Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan Gozi


  • This topic is locked This topic is locked
14 replies to this topic

#1 Magic Dude

Magic Dude

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 17 March 2011 - 07:59 PM

I received a call from my bank that I have been infected with Trojan Gozi. I run some security software called Trusteer Rapport which the bank partners with which I downloaded from them. This software is supposed to prevent keylogging, screen capture, process modification, and other type events. Apparently, the software communicates threat information to my bank (but not to me). I have not been able to detect anything with McAfee or any other scanners I have tried. I have posted this in the I am infected forum and they suggested I post here.

Here is the DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Mattr at 17:41:27.42 on Thu 03/17/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1053 [GMT -7:00]
.
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\WINDOWS\SYSTEM32\SAiDownloader.exe
C:\WINDOWS\SYSTEM32\SAiLicSvr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TiVo\Desktop\TiVoBeacon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\V0350Mon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\EssentialPIM Pro\EssentialPIM.exe
C:\Program Files\Ditto\Ditto.exe
C:\Program Files\EssentialPIM Pro\EssentialPIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnui.exe
C:\PROGRA~1\MICROS~4\Office\WINWORD.EXE
C:\Program Files\TextPad 4\TextPad.exe
C:\Program Files\Oracle\Oracle Open Office 3\program\scalc.exe
C:\Program Files\Oracle\Oracle Open Office 3\program\soffice.exe
C:\Program Files\Oracle\Oracle Open Office 3\program\soffice.bin
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
N:\Defogger(2).exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Mattr\Desktop\dds(2).scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: BHO Class: {b0d3d090-ce97-4e3e-a388-cfd55b1f5e63} - c:\program files\tvharmony\IEdler.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Burn4Free Toolbar Helper: {d187a56b-a33f-4cbe-9d77-459fc0bae012} - c:\program files\burn4free toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: PatentHunter: {bcb2344b-3d5b-46d7-861b-a8f27e4fe602} - c:\program files\patentwizard, llc\patenthunter3\PHToolBand.dll
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
TB: Burn4Free Toolbar: {4f11acbb-393f-4c86-a214-ff3d0d155cc3} - c:\program files\burn4free toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [EssentialPIM Pro] "c:\program files\essentialpim pro\EssentialPIM.exe" /autorun
uRun: [Ditto] c:\program files\ditto\Ditto.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [V0350Mon.exe] c:\windows\V0350Mon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [tcpwindowsize.exe_executed] c:\windows\orclobi\repDB_1.exe /PN=tcpwindowsize.exe_executed /PV=1.0.0.0 /PT=05/20/10 15:53:04T /RETRY=2
mRun: [tcpwindowsize.exe_finished] c:\windows\orclobi\repDB_2.exe /PN=tcpwindowsize.exe_finished /PV=1.0.0.0 /PT=05/20/10 15:53:26T /RETRY=2
mRun: [TweakAutomaticUpdates] c:\windows\orclobi\gdswsuspatch_soon.exe /s
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
dRunOnce: [MPlayer2_FixUp] c:\windows\inf\unregmp2.exe /Fixups
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
IE: &PHToolBand -
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {5CC5AADB-AD8E-433a-A5DE-46F33901281A} - c:\program files\pc techzone\merlin auctionmagic\ie toolbar\iebutton.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BB29DC6-4046-4aa1-B590-C29372456BA0} - {9A85FF39-28A4-4bf1-8290-DD075267FF35} - c:\windows\downloaded program files\ClickMap.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} c:\program files\irfanview\ebay\ebay.htm - c:\program files\irfanview\ebay\ebay.htm\inprocserver32 does not exist!
DPF: bandInstaller - hxxps://sitecatalyst.omniture.com/sc12/clickmap/ClickMapInstaller.CAB
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install/00/alttiff.cab
DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/US/install.cab
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://vapwfa.ops.placeware.com/etc/place/FOLDER/VAFpws-a1/5.1.8.511/lib/quicksilver.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18}
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sunmeetings.webex.com/client/T25L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\mattr\applic~1\mozilla\firefox\profiles\xv6uyd8o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: network.proxy.ftp - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\mattr\application data\mozilla\firefox\profiles\xv6uyd8o.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
FF - plugin: c:\documents and settings\mattr\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\mattr\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Alexa Sparky: toolbar@alexa.com - %profile%\extensions\toolbar@alexa.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SyncPlaces: syncplaces@andyhalford.com - %profile%\extensions\syncplaces@andyhalford.com
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor Enterprise
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\mattr\application data\Move Networks
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-8-25 147984]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-20 344712]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\23945\RapportCerberus_23945.sys [2011-2-22 55224]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2010-6-15 1498224]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2011-3-9 35696]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-12-16 222528]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-8-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-22 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-5-20 69192]
R2 MyDesktopWindows;MyDesktopService;c:\windows\orclobi\mydesktop\MyDesktopService.exe [2011-2-18 1030144]
R2 QOSMyDesktop;QOS MyDesktop;c:\windows\orclobi\mydesktop\MyDesktopQOS.exe [2009-10-13 470016]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2008-7-28 438272]
R2 SAiLicSvr;SAiLicSvr;c:\windows\system32\SAiLicSvr.exe [2008-7-28 86016]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
R2 TivoBeacon2;TiVo Beacon Service;c:\program files\tivo\desktop\TiVoBeacon.exe [2009-11-2 1098968]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-5-5 583360]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 dsdd;dsdd;c:\windows\system32\drivers\dsvideo.sys [2010-8-19 2144]
R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [2011-2-2 20024]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2010-5-20 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-5-20 107960]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-5-20 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-5-20 35552]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-3-15 114952]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-20 91896]
R3 owcmirrorV1;owcmirrorV1;c:\windows\system32\drivers\owcmirrorminiV1.sys [2010-3-16 3712]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2008-1-31 142656]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2008-1-31 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2008-1-31 170368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1caa45020ee47ca;Google Update Service (gupdate1caa45020ee47ca);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 133104]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-2-10 401920]
S3 CDVDService;CDVDService;c:\program files\1step dvd copy\CDVDService.exe [2010-9-10 348160]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2010-5-20 44680]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-20 43192]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-20 66536]
S3 Normandy;Normandy SR2; [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
UnknownUnknown dsload;dsload; [x]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2011-03-17 14:06:16 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll
2011-03-16 05:46:19 -------- d-s---w- C:\ComboFix
2011-03-15 17:54:20 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-03-15 17:54:19 -------- d-----w- c:\program files\KeyScrambler
2011-03-15 17:14:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2011-03-05 00:29:30 -------- d-----w- c:\docume~1\mattr\locals~1\applic~1\MicroVision Applications
2011-03-05 00:28:17 -------- d-----w- c:\program files\common files\SureThing Shared
2011-03-05 00:28:15 -------- d-----w- c:\windows\MVUNINST
2011-03-05 00:28:15 -------- d-----w- c:\program files\Memorex exPressit Label Design Studio
2011-02-25 05:50:05 -------- d-----w- c:\docume~1\mattr\locals~1\applic~1\HP
2011-02-25 05:45:19 316928 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp092.dll
2011-02-25 05:45:18 122880 ----a-w- c:\windows\system32\hpf3l092.dll
2011-02-25 05:43:15 -------- d-----w- c:\windows\hpoj4500g510n-z
2011-02-25 05:42:57 716288 ----a-w- c:\windows\system32\hpwwiax9.dll
2011-02-25 05:42:57 593920 ----a-w- c:\windows\system32\hpwtscl5.dll
2011-02-25 05:42:57 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-02-25 05:42:57 315392 ----a-w- c:\windows\system32\hpwvst01.dll
2011-02-25 05:42:57 309760 ----a-w- c:\windows\system32\difxapi.dll
2011-02-25 05:42:55 452408 ----a-w- c:\windows\system32\hpzids01.dll
2011-02-25 05:42:52 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-02-25 05:42:50 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-02-25 05:42:49 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-02-25 05:24:21 -------- d-----w- c:\program files\common files\HP
2011-02-25 05:24:17 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-02-25 05:23:56 -------- d-----w- c:\windows\hpoj4500g510g-m
2011-02-25 05:21:48 -------- d-----w- c:\program files\HP
2011-02-23 23:33:52 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2011-02-23 23:33:48 -------- d-----w- c:\windows\PrimoPDF4
2011-02-23 23:33:48 -------- d-----w- c:\program files\activePDF
.
==================== Find3M ====================
.
2011-03-04 02:59:36 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2011-02-23 19:19:51 48 ----a-w- c:\windows\wpd99.drv
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 22:14:30 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ------w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 17:42:51.23 ===============


GMER Log Failed - Will repost if I can get it to run successfully

GMER log as attachment- too long too post inline

EDIT: Posts merged ~BP

Attached Files

  • Attached File  ark.txt   197.92KB   2 downloads

Edited by Budapest, 18 March 2011 - 07:00 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:25 PM

Posted 23 March 2011 - 09:13 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 23 March 2011 - 11:01 PM

Thanks... I am here

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:25 PM

Posted 24 March 2011 - 04:28 PM

Please run TDSSKiller and MBRCheck

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 24 March 2011 - 05:21 PM

Ok thanks for the quick reply, here are the logs:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000023fc

Kernel Drivers (total 206):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 aliide.sys
0xF798D000 cmdide.sys
0xF798F000 toside.sys
0xF7991000 viaide.sys
0xF7993000 intelide.sys
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF789B000 cpqarray.sys
0xF74C0000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF74A8000 atapi.sys
0xF789F000 aha154x.sys
0xF7717000 sparrow.sys
0xF7627000 aic78xx.sys
0xF78A3000 dac960nt.sys
0xF7637000 ql10wnt.sys
0xF78A7000 amsint.sys
0xF771F000 asc.sys
0xF78AB000 asc3550.sys
0xF7727000 mraid35x.sys
0xF772F000 i2omp.sys
0xF78AF000 ini910u.sys
0xF7647000 ql1240.sys
0xF7657000 aic78u2.sys
0xF7737000 symc8xx.sys
0xF773F000 sym_hi.sys
0xF7747000 sym_u3.sys
0xF774F000 ABP480N5.SYS
0xF7757000 asc3350p.sys
0xF7995000 cd20xrnt.sys
0xF7667000 ultra.sys
0xF775F000 dpti2o.sys
0xF787E000 adpu160m.sys
0xF7677000 ql1080.sys
0xF7687000 ql1280.sys
0xF7697000 ql12160.sys
0xF7852000 dac2w2k.sys
0xF7767000 hpn.sys
0xF776F000 perc2.sys
0xF7997000 perc2hib.sys
0xF78B3000 cbidf2k.sys
0xF7777000 cercsr6.sys
0xF76A7000 disk.sys
0xF76B7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7832000 fltmgr.sys
0xF7975000 sr.sys
0xF7960000 drvmcdb.sys
0xF777F000 PxHelp20.sys
0xF7A38000 KSecDD.sys
0xF7A25000 WudfPf.sys
0xF7BBF000 FirePM.sys
0xF7B32000 Ntfs.sys
0xF7B05000 NDIS.sys
0xBA7A0000 timntr.sys
0xF76C7000 viaagp.sys
0xBA784000 snapman.sys
0xF76D7000 sisagp.sys
0xF76E7000 RapportKELL.sys
0xF7999000 \WINDOWS\System32\Drivers\USBD.SYS
0xBA76A000 Mup.sys
0xBA717000 mfehidk.sys
0xF76F7000 agp440.sys
0xF7587000 alim1541.sys
0xF7577000 amdagp.sys
0xF7567000 agpCPQ.sys
0xF7458000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9971000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB995D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9939000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7448000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB991E000 \SystemRoot\System32\drivers\keyscrambler.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7438000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA56A000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB990A000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7428000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79D5000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7418000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7408000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB98E7000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77FF000 \SystemRoot\system32\drivers\gearaspiwdm.sys
0xB98A7000 \SystemRoot\system32\drivers\smwdm.sys
0xB9883000 \SystemRoot\system32\drivers\portcls.sys
0xBA6F7000 \SystemRoot\system32\drivers\drmk.sys
0xB97D0000 \SystemRoot\system32\drivers\senfilt.sys
0xB9FCB000 \SystemRoot\system32\DRIVERS\owcmirrorminiV1.sys
0xB9FCA000 \SystemRoot\system32\DRIVERS\dsvideo.sys
0xB97B2000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xB9FC9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA6C7000 \SystemRoot\system32\DRIVERS\firehk.sys
0xBA6B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA566000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB979B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA6A7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA697000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7807000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB978A000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA687000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF780F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7817000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA677000 \SystemRoot\System32\Drivers\Pcouffin.sys
0xBA475000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF781F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79DB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB972C000 \SystemRoot\system32\DRIVERS\update.sys
0xBA157000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA153000 \SystemRoot\system32\drivers\EvoMouseDriverMini.sys
0xBA465000 \SystemRoot\system32\drivers\WDFLDR.SYS
0xB96BB000 \SystemRoot\System32\Drivers\wdf01000.sys
0xBA455000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA425000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA62B000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79DF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AA1000 \SystemRoot\System32\Drivers\Null.SYS
0xF79E1000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA5CE000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA623000 \SystemRoot\System32\drivers\dsload.sys
0xBA405000 \SystemRoot\system32\dsgrab_01cb850034e1eaca.dll
0xBA5C6000 \SystemRoot\System32\drivers\vga.sys
0xF79E3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79E5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA5BE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA5B6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA61B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB1575000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB151C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB14FA000 \??\C:\WINDOWS\system32\Drivers\FireTDI.sys
0xBA3F5000 \SystemRoot\system32\drivers\mfetdik.sys
0xB14D4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB14AC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB148A000 \SystemRoot\System32\drivers\afd.sys
0xBA3E5000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB145F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB1436000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0xB9FB4000 \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys
0xB13C6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9FA4000 \SystemRoot\System32\Drivers\Fips.SYS
0xB9F94000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA58E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB9F84000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA5AE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA5A6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA58A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7797000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB136A000 \SystemRoot\system32\DRIVERS\V0350Vid.sys
0xF79EB000 \SystemRoot\system32\DRIVERS\V0350VFx.sys
0xB9F74000 \SystemRoot\system32\drivers\usbaudio.sys
0xB1347000 \SystemRoot\system32\Drivers\V0350Afx.sys
0xB9F44000 \SystemRoot\System32\Drivers\usbaapl.sys
0xB12FB000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB12E3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79A7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB15A0000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA5DE000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AA5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBF159000 \SystemRoot\System32\ATMFD.DLL
0xBA435000 \SystemRoot\system32\drivers\drvnddm.sys
0xF779F000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xF7A6E000 \SystemRoot\system32\dla\tfsndres.sys
0xB122D000 \SystemRoot\system32\dla\tfsnifs.sys
0xB12D3000 \SystemRoot\system32\dla\tfsnopio.sys
0xF79B7000 \SystemRoot\system32\dla\tfsnpool.sys
0xF77A7000 \SystemRoot\system32\dla\tfsnboio.sys
0xB9F64000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7A71000 \SystemRoot\system32\dla\tfsndrct.sys
0xB1174000 \SystemRoot\system32\dla\tfsnudf.sys
0xB115B000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB111F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB0DBE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9ED2000 \SystemRoot\System32\drivers\BrPar.sys
0xB0D81000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0xB0D44000 \SystemRoot\system32\drivers\wdmaud.sys
0xB119D000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9ECA000 \SystemRoot\System32\drivers\aspi32.sys
0xB0B9E000 \??\c:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xF79B5000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xB9EB2000 \SystemRoot\system32\drivers\HIPPSK.sys
0xB09A5000 \SystemRoot\system32\drivers\HIPK.sys
0xBA5D6000 \SystemRoot\system32\drivers\HIPQK.sys
0xB0925000 \SystemRoot\system32\DRIVERS\srv.sys
0xB088D000 \??\C:\Program Files\Seiki\FlexiSTARTER Seiki Edition\Program\Par1284.sys
0xB03B1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB1023000 \??\C:\WINDOWS\system32\drivers\firelm01.sys
0xAFD45000 \SystemRoot\system32\drivers\mfeavfk.sys
0xAF2C5000 \SystemRoot\system32\drivers\kmixer.sys
0xAF214000 \SystemRoot\system32\drivers\mfeapfk.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
680 C:\WINDOWS\SYSTEM32\smss.exe
860 csrss.exe
888 C:\WINDOWS\SYSTEM32\winlogon.exe
932 C:\WINDOWS\SYSTEM32\services.exe
944 C:\WINDOWS\SYSTEM32\lsass.exe
1108 C:\WINDOWS\SYSTEM32\svchost.exe
1284 svchost.exe
1320 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1396 C:\WINDOWS\SYSTEM32\svchost.exe
1476 C:\WINDOWS\SYSTEM32\svchost.exe
1644 C:\WINDOWS\explorer.exe
1728 svchost.exe
1792 svchost.exe
1804 C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
1904 C:\WINDOWS\SYSTEM32\spoolsv.exe
1984 svchost.exe
2024 C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
192 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
264 C:\Program Files\Bonjour\mDNSResponder.exe
304 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
340 C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
368 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
460 C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
492 C:\WINDOWS\SYSTEM32\svchost.exe
600 C:\WINDOWS\SYSTEM32\svchost.exe
672 C:\Program Files\Java\jre6\bin\jqs.exe
700 C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
828 C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
1192 C:\Program Files\McAfee\Common Framework\FrameworkService.exe
1216 C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
1572 C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
1628 C:\WINDOWS\SYSTEM32\mfevtps.exe
1944 naPrdMgr.exe
1992 C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
2032 C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
2284 C:\WINDOWS\SYSTEM32\svchost.exe
2344 C:\WINDOWS\SYSTEM32\svchost.exe
2364 C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
2724 C:\WINDOWS\SYSTEM32\SAiDownloader.exe
2744 C:\WINDOWS\SYSTEM32\SAiLicSvr.exe
2768 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2840 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
2880 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
2896 C:\WINDOWS\SYSTEM32\snmp.exe
2964 C:\WINDOWS\SYSTEM32\svchost.exe
3068 C:\Program Files\TiVo\Desktop\TiVoBeacon.exe
3132 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
3216 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
3264 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3296 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
3328 C:\WINDOWS\SYSTEM32\searchindexer.exe
3444 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3508 C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
3624 mfeann.exe
2532 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2660 alg.exe
816 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
1052 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
4028 C:\WINDOWS\V0350Mon.exe
292 C:\WINDOWS\SYSTEM32\hkcmd.exe
472 C:\WINDOWS\SYSTEM32\igfxpers.exe
3936 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
3140 C:\Program Files\McAfee\Common Framework\UdaterUI.exe
3896 C:\Program Files\McAfee\Common Framework\McTray.exe
1328 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
2632 C:\Program Files\Brownie\BrStsWnd.exe
528 C:\Program Files\EssentialPIM Pro\EssentialPIM.exe
3592 C:\Program Files\Ditto\Ditto.exe
4116 C:\Program Files\EssentialPIM Pro\EssentialPIM.exe
4184 C:\WINDOWS\SYSTEM32\ctfmon.exe
4436 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
6140 C:\Program Files\7-Zip\7zFM.exe
4224 C:\WINDOWS\SYSTEM32\wuauclt.exe
4872 C:\WINDOWS\SYSTEM32\notepad.exe
4108 C:\WINDOWS\SYSTEM32\searchprotocolhost.exe
4152 searchfilterhost.exe
5044 C:\Documents and Settings\Mattr\desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`18836400 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: MAXTORSTM3500630A
PhysicalDrive1 Model Number: SeagateFreeAgent, Rev: 102D

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365
465 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!





TDSS Killer

2011/03/24 15:14:37.0812 4708 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/24 15:14:37.0843 4708 ================================================================================
2011/03/24 15:14:37.0843 4708 SystemInfo:
2011/03/24 15:14:37.0843 4708
2011/03/24 15:14:37.0843 4708 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/24 15:14:37.0843 4708 Product type: Workstation
2011/03/24 15:14:37.0843 4708 ComputerName: DELL
2011/03/24 15:14:37.0843 4708 UserName: Mattr
2011/03/24 15:14:37.0843 4708 Windows directory: C:\WINDOWS
2011/03/24 15:14:37.0843 4708 System windows directory: C:\WINDOWS
2011/03/24 15:14:37.0843 4708 Processor architecture: Intel x86
2011/03/24 15:14:37.0843 4708 Number of processors: 1
2011/03/24 15:14:37.0843 4708 Page size: 0x1000
2011/03/24 15:14:37.0843 4708 Boot type: Normal boot
2011/03/24 15:14:37.0843 4708 ================================================================================
2011/03/24 15:14:43.0953 4708 Initialize success
2011/03/24 15:14:52.0843 4740 ================================================================================
2011/03/24 15:14:52.0843 4740 Scan started
2011/03/24 15:14:52.0843 4740 Mode: Manual;
2011/03/24 15:14:52.0843 4740 ================================================================================
2011/03/24 15:14:53.0343 4740 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/24 15:14:53.0468 4740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/24 15:14:53.0546 4740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/24 15:14:53.0734 4740 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/24 15:14:53.0921 4740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/24 15:14:54.0015 4740 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/24 15:14:54.0109 4740 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/24 15:14:54.0187 4740 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/24 15:14:54.0281 4740 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/24 15:14:54.0437 4740 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/24 15:14:54.0562 4740 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/24 15:14:54.0703 4740 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/24 15:14:54.0859 4740 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/24 15:14:54.0937 4740 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/24 15:14:55.0031 4740 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/24 15:14:55.0187 4740 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/24 15:14:55.0359 4740 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/24 15:14:55.0515 4740 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/24 15:14:55.0718 4740 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/03/24 15:14:55.0812 4740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/24 15:14:55.0906 4740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/24 15:14:56.0046 4740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/24 15:14:56.0140 4740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/24 15:14:56.0234 4740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/24 15:14:56.0343 4740 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
2011/03/24 15:14:56.0750 4740 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/24 15:14:56.0843 4740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/24 15:14:56.0937 4740 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/24 15:14:57.0031 4740 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/24 15:14:57.0281 4740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/24 15:14:57.0390 4740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/24 15:14:57.0500 4740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/24 15:14:57.0593 4740 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/03/24 15:14:57.0859 4740 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/24 15:14:57.0984 4740 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/24 15:14:58.0125 4740 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/03/24 15:14:58.0343 4740 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) c:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/03/24 15:14:58.0515 4740 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/24 15:14:58.0656 4740 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/24 15:14:58.0812 4740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/24 15:14:58.0937 4740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/24 15:14:59.0093 4740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/24 15:14:59.0203 4740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/24 15:14:59.0375 4740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/24 15:14:59.0484 4740 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/03/24 15:14:59.0765 4740 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/03/24 15:14:59.0875 4740 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/03/24 15:15:00.0046 4740 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2011/03/24 15:15:00.0171 4740 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/03/24 15:15:00.0328 4740 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/24 15:15:00.0437 4740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/24 15:15:00.0531 4740 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/03/24 15:15:00.0718 4740 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/03/24 15:15:00.0921 4740 dsdd (886f37e9f0bfdfe02e3b4e24127834d7) C:\WINDOWS\system32\DRIVERS\dsvideo.sys
2011/03/24 15:15:01.0109 4740 dsload (cd9583503d4fc44a5ad44eea8b35692f) C:\WINDOWS\system32\drivers\dsload.sys
2011/03/24 15:15:01.0281 4740 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/03/24 15:15:01.0484 4740 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/03/24 15:15:01.0703 4740 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/24 15:15:01.0937 4740 EvoMouseDriverMini (d7060d296061a1bd79a1f66d39ee0076) C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys
2011/03/24 15:15:02.0140 4740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/24 15:15:02.0406 4740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/24 15:15:02.0531 4740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/24 15:15:02.0625 4740 Firehk (f96d1c2c40902604329933374950babb) C:\WINDOWS\system32\DRIVERS\firehk.sys
2011/03/24 15:15:02.0765 4740 FirehkMP (f96d1c2c40902604329933374950babb) C:\WINDOWS\system32\DRIVERS\firehk.sys
2011/03/24 15:15:02.0906 4740 firelm01 (b536bc3df46fd8f915cdb8cad7961d31) C:\WINDOWS\system32\drivers\firelm01.sys
2011/03/24 15:15:03.0109 4740 FirePM (c2a517a2e19584771a6b261ce80f56e9) C:\WINDOWS\system32\Drivers\FirePM.sys
2011/03/24 15:15:03.0281 4740 FireTDI (59ef4bd94fef480c6085064382dc31bb) C:\WINDOWS\system32\Drivers\FireTDI.sys
2011/03/24 15:15:03.0453 4740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/24 15:15:03.0546 4740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/24 15:15:03.0671 4740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/24 15:15:03.0750 4740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/24 15:15:03.0859 4740 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\drivers\gearaspiwdm.sys
2011/03/24 15:15:04.0031 4740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/24 15:15:04.0140 4740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/24 15:15:04.0234 4740 HIPK (c1213a169904db58b58602af542709d7) C:\WINDOWS\system32\drivers\HIPK.sys
2011/03/24 15:15:04.0421 4740 HIPPSK (24c4f92d7c60f6a84449c2914284e060) C:\WINDOWS\system32\drivers\HIPPSK.sys
2011/03/24 15:15:04.0593 4740 HIPQK (277c13f3df009801eeea728e32607dc6) C:\WINDOWS\system32\drivers\HIPQK.sys
2011/03/24 15:15:04.0796 4740 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/24 15:15:05.0046 4740 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/24 15:15:05.0218 4740 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/24 15:15:05.0375 4740 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/24 15:15:05.0562 4740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/24 15:15:05.0703 4740 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/24 15:15:05.0796 4740 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/24 15:15:05.0875 4740 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/24 15:15:06.0031 4740 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/03/24 15:15:06.0390 4740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/24 15:15:06.0531 4740 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/24 15:15:06.0828 4740 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/24 15:15:06.0921 4740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/24 15:15:07.0031 4740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/24 15:15:07.0125 4740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/24 15:15:07.0234 4740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/24 15:15:07.0343 4740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/24 15:15:07.0468 4740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/24 15:15:07.0578 4740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/24 15:15:07.0687 4740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/24 15:15:07.0828 4740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/24 15:15:07.0921 4740 KeyScrambler (75c3aca076eba5a676e3552085545f21) C:\WINDOWS\system32\drivers\keyscrambler.sys
2011/03/24 15:15:08.0125 4740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/24 15:15:08.0265 4740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/24 15:15:08.0546 4740 mfeapfk (a8d2c54c2f71f5cba7ca2734341e57e6) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/03/24 15:15:08.0734 4740 mfeavfk (28bb783d85df19e9e007e81daf40adcc) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/03/24 15:15:08.0906 4740 mfebopk (8e43e242073e9db5aa165ebe273ffd09) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/03/24 15:15:09.0109 4740 mfehidk (e94d35a2a9b175b34b995ab37216c73e) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/03/24 15:15:09.0375 4740 mferkdet (f68c9cda15114b360727fe622e4aec6f) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/03/24 15:15:09.0578 4740 mfetdik (78efa6fd2a486c476045eaa1d2f218b7) C:\WINDOWS\system32\drivers\mfetdik.sys
2011/03/24 15:15:09.0765 4740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/24 15:15:09.0890 4740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/24 15:15:09.0953 4740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/24 15:15:10.0093 4740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/24 15:15:10.0187 4740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/24 15:15:10.0281 4740 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/24 15:15:10.0453 4740 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2011/03/24 15:15:10.0562 4740 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/03/24 15:15:10.0765 4740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/24 15:15:10.0875 4740 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/24 15:15:11.0031 4740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/24 15:15:11.0140 4740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/24 15:15:11.0218 4740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/24 15:15:11.0312 4740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/24 15:15:11.0421 4740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/24 15:15:11.0515 4740 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/24 15:15:11.0625 4740 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/24 15:15:11.0750 4740 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/24 15:15:11.0968 4740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/24 15:15:12.0093 4740 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/24 15:15:12.0203 4740 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/24 15:15:12.0359 4740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/24 15:15:12.0468 4740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/24 15:15:12.0609 4740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/24 15:15:12.0875 4740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/24 15:15:12.0984 4740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/24 15:15:13.0234 4740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/24 15:15:13.0359 4740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/24 15:15:13.0531 4740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/24 15:15:13.0687 4740 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/24 15:15:13.0890 4740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/24 15:15:14.0000 4740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/24 15:15:14.0140 4740 owcmirrorV1 (b0be963407ee826f66462e5987bb246a) C:\WINDOWS\system32\DRIVERS\owcmirrorminiV1.sys
2011/03/24 15:15:14.0359 4740 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/03/24 15:15:14.0546 4740 Par1284 (8e55251d83763ccca60fe26a811cfb0c) C:\Program Files\Seiki\FlexiSTARTER Seiki Edition\Program\Par1284.sys
2011/03/24 15:15:14.0750 4740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/24 15:15:14.0890 4740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/24 15:15:14.0984 4740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/24 15:15:15.0093 4740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/24 15:15:15.0218 4740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/24 15:15:15.0312 4740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/24 15:15:15.0437 4740 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/03/24 15:15:15.0890 4740 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/24 15:15:16.0062 4740 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/24 15:15:16.0375 4740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/24 15:15:16.0453 4740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/24 15:15:16.0546 4740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/24 15:15:16.0656 4740 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/24 15:15:16.0750 4740 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/24 15:15:16.0828 4740 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/24 15:15:16.0937 4740 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/24 15:15:17.0203 4740 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/24 15:15:17.0312 4740 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/24 15:15:17.0421 4740 RapportCerberus_23945 (d9569c76a4e3fbae2cfe7ebf444ece4d) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys
2011/03/24 15:15:17.0656 4740 RapportKELL (b64262f33c53d690ed662fde57102b10) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2011/03/24 15:15:17.0937 4740 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/03/24 15:15:18.0125 4740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/24 15:15:18.0281 4740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/24 15:15:18.0406 4740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/24 15:15:18.0531 4740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/24 15:15:18.0656 4740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/24 15:15:18.0750 4740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/24 15:15:18.0890 4740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/24 15:15:19.0109 4740 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/24 15:15:19.0312 4740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/24 15:15:19.0531 4740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/24 15:15:19.0671 4740 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/03/24 15:15:19.0921 4740 Sentinel (95a26d5d8ceda33377af627dafc2796f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2011/03/24 15:15:20.0125 4740 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/24 15:15:20.0250 4740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/24 15:15:20.0453 4740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/24 15:15:20.0671 4740 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/24 15:15:20.0796 4740 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/24 15:15:20.0937 4740 smwdm (86c4d93b7b7818d066c52fdb03c6c921) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/24 15:15:21.0218 4740 snapman (b6aa9bbff890ffea333ffe81d0b888ff) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/03/24 15:15:21.0421 4740 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/24 15:15:21.0531 4740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/24 15:15:21.0625 4740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/24 15:15:21.0734 4740 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/24 15:15:21.0921 4740 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/03/24 15:15:22.0093 4740 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/03/24 15:15:22.0593 4740 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/24 15:15:22.0703 4740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/24 15:15:22.0812 4740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/24 15:15:22.0937 4740 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/24 15:15:23.0125 4740 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/24 15:15:23.0328 4740 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/24 15:15:23.0421 4740 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/24 15:15:23.0625 4740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/24 15:15:23.0765 4740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/24 15:15:23.0890 4740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/24 15:15:23.0968 4740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/24 15:15:24.0078 4740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/24 15:15:24.0234 4740 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/03/24 15:15:24.0390 4740 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/03/24 15:15:24.0796 4740 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/03/24 15:15:24.0937 4740 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
2011/03/24 15:15:25.0109 4740 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/03/24 15:15:25.0312 4740 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/03/24 15:15:25.0500 4740 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/03/24 15:15:25.0687 4740 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/03/24 15:15:25.0843 4740 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/03/24 15:15:26.0031 4740 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/03/24 15:15:26.0203 4740 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/03/24 15:15:26.0406 4740 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/24 15:15:26.0515 4740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/24 15:15:26.0765 4740 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/24 15:15:27.0000 4740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/24 15:15:27.0156 4740 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/24 15:15:27.0531 4740 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/24 15:15:27.0656 4740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/24 15:15:27.0750 4740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/24 15:15:27.0859 4740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/24 15:15:27.0968 4740 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/24 15:15:28.0109 4740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/24 15:15:28.0265 4740 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/24 15:15:28.0390 4740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/24 15:15:28.0515 4740 VF0350Afx (e8532ccc886588219bceb3ea6f9f5339) C:\WINDOWS\system32\Drivers\V0350Afx.sys
2011/03/24 15:15:28.0718 4740 VF0350Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\V0350VFx.sys
2011/03/24 15:15:28.0875 4740 VF0350Vid (0bfd58f9ad1e953f475526e12b81a85a) C:\WINDOWS\system32\DRIVERS\V0350Vid.sys
2011/03/24 15:15:29.0109 4740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/24 15:15:29.0250 4740 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/24 15:15:29.0359 4740 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/24 15:15:29.0453 4740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/24 15:15:29.0609 4740 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\WINDOWS\system32\DRIVERS\vpnva.sys
2011/03/24 15:15:29.0828 4740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/24 15:15:29.0984 4740 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/03/24 15:15:30.0265 4740 Wdf01000 (fc701a6c89737a631078ce5255b3fd12) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/03/24 15:15:30.0625 4740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/24 15:15:30.0984 4740 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/24 15:15:31.0187 4740 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/24 15:15:31.0296 4740 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/24 15:15:31.0375 4740 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/24 15:15:35.0718 4740 ================================================================================
2011/03/24 15:15:35.0734 4740 Scan finished
2011/03/24 15:15:35.0734 4740 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:25 PM

Posted 24 March 2011 - 06:21 PM

There's no problem there. I think as you have been getting some heat from your bank we will run a powerful tool which normally wouldn't be appropriate here.

Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 25 March 2011 - 09:25 AM

Here is the combofix log:

ComboFix 11-03-24.06 - Mattr 03/25/2011 7:08.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1439 [GMT -7:00]
Running from: c:\documents and settings\Mattr\Desktop\ComFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *Enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))
.
.
2011-03-25 13:50 . 2011-03-25 13:50 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-03-25 13:50 . 2011-03-25 13:50 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-03-25 13:50 . 2011-03-25 13:50 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-03-25 13:50 . 2011-03-25 13:50 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-03-25 13:50 . 2011-03-25 13:50 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-03-25 13:50 . 2011-03-25 13:50 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-03-25 13:50 . 2011-03-25 13:50 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-03-25 13:50 . 2011-03-25 13:50 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-03-25 13:50 . 2011-03-25 13:50 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-03-25 13:49 . 2011-03-25 13:49 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-03-25 13:49 . 2011-03-25 13:49 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-03-25 13:49 . 2011-03-25 13:49 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-03-25 13:49 . 2011-03-25 13:49 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-03-25 13:49 . 2011-03-25 13:49 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-03-25 13:49 . 2011-03-25 13:49 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-03-25 13:49 . 2011-03-25 13:49 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-03-25 13:49 . 2011-03-25 13:49 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-03-22 15:12 . 2010-06-15 19:57 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll
2011-03-16 05:46 . 2011-03-25 14:05 -------- d-----w- C:\ComboFix
2011-03-15 17:54 . 2010-02-11 15:03 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-03-15 17:54 . 2011-03-15 17:54 -------- d-----w- c:\program files\KeyScrambler
2011-03-15 17:14 . 2011-03-15 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-03-05 00:29 . 2011-03-05 00:29 -------- d-----w- c:\documents and settings\Mattr\Local Settings\Application Data\MicroVision Applications
2011-03-05 00:28 . 2011-03-05 00:28 -------- d-----w- c:\program files\Common Files\SureThing Shared
2011-03-05 00:28 . 2011-03-05 00:28 -------- d-----w- c:\program files\Memorex exPressit Label Design Studio
2011-03-05 00:28 . 2011-03-05 00:28 -------- d-----w- c:\windows\MVUNINST
2011-02-25 05:50 . 2011-02-26 17:41 -------- d-----w- c:\documents and settings\Mattr\Application Data\HP
2011-02-25 05:50 . 2011-02-25 05:50 -------- d-----w- c:\documents and settings\Mattr\Local Settings\Application Data\HP
2011-02-25 05:45 . 2009-06-09 09:43 316928 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp092.dll
2011-02-25 05:45 . 2009-06-09 09:43 122880 ----a-w- c:\windows\system32\hpf3l092.dll
2011-02-25 05:43 . 2011-02-25 05:43 -------- d-----w- c:\windows\hpoj4500g510n-z
2011-02-25 05:42 . 2009-08-17 18:34 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-02-25 05:42 . 2009-08-17 18:34 309760 ----a-w- c:\windows\system32\difxapi.dll
2011-02-25 05:42 . 2009-08-17 18:26 716288 ----a-w- c:\windows\system32\hpwwiax9.dll
2011-02-25 05:42 . 2009-08-17 18:26 593920 ----a-w- c:\windows\system32\hpwtscl5.dll
2011-02-25 05:42 . 2009-08-17 18:26 315392 ----a-w- c:\windows\system32\hpwvst01.dll
2011-02-25 05:42 . 2009-08-17 18:26 452408 ----a-w- c:\windows\system32\hpzids01.dll
2011-02-25 05:42 . 2009-08-17 18:34 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-02-25 05:42 . 2009-08-17 18:34 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-02-25 05:42 . 2009-08-17 18:34 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-02-25 05:26 . 2011-02-25 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-02-25 05:24 . 2011-02-25 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-02-25 05:24 . 2011-02-25 05:24 -------- d-----w- c:\program files\Common Files\HP
2011-02-25 05:24 . 2011-02-25 05:24 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-02-25 05:23 . 2011-02-25 05:23 -------- d-----w- c:\windows\hpoj4500g510g-m
2011-02-25 05:21 . 2011-02-26 16:15 -------- d-----w- c:\program files\HP
2011-02-23 23:33 . 2006-12-11 21:12 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2011-02-23 23:33 . 2011-02-23 23:33 -------- d-----w- c:\windows\PrimoPDF4
2011-02-23 23:33 . 2011-02-23 23:33 -------- d-----w- c:\program files\activePDF
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 02:59 . 2010-05-20 23:20 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-04 11:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-04 11:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 22:14 . 2010-03-14 15:37 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2009-08-23 19:51 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-02-25 16:00 . 2008-02-08 19:59 28472 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-02-25 16:00 . 2008-02-08 19:59 185224 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-02-25 16:01 . 2008-02-21 23:24 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-21 23:24 . 2008-02-21 23:24 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2010-08-26 04:07 . 2010-05-20 23:08 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-15_19.47.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-25 13:49 . 2011-03-25 13:49 16384 c:\windows\Temp\Perflib_Perfdata_b98.dat
+ 2011-03-25 13:49 . 2011-03-25 13:49 16384 c:\windows\Temp\Perflib_Perfdata_b0.dat
+ 2011-03-25 13:49 . 2011-03-25 13:49 16384 c:\windows\Temp\Perflib_Perfdata_150.dat
+ 2011-03-25 13:49 . 2011-03-25 13:49 41303 c:\windows\SYSTEM32\api_hook_list.dat
- 2011-03-15 17:59 . 2011-03-15 17:59 41303 c:\windows\SYSTEM32\api_hook_list.dat
- 2011-01-30 21:24 . 2011-03-02 15:24 46480 c:\windows\Installer\{10964A8F-21C1-45EA-BC2D-F84B505C3848}\NewShortcut21_75FE263BDAF54CF0B5FDBEE4B584F773.exe
+ 2011-01-30 21:24 . 2011-03-18 20:30 46480 c:\windows\Installer\{10964A8F-21C1-45EA-BC2D-F84B505C3848}\NewShortcut21_75FE263BDAF54CF0B5FDBEE4B584F773.exe
- 2010-04-23 20:07 . 2011-03-15 16:10 552557 c:\windows\orclobi\MyDesktop\script.dat
+ 2010-04-23 20:07 . 2011-03-16 17:22 552557 c:\windows\orclobi\MyDesktop\script.dat
+ 2011-01-30 21:24 . 2011-03-18 20:30 144784 c:\windows\Installer\{10964A8F-21C1-45EA-BC2D-F84B505C3848}\ARPPRODUCTICON.exe
- 2011-01-30 21:24 . 2011-03-02 15:24 144784 c:\windows\Installer\{10964A8F-21C1-45EA-BC2D-F84B505C3848}\ARPPRODUCTICON.exe
+ 2011-02-25 05:41 . 2011-03-21 23:09 207234 c:\windows\hpwins28.dat
+ 2011-03-18 20:29 . 2011-03-18 20:29 15301120 c:\windows\Installer\adc5ef.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2010-01-28 23:35 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2010-01-28 815104]
.
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2010-01-28 815104]
.
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EssentialPIM Pro"="c:\program files\EssentialPIM Pro\EssentialPIM.exe" [2008-08-13 3297280]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2009-08-16 716800]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-06-04 32768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-22 136512]
"tcpwindowsize.exe_executed"="c:\windows\orclobi\repDB_1.exe" [2004-02-02 147393]
"tcpwindowsize.exe_finished"="c:\windows\orclobi\repDB_2.exe" [2004-02-02 147393]
"TweakAutomaticUpdates"="c:\windows\OrclOBI\gdswsuspatch_soon.exe" [2005-12-22 126887]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-26 124224]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-06-15 979104]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"MPlayer2_FixUp"="c:\windows\inf\unregmp2.exe" [2007-06-27 317440]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-5-20 6144]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Verizon_McciTrayApp"=c:\program files\Verizon\McciTrayApp.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"MaxBlastMonitor.exe"=c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe
"AcronisTimounterMonitor"=c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"AmazonGSDownloaderTray"=c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
"ODP"="c:\progra~1\odp\odp.exe"
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Reflection\\Rx.exe"=
"c:\\Program Files\\Auction Submit\\AuctionSubmit3.exe"=
"c:\\Program Files\\NetMeeting\\CONF.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\PatentWizard, LLC\\PatentHunter3\\PatentHunter.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eBay\\Turbo Lister2\\Tl.exe"=
"c:\\Program Files\\BitZip\\bitzip.exe"=
"c:\\Program Files\\mozilla.org\\Mozilla\\mozilla.exe"=
"c:\\Program Files\\TVHarmony\\AutoPilot.exe"=
"c:\\WINDOWS\\SYSTEM32\\java.exe"=
"c:\\Program Files\\Reflection\\rftpc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\WINDOWS\\SYSTEM32\\SAiLicSvr.exe"=
"c:\\Program Files\\Seiki\\FlexiSTARTER Seiki Edition\\Program\\app2.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Documents and Settings\\Mattr\\My Documents\\Downloads\\mudt.exe"=
"c:\\WINDOWS\\orclobi\\MyDesktopHolding\\unlicensed\\global\\odp\\odp_1.7.0.0.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\PhonePower\\PhonePower.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\\setup\\hpznui01.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 RapportKELL;RapportKELL;c:\windows\SYSTEM32\DRIVERS\RapportKELL.sys [10/3/2010 11:43 PM 59240]
R1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys [2/22/2011 8:10 AM 55224]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/3/2010 11:43 PM 169320]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [6/15/2010 12:57 PM 1498224]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [3/9/2011 11:11 AM 35696]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [12/16/2009 8:31 PM 222528]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [8/25/2010 9:07 PM 22816]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [5/20/2010 4:08 PM 69192]
R2 MyDesktopWindows;MyDesktopService;c:\windows\orclobi\MyDesktop\MyDesktopService.exe [2/18/2011 1:21 PM 1030144]
R2 QOSMyDesktop;QOS MyDesktop;c:\windows\orclobi\MyDesktop\MyDesktopQOS.exe [10/13/2009 12:18 PM 470016]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/3/2010 11:43 PM 767208]
R2 SAiDownloader;SAiDownloader;c:\windows\SYSTEM32\SAiDownloader.exe [7/28/2008 2:24 PM 438272]
R2 SAiLicSvr;SAiLicSvr;c:\windows\SYSTEM32\SAiLicSvr.exe [7/28/2008 2:28 PM 86016]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 1:00 AM 316992]
R2 TivoBeacon2;TiVo Beacon Service;c:\program files\TiVo\Desktop\TiVoBeacon.exe [11/2/2009 2:17 PM 1098968]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [5/5/2010 6:59 PM 583360]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 11:28 AM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
R3 dsdd;dsdd;c:\windows\SYSTEM32\DRIVERS\dsvideo.sys [8/19/2010 12:04 PM 2144]
R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\SYSTEM32\DRIVERS\EvoMouseDriverMini.sys [2/2/2011 10:10 AM 20024]
R3 FirehkMP;FirehkMP;c:\windows\SYSTEM32\DRIVERS\firehk.sys [5/20/2010 4:16 PM 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\SYSTEM32\DRIVERS\HIPK.sys [5/20/2010 4:17 PM 107960]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\SYSTEM32\DRIVERS\HIPPSK.sys [5/20/2010 4:17 PM 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\SYSTEM32\DRIVERS\HIPQK.sys [5/20/2010 4:17 PM 35552]
R3 KeyScrambler;KeyScrambler;c:\windows\SYSTEM32\DRIVERS\keyscrambler.sys [3/15/2011 10:54 AM 114952]
R3 owcmirrorV1;owcmirrorV1;c:\windows\SYSTEM32\DRIVERS\owcmirrorminiV1.sys [3/16/2010 9:29 AM 3712]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\SYSTEM32\DRIVERS\V0350Afx.sys [1/31/2008 5:34 PM 142656]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\SYSTEM32\DRIVERS\V0350Vfx.sys [1/31/2008 5:34 PM 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\SYSTEM32\DRIVERS\V0350Vid.sys [1/31/2008 5:34 PM 170368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate1caa45020ee47ca;Google Update Service (gupdate1caa45020ee47ca);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 2:38 PM 133104]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/10/2010 11:59 AM 401920]
S3 CDVDService;CDVDService;c:\program files\1Step DVD Copy\CDVDService.exe [9/10/2010 3:00 PM 348160]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\firehk.sys [5/20/2010 4:16 PM 44680]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/20/2010 4:08 PM 66536]
S3 Normandy;Normandy SR2; [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 3:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
UnknownUnknown dsload;dsload; [x]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - dsgrab_01cb850034e1eaca
*Deregistered* - RapportIaso
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-03-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-26 17:32]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:38]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &PHToolBand -
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{5CC5AADB-AD8E-433a-A5DE-46F33901281A} - c:\program files\PC TechZone\Merlin AuctionMagic\IE Toolbar\iebutton.htm
IE: {{5BB29DC6-4046-4aa1-B590-C29372456BA0} - {9A85FF39-28A4-4bf1-8290-DD075267FF35} - c:\windows\Downloaded Program Files\ClickMap.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: bandInstaller - hxxps://sitecatalyst.omniture.com/sc12/clickmap/ClickMapInstaller.CAB
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://vapwfa.ops.placeware.com/etc/place/FOLDER/VAFpws-a1/5.1.8.511/lib/quicksilver.cab
FF - ProfilePath - c:\documents and settings\Mattr\Application Data\Mozilla\Firefox\Profiles\xv6uyd8o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: network.proxy.ftp - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - Ext: Alexa Sparky: toolbar@alexa.com - %profile%\extensions\toolbar@alexa.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SyncPlaces: syncplaces@andyhalford.com - %profile%\extensions\syncplaces@andyhalford.com
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor Enterprise
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Mattr\Application Data\Move Networks
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-25 07:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll
.
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll
.
- - - - - - - > 'csrss.exe'(860)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll
.
Completion time: 2011-03-25 07:20:31
ComboFix-quarantined-files.txt 2011-03-25 14:20
ComboFix2.txt 2011-03-15 19:51
ComboFix3.txt 2010-11-15 16:15
ComboFix4.txt 2010-10-28 15:05
ComboFix5.txt 2011-03-25 14:06
.
Pre-Run: 388,639,666,176 bytes free
Post-Run: 388,611,690,496 bytes free
.
- - End Of File - - 0A91A3A8C53E4F835B444FA2BB2112E3

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:25 PM

Posted 25 March 2011 - 09:01 PM

That's as it should be - no problems on that log.

Please run MBAM and ESET to complete this clean-up

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Followed by ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Posted Image
m0le is a proud member of UNITE

#9 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 26 March 2011 - 09:11 AM

Here's the first log, please wait until my next post for the ESET scan.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6173

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/26/2011 7:08:06 AM
mbam-log-2011-03-26 (07-08-06).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|I:\|J:\|L:\|)
Objects scanned: 538042
Time elapsed: 4 hour(s), 36 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP63\A0024580.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

#10 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 27 March 2011 - 08:49 AM

WOW, the ESET scan finally finished after 17 hours. Here is the log:

C:\Documents and Settings\Mattr\Application Data\Sun\Java\Deployment\cache\6.0\33\eee2921-3e4c9554 multiple threats deleted - quarantined
C:\Documents and Settings\Mattr\Application Data\Sun\Java\Deployment\cache\6.0\43\45ed8eeb-217155b7 multiple threats deleted - quarantined
E:\Seagate Backup\DELL\History\Level2\D\Documents and Settings\Mattr\My Documents\Downloads\pwdremover.exe probably a variant of Win32/PSWTool.PdfCracker.A application deleted - quarantined

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:25 PM

Posted 27 March 2011 - 01:44 PM

That ESET does look everywhere

How is the machine running? Any problems?
Posted Image
m0le is a proud member of UNITE

#12 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 27 March 2011 - 02:16 PM

Yes, everything is working fine, no problems.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:25 PM

Posted 27 March 2011 - 04:31 PM

Excellent, then we come to the best bit...

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it Magic Dude, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#14 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 28 March 2011 - 09:36 AM

Thanks m0le for all your help. It is good to know that all is cleaned-up. I will clean-up as you suggested and also install some anti-spyware code as well. Again, many thanks for all your help.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:25 PM

Posted 31 March 2011 - 06:26 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users