12.0035 1512 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/02/12 15:36:12.0122 1512 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/12 15:36:12.0200 1512 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/12 15:36:12.0347 1512 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/12 15:36:12.0389 1512 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/02/12 15:36:12.0456 1512 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/02/12 15:36:12.0490 1512 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/12 15:36:12.0547 1512 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2011/02/12 15:36:12.0596 1512 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2011/02/12 15:36:12.0660 1512 volmgrx (420c48e593b9520c2dee45d671f923e1) C:\Windows\system32\drivers\volmgrx.sys
2011/02/12 15:36:12.0749 1512 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/02/12 15:36:12.0900 1512 vsapint (50e1ea1dd3ea74919d7a1c5d6c9c0b56) C:\Windows\system32\DRIVERS\vsapint.sys
2011/02/12 15:36:13.0003 1512 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/12 15:36:13.0070 1512 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/12 15:36:13.0126 1512 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/12 15:36:13.0186 1512 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/12 15:36:13.0215 1512 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/12 15:36:13.0279 1512 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/12 15:36:13.0851 1512 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/12 15:36:14.0260 1512 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/12 15:36:14.0607 1512 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/12 15:36:14.0850 1512 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/02/12 15:36:14.0980 1512 ================================================================================
2011/02/12 15:36:14.0981 1512 Scan finished
2011/02/12 15:36:14.0981 1512 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 12 February 2011 - 07:45 PM

Please run Combofix and let's see if there is an infection here

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 medavedude

medavedude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 12 February 2011 - 09:22 PM

Hi m0le

Below is the log from ComboFix. Thank you!




ComboFix 11-02-12.01 - Dave 02/12/2011 17:58:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3069.2119 [GMT -8:00]
Running from: c:\users\Dave\Desktop\comfix.exe
.

((((((((((((((((((((((((( Files Created from 2011-01-13 to 2011-02-13 )))))))))))))))))))))))))))))))
.

2011-02-13 02:05 . 2011-02-13 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-12 00:32 . 2011-02-12 00:32 -------- d-----w- c:\program files\WinDjView
2011-02-05 22:48 . 2011-02-05 22:48 -------- d-----w- c:\program files\Advanced Wallpaper Changer
2011-02-05 22:44 . 2011-02-05 22:44 -------- d-----w- c:\program files\Grooveshark
2011-02-05 22:44 . 2011-02-05 22:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-02-01 16:56 . 2011-02-01 16:56 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-02-01 16:55 . 2011-02-01 16:55 268800 ----a-w- c:\windows\system32\es.dll
2011-02-01 16:49 . 2011-02-01 16:49 37376 ----a-w- c:\windows\system32\printcom.dll
2011-02-01 16:49 . 2011-02-01 16:49 441856 ----a-w- c:\windows\system32\win32spl.dll
2011-02-01 16:49 . 2011-02-01 16:49 2031104 ----a-w- c:\windows\system32\win32k.sys
2011-02-01 16:48 . 2011-02-01 16:48 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-02-01 16:48 . 2011-02-01 16:48 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-02-01 16:48 . 2011-02-01 16:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-02-01 16:48 . 2011-02-01 16:48 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-02-01 16:48 . 2011-02-01 16:48 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-02-01 16:46 . 2011-02-01 16:46 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-02-01 16:46 . 2011-02-01 16:46 312320 ----a-w- c:\windows\system32\msdrm.dll
2011-02-01 16:46 . 2011-02-01 16:46 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-02-01 16:46 . 2011-02-01 16:46 515584 ----a-w- c:\windows\system32\RMActivate.exe
2011-02-01 16:46 . 2011-02-01 16:46 472576 ----a-w- c:\windows\system32\secproc.dll
2011-02-01 16:46 . 2011-02-01 16:46 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-02-01 16:46 . 2011-02-01 16:46 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-02-01 16:46 . 2011-02-01 16:46 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-02-01 16:46 . 2011-02-01 16:46 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2011-02-01 16:45 . 2011-02-01 16:45 66048 ----a-w- c:\program files\Windows Sidebar\sbdrop.dll
2011-02-01 16:45 . 2011-02-01 16:45 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
2011-02-01 16:45 . 2011-02-01 16:45 11776 ----a-w- c:\windows\system32\sbunattend.exe
2011-02-01 16:45 . 2011-02-01 16:45 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-01 16:45 . 2011-02-01 16:45 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-01-30 21:24 . 2011-01-30 21:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-01-30 21:24 . 2011-01-30 21:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-30 21:24 . 2011-01-30 21:24 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-01-30 21:24 . 2011-01-30 21:24 24064 ----a-w- c:\windows\system32\lpk.dll
2011-01-30 21:24 . 2011-01-30 21:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-01-30 21:24 . 2011-01-30 21:24 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-01-30 21:20 . 2011-01-30 21:20 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-01-30 21:20 . 2011-01-30 21:20 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-01-30 21:20 . 2011-01-30 21:20 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-01-30 21:20 . 2011-01-30 21:20 272896 ----a-w- c:\windows\system32\polstore.dll
2011-01-30 21:19 . 2011-01-30 21:19 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-01-30 21:19 . 2011-01-30 21:19 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-01-30 21:18 . 2011-01-30 21:18 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-01-30 21:18 . 2011-01-30 21:18 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-01-30 21:18 . 2011-01-30 21:18 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-01-30 21:17 . 2011-01-30 21:17 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-01-30 21:17 . 2011-01-30 21:17 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-01-30 21:17 . 2011-01-30 21:17 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-01-30 21:17 . 2011-01-30 21:17 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-01-30 21:17 . 2011-01-30 21:17 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-01-30 21:17 . 2011-01-30 21:17 15360 ----a-w- c:\windows\system32\netevent.dll
2011-01-30 21:17 . 2011-01-30 21:17 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-01-30 21:17 . 2011-01-30 21:17 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-01-30 21:17 . 2011-01-30 21:17 10240 ----a-w- c:\windows\system32\finger.exe
2011-01-30 21:15 . 2011-01-30 21:15 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-01-30 21:15 . 2011-01-30 21:15 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-01-30 21:14 . 2011-01-30 21:14 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-01-30 21:14 . 2011-01-30 21:14 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-01-30 21:14 . 2011-01-30 21:14 502784 ----a-w- c:\windows\system32\wlansvc.dll
2011-01-30 21:14 . 2011-01-30 21:14 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-01-30 21:14 . 2011-01-30 21:14 299520 ----a-w- c:\windows\system32\wlansec.dll
2011-01-30 21:14 . 2011-01-30 21:14 289280 ----a-w- c:\windows\system32\wlanmsm.dll
2011-01-30 21:13 . 2011-01-30 21:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-01-30 21:13 . 2011-01-30 21:13 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-01-30 21:13 . 2011-01-30 21:13 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-01-30 21:13 . 2011-01-30 21:13 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-01-30 21:12 . 2011-01-30 21:12 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-01-30 21:11 . 2011-01-30 21:11 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-01-30 21:11 . 2011-01-30 21:11 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-01-30 21:11 . 2011-01-30 21:11 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-01-30 21:10 . 2011-01-30 21:10 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-30 21:10 . 2011-01-30 21:10 2855424 ----a-w- c:\windows\system32\mf.dll
2011-01-30 21:10 . 2011-01-30 21:10 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-01-30 21:10 . 2011-01-30 21:10 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-30 21:10 . 2011-01-30 21:10 2048 ----a-w- c:\windows\system32\mferror.dll
2011-01-30 21:09 . 2011-01-30 21:09 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-01-30 21:09 . 2011-01-30 21:09 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-01-30 21:07 . 2011-01-30 21:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-01-30 21:06 . 2011-01-30 21:06 71680 ----a-w- c:\windows\system32\atl.dll
2011-01-30 21:05 . 2011-01-30 21:05 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-01-30 21:04 . 2011-01-30 21:04 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-01-30 21:04 . 2011-01-30 21:04 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2011-01-30 21:01 . 2011-01-30 21:01 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-01-30 21:01 . 2011-01-30 21:01 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-01-30 21:01 . 2011-01-30 21:01 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-01-30 21:00 . 2011-01-30 21:00 36352 ----a-w- c:\windows\system32\tsgqec.dll
2011-01-30 21:00 . 2011-01-30 21:00 1871872 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 21:00 . 2011-01-30 21:00 116736 ----a-w- c:\windows\system32\aaclient.dll
2011-01-30 20:58 . 2011-01-30 20:58 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2011-01-30 20:56 . 2011-01-30 20:56 713728 ----a-w- c:\windows\system32\timedate.cpl
2011-01-30 20:54 . 2011-01-30 20:54 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-01-30 20:54 . 2011-01-30 20:54 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2011-01-30 20:54 . 2011-01-30 20:54 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2011-01-30 20:54 . 2011-01-30 20:54 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-01-30 20:52 . 2011-01-30 20:52 1244672 ----a-w- c:\windows\system32\mcmde.dll
2011-01-30 20:52 . 2011-01-30 20:52 428032 ----a-w- c:\windows\system32\EncDec.dll
2011-01-30 20:52 . 2011-01-30 20:52 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2011-01-30 20:52 . 2011-01-30 20:52 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-01-30 20:52 . 2011-01-30 20:52 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-01-30 20:52 . 2011-01-30 20:52 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-01-30 20:52 . 2011-01-30 20:52 292352 ----a-w- c:\windows\system32\psisdecd.dll
2011-01-30 20:52 . 2011-01-30 20:52 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-01-30 20:49 . 2011-01-30 20:49 2048 ----a-w- c:\windows\system32\tzres.dll
2011-01-30 20:48 . 2011-01-30 20:48 696832 ----a-w- c:\windows\system32\localspl.dll
2011-01-30 20:46 . 2011-01-30 20:46 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2011-01-30 20:46 . 2011-01-30 20:46 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-01-30 20:46 . 2011-01-30 20:46 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2011-01-30 20:46 . 2011-01-30 20:46 110136 ----a-w- c:\windows\system32\drivers\ataport.sys
2011-01-30 20:46 . 2011-01-30 20:46 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-01-30 20:46 . 2011-01-30 20:46 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2011-01-30 20:45 . 2011-01-30 20:45 2923520 ----a-w- c:\windows\explorer.exe
2011-01-30 20:44 . 2011-01-30 20:44 7680 ----a-w- c:\windows\system32\lsass.exe
2011-01-30 20:44 . 2011-01-30 20:44 72704 ----a-w- c:\windows\system32\secur32.dll
2011-01-30 20:44 . 2011-01-30 20:44 494592 ----a-w- c:\windows\system32\kerberos.dll
2011-01-30 20:44 . 2011-01-30 20:44 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-01-30 20:44 . 2011-01-30 20:44 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-01-30 20:44 . 2011-01-30 20:44 272384 ----a-w- c:\windows\system32\schannel.dll
2011-01-30 20:44 . 2011-01-30 20:44 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2011-01-30 20:43 . 2011-01-30 20:43 24064 ----a-w- c:\windows\system32\netcfg.exe
2011-01-30 20:42 . 2011-01-30 20:42 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2011-01-30 20:42 . 2011-01-30 20:42 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2011-01-30 20:42 . 2011-01-30 20:42 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2011-01-30 20:42 . 2011-01-30 20:42 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2011-01-30 20:42 . 2011-01-30 20:42 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2011-01-30 20:42 . 2011-01-30 20:42 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2011-01-30 20:42 . 2011-01-30 20:42 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-01 16:51 . 2011-02-01 16:51 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-01-30 21:22 . 2011-01-30 21:22 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-01-30 20:37 . 2011-01-30 20:37 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui
2011-01-30 20:37 . 2011-01-30 20:37 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui
2011-01-30 20:37 . 2011-01-30 20:37 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2011-01-30 20:37 . 2011-01-30 20:37 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui
2011-01-30 20:37 . 2011-01-30 20:37 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2011-01-30 20:37 . 2011-01-30 20:37 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2011-01-30 20:31 . 2011-01-30 20:31 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2011-01-30 20:03 . 2011-01-30 20:03 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-01-30 20:03 . 2011-01-30 20:03 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-01-30 20:03 . 2011-01-30 20:03 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-01-30 20:03 . 2011-01-30 20:03 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-01-30 20:03 . 2011-01-30 20:03 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-01-29 20:26 . 2011-01-29 20:26 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Xmlnt]
@="{10EAB765-C10D-4C8E-B24C-C0FEAA6F7165}"
[HKEY_CLASSES_ROOT\CLSID\{10EAB765-C10D-4C8E-B24C-C0FEAA6F7165}]
2008-02-22 04:34 2052937 ----a-w- c:\windows\System32\urlbio32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-10 202544]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-28 81920]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-01-29 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2007-08-27 1807696]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"NMSVC"="c:\program files\CE\nmSvc.exe" [2010-10-25 1300992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-10 202544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 05:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-08-27 345432]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-08-27 923216]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-08-27 566872]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-01-29 30192]
R4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-29 218688]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2010-10-25 245760]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-11-27 36368]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2007-08-27 280392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: CESpy.dll
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\1mxw5agr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4504)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\windows\system32\urlbio32.dll
c:\windows\system32\mfcconf.dll
c:\windows\system32\btncopy.dll
c:\windows\System32\nmNsp.dll
c:\program files\CE\nmsvc.dll
c:\program files\CE\nmsvTree.dll
c:\program files\CE\zlib.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\rpcnet.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
c:\program files\Fingerprint Reader Suite\psqltray.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\CE\nmFlt.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-02-12 18:15:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-13 02:15

Pre-Run: 110,782,857,216 bytes free
Post-Run: 110,327,726,080 bytes free

- - End Of File - - CA4A481CED7825CC52F73499A898213A

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 13 February 2011 - 06:07 AM

No sign of anything yet. Please run SystemLook and we'll search for signs of Bamital (this targets explorer.exe)

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    hlp.dat
    explorer.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
m0le is a proud member of UNITE

#9 medavedude

medavedude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 13 February 2011 - 01:43 PM

Hi m0le,

Below is the log. Thanks! FYI: Now my explorer.exe is running at about 40, with the total CPU at about 70%, with only Firefox and Outlook open and not much going on.



SystemLook 04.09.10 by jpshortstuff
Log created at 10:17 on 13/02/2011 by Dave
Administrator - Elevation successful

========== filefind ==========

Searching for "hlp.dat"
No files found.

Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 2923520 bytes [20:45 30/01/2011] [20:45 30/01/2011] 37440D09DEAE0B672A04DCCF7ABF06BE
C:\Windows\ERDNT\cache\explorer.exe --a---- 2923520 bytes [02:14 13/02/2011] [20:45 30/01/2011] 37440D09DEAE0B672A04DCCF7ABF06BE
C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe --a---- 2927104 bytes [14:49 02/02/2011] [07:33 19/01/2008] FFA764631CB70A30065C12EF8E174F9F
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe --a---- 2923520 bytes [08:47 02/11/2006] [09:45 02/11/2006] FD8C53FB002217F6F888BCF6F5D7084D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe --a---- 2923520 bytes [04:36 22/02/2008] [04:36 22/02/2008] 6D06CD98D954FE87FB2DB8108793B399
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe --a---- 2923520 bytes [20:45 30/01/2011] [20:45 30/01/2011] 37440D09DEAE0B672A04DCCF7ABF06BE
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe --a---- 2923520 bytes [04:36 22/02/2008] [04:36 22/02/2008] BD06F0BF753BC704B653C3A50F89D362
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe --a---- 2923520 bytes [20:45 30/01/2011] [20:45 30/01/2011] E7156B0B74762D9DE0E66BDCDE06E5FB
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe --a---- 2927104 bytes [20:45 30/01/2011] [20:45 30/01/2011] 4F554999D7D5F05DAAEBBA7B5BA1089D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe --a---- 2927616 bytes [20:45 30/01/2011] [20:45 30/01/2011] 50BA5850147410CDE89C523AD3BC606E

-= EOF =-

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 13 February 2011 - 03:59 PM

I think we'll continue on with SAS and ESET. This should complete the clean up. Let me know how the CPU is at the end of the post too.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


And

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#11 medavedude

medavedude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 14 February 2011 - 05:07 AM

Hi m0le,

I'm pretty sure this did the trick. My CPU usage always varied, but rarely dipped below about 40% for more than a second. Now it's consistently 5-10%! Also, the explorer.exe process consistently shows only 00 or 01 CPU usage, whereas before it rarely dipped below 20. If you see anything else in the logs below or know of anything else I should do, please let me know. I'm just curious...why can't my commercial software (Trend Micro) catch these things that freeware cleans up?

Thanks a lot!



Here is the SAS log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/13/2011 at 07:02 PM

Application Version : 4.48.1000

Core Rules Database Version : 6389
Trace Rules Database Version: 4201

Scan type : Complete Scan
Total Scan Time : 02:02:57

Memory items scanned : 769
Memory threats detected : 0
Registry items scanned : 8846
Registry threats detected : 0
File items scanned : 263222
File threats detected : 43

Adware.Tracking Cookie
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\dave@imrworldwide[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\dave@fastclick[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\dave@atdmt[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\dave@serving-sys[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\dave@ad.yieldmanager[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\dave@doubleclick[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\dave@apmebf[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\dave@adbrite[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\dave@bs.serving-sys[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\dave@invitemedia[1].txt
ia.media-imdb.com [ C:\Users\Dave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Y3D29M5B ]
macromedia.com [ C:\Users\Dave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Y3D29M5B ]
secure-us.imrworldwide.com [ C:\Users\Dave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Y3D29M5B ]
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@a1.interclick[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@ad.yieldmanager[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@adbrite[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@ads.bleepingcomputer[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@ads.cnn[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@ads.pointroll[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@adserver.adtechus[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@advertising[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@apmebf[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@at.atwola[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@atdmt[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@collective-media[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@doubleclick[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@fastclick[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@imrworldwide[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@insightexpressai[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@interclick[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@invitemedia[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@kontera[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@mediaplex[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@pointroll[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@r1-ads.ace.advertising[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@revsci[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@smartadserver[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@tacoda.at.atwola[2].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@tribalfusion[1].txt
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\Low\dave@xiti[1].txt

Trojan.Agent/Gen-CDesc[Gen]
C:\PROGRAM FILES\MATLAB\R2009A\TOOLBOX\RTW\TARGETS\XPC\TARGET\BUILD\XPCBLOCKS\ADBBPCI20098.MEXW32
C:\PROGRAM FILES\MATLAB\R2009A\TOOLBOX\RTW\TARGETS\XPC\TARGET\BUILD\XPCBLOCKS\ADCBDAS16JREXP.MEXW32

Trojan.Agent/Gen-Dropper[Mex]
C:\PROGRAM FILES\MATLAB\R2009A\TOOLBOX\RTW\TARGETS\XPC\TARGET\BUILD\XPCBLOCKS\RS232_REC.MEXW32




**********
...and here is the ESET log:


C:\Program Files\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\dikmdas1800hr.mexw32 probably a variant of Win32/Agent.DLKBKHU trojan cleaned by deleting - quarantined
C:\Program Files\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\dobbpci20041.mexw32 probably a variant of Win32/Agent.LGHPYFZ trojan cleaned by deleting - quarantined
C:\Users\Dave\Downloads\PCPandoraSetup.exe probably a variant of Win32/Genetik trojan deleted - quarantined

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 14 February 2011 - 05:19 PM

I think we're there now. The ESET run removed the last of the infections.

I'm just curious...why can't my commercial software (Trend Micro) catch these things that freeware cleans up?


Difficult question, there are a lot of reasons; new variants haven't been analysed and updated yet; they aren't targeting that particular infection; the freeware authors don't have the baggage of working for a large company who dictate what happens;

Remember that it was the ESET scan which found the downloader. ESET seems to be on the ball at the moment and is very up-to-date in it's work. TM are not doing so well and a good example of this is the HijackThis program which they took to develop. Each time the development is shown it is already behind.

You are obviously quite happy with the CPU now so the next bit is...

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it medavedude, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:49 PM

Posted 18 February 2011 - 09:09 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users