Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random "Breaking News" Browser Pop-ups and Redirects from Google Search Results


  • This topic is locked This topic is locked
18 replies to this topic

#1 mtong79

mtong79

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 13 May 2011 - 04:12 PM

Hi all,

Thanks for taking a look at my issue.

While browsing in Firefox, I received a Trojan of some sort that was detected by AVG. I moved the threat to Vault and rebooted, which led to my desktop background being changed and some pop-up "fake" virus and spyware notifications.

I rebooted in Safe Mode and ran Malwarebytes AntiMalware which detected a lot of trojans which were then cleaned out. Spybot was also run and items were cleaned out. As of now, both scans run clean with no issues.

However, during browsing, there are also random pop-up browser windows with ads that I immediately close. After performing Google searches, clicking on any results takes me to ad pages rather than the actualresult pages.

I suspect this is a rootkit since other scans do not pick up anything.

I am very computer-literate so please feel free to ask for anything.

DDS.TXT file is below and ark.txt and attach.txt are attached.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael at 16:39:41.85 on Fri 05/13/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.638.47 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Michael\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [tgcmd] c:\program files\support.com\bin\tgcmd.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe
mRun: [Tgcmd] "c:\program files\support.com\bin\tgcmd.exe /server"
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} - hxxp://www.timevision.com/codebase50/OrgPubX.cab
DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\jjn80sb6.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\michael\application data\mozilla\firefox\profiles\jjn80sb6.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-22 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-22 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-22 243152]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-20 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-18 308136]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-1-4 10448]
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [2005-2-20 32840]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\cfrmd.sys --> c:\windows\system32\drivers\CFRMD.sys [?]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys --> c:\windows\system32\drivers\rcvpn.sys [?]
.
=============== Created Last 30 ================
.
2011-05-13 14:28:48 0 ----a-w- c:\documents and settings\michael\ntuser.tmp
2011-05-13 14:20:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\nL06509CmMdO06509
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: IC35L090AVV207-0 rev.V23OA66A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x833304D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x833367f0]; MOV EAX, [0x8333686c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x83357AB8]
3 CLASSPNP[0xF89E9FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000008a[0x833EB830]
5 ACPI[0xF88D0620] -> nt!IofCallDriver[0x804E37D5] -> [0x833AAD98]
\Driver\atapi[0x833A9658] -> IRP_MJ_CREATE -> 0x833304D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { CLI ; XOR AX, AX; MOV ES, AX; MOV DS, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, SP; STI ; CLD ; MOV DI, 0x600; MOV CX, 0x100; REP MOVSW ; MOV AX, 0x6df; PUSH AX; RET ; ADD [BX], CL; ADD [BX+DI], AL; OR AL, [DI+0x72]; JB 0x95; JB 0x48; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8333031B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 16:42:50.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:09 PM

Posted 13 May 2011 - 04:20 PM

Good evening. :)

Download aswMBR.exe from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Scan button to, well, start the scan - obvious really!
  • Once the scan reports "Scan finished successfully", which takes less than a minute on my system, click Save log.
  • On my system it offers to save it to the Desktop, which may or may not be it's default behaviour, but it's as handy a place as any.
  • You'll also see a file called MBR.dat appear as well - this is a backup that it created, just in case it's needed. Keep it handy for now.

I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

So long, and thanks for all the fish.

 

 


#3 mtong79

mtong79
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 13 May 2011 - 05:01 PM

Hi Noviciate,

Thank you for the assistance. Contents of aswMBR.txt. Please note that I am headed out of town in 5 minutes so the earliest I can answer any reply is Sunday.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-13 17:59:24
-----------------------------
17:59:24.796 OS Version: Windows 5.1.2600 Service Pack 3
17:59:24.796 Number of processors: 1 586 0x207
17:59:24.796 ComputerName: TONG UserName:
17:59:25.718 Initialize success
17:59:44.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:59:44.531 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76324MB BusType: 3
17:59:44.531 Device \Driver\atapi -> DriverStartIo 8337031b
17:59:46.546 Disk 0 MBR read successfully
17:59:46.546 Disk 0 MBR scan
17:59:46.546 Disk 0 TDL4@MBR code has been found
17:59:46.546 Disk 0 MBR hidden
17:59:46.546 Disk 0 MBR [TDL4] **ROOTKIT**
17:59:46.546 Disk 0 trace - called modules:
17:59:46.562 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x833704d0]<<
17:59:46.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8334fab8]
17:59:46.562 3 CLASSPNP.SYS[f89d9fd7] -> nt!IofCallDriver -> \Device\0000008a[0x833a6c78]
17:59:46.562 5 ACPI.sys[f88d0620] -> nt!IofCallDriver -> [0x8338ed98]
17:59:46.562 \Driver\atapi[0x8338e3d0] -> IRP_MJ_CREATE -> 0x833704d0
17:59:47.078 Scan finished successfully
18:00:17.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael\Desktop\MBR.dat"
18:00:17.671 The log file has been saved successfully to "C:\Documents and Settings\Michael\Desktop\aswMBR.txt"

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:09 PM

Posted 13 May 2011 - 05:50 PM

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#5 mtong79

mtong79
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 15 May 2011 - 09:44 AM

Contents of TDSS report. Reboot did occur.

2011/05/15 10:36:53.0156 2108 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/15 10:36:53.0640 2108 ================================================================================
2011/05/15 10:36:53.0640 2108 SystemInfo:
2011/05/15 10:36:53.0640 2108
2011/05/15 10:36:53.0640 2108 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/15 10:36:53.0640 2108 Product type: Workstation
2011/05/15 10:36:53.0640 2108 ComputerName: TONG
2011/05/15 10:36:53.0640 2108 UserName: Michael
2011/05/15 10:36:53.0640 2108 Windows directory: C:\WINDOWS
2011/05/15 10:36:53.0640 2108 System windows directory: C:\WINDOWS
2011/05/15 10:36:53.0640 2108 Processor architecture: Intel x86
2011/05/15 10:36:53.0640 2108 Number of processors: 1
2011/05/15 10:36:53.0640 2108 Page size: 0x1000
2011/05/15 10:36:53.0640 2108 Boot type: Normal boot
2011/05/15 10:36:53.0640 2108 ================================================================================
2011/05/15 10:36:54.0328 2108 Initialize success
2011/05/15 10:37:00.0328 3812 ================================================================================
2011/05/15 10:37:00.0328 3812 Scan started
2011/05/15 10:37:00.0328 3812 Mode: Manual;
2011/05/15 10:37:00.0328 3812 ================================================================================
2011/05/15 10:37:01.0062 3812 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/15 10:37:01.0218 3812 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/05/15 10:37:01.0390 3812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/15 10:37:01.0500 3812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/15 10:37:01.0625 3812 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/15 10:37:01.0765 3812 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/15 10:37:01.0953 3812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/15 10:37:02.0109 3812 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/15 10:37:02.0234 3812 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/15 10:37:02.0359 3812 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/15 10:37:02.0468 3812 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/15 10:37:02.0578 3812 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/15 10:37:02.0687 3812 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/15 10:37:02.0843 3812 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/15 10:37:02.0937 3812 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/15 10:37:03.0109 3812 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/15 10:37:03.0250 3812 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/15 10:37:03.0375 3812 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/15 10:37:03.0484 3812 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/15 10:37:03.0656 3812 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/15 10:37:03.0796 3812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/15 10:37:03.0906 3812 atapi (6136e021614952eac27ca8cd98e956d5) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/15 10:37:04.0234 3812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/15 10:37:04.0375 3812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/15 10:37:04.0531 3812 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2011/05/15 10:37:04.0671 3812 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2011/05/15 10:37:04.0812 3812 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
2011/05/15 10:37:04.0937 3812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/15 10:37:05.0187 3812 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/15 10:37:05.0312 3812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/15 10:37:05.0421 3812 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/15 10:37:05.0515 3812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/15 10:37:05.0640 3812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/15 10:37:05.0796 3812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/15 10:37:06.0140 3812 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/15 10:37:06.0265 3812 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/15 10:37:06.0406 3812 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/15 10:37:06.0515 3812 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/15 10:37:06.0640 3812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/15 10:37:06.0812 3812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/15 10:37:07.0031 3812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/15 10:37:07.0125 3812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/15 10:37:07.0265 3812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/15 10:37:07.0406 3812 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/15 10:37:07.0531 3812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/15 10:37:07.0671 3812 drvmcdb (5ded5b8579a6edd003ce8a846b13574d) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/05/15 10:37:07.0796 3812 drvnddm (5adc10796036db00f89349c445f28b69) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/05/15 10:37:08.0015 3812 E100B (fe9cb643a034285031502d3369e5a869) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/15 10:37:08.0203 3812 EGATHDRV (3ef85cad624ea5a26984915ccebc9440) C:\WINDOWS\System32\EGATHDRV.SYS
2011/05/15 10:37:08.0375 3812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/15 10:37:08.0515 3812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/15 10:37:08.0687 3812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/15 10:37:08.0812 3812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/15 10:37:08.0921 3812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/15 10:37:09.0093 3812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/15 10:37:09.0203 3812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/15 10:37:09.0343 3812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/15 10:37:09.0500 3812 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/15 10:37:09.0625 3812 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/15 10:37:09.0734 3812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/15 10:37:09.0875 3812 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/15 10:37:10.0062 3812 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/15 10:37:10.0171 3812 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/15 10:37:10.0328 3812 ialm (16f8de7a7f9023aac04dec6a8a264441) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/15 10:37:10.0453 3812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/15 10:37:10.0593 3812 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/15 10:37:10.0718 3812 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/15 10:37:10.0843 3812 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/15 10:37:11.0015 3812 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/15 10:37:11.0156 3812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/15 10:37:11.0281 3812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/15 10:37:11.0406 3812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/15 10:37:11.0531 3812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/15 10:37:11.0671 3812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/15 10:37:11.0796 3812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/15 10:37:11.0921 3812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/15 10:37:12.0093 3812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/15 10:37:12.0218 3812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/15 10:37:12.0406 3812 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/05/15 10:37:12.0609 3812 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/05/15 10:37:12.0750 3812 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/05/15 10:37:12.0859 3812 LUsbFilt (81642f134929946ab4b9572c4c17298c) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2011/05/15 10:37:13.0015 3812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/15 10:37:13.0140 3812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/15 10:37:13.0265 3812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/15 10:37:13.0390 3812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/15 10:37:13.0500 3812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/15 10:37:13.0640 3812 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/15 10:37:13.0765 3812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/15 10:37:13.0906 3812 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/15 10:37:14.0156 3812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/15 10:37:14.0312 3812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/15 10:37:14.0421 3812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/15 10:37:14.0562 3812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/15 10:37:14.0671 3812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/15 10:37:14.0796 3812 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/15 10:37:14.0921 3812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/15 10:37:15.0062 3812 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/15 10:37:15.0171 3812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/15 10:37:15.0312 3812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/15 10:37:15.0406 3812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/15 10:37:15.0546 3812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/15 10:37:15.0687 3812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/15 10:37:15.0843 3812 ngrpci (bdfa550022facf2a922213065924f529) C:\WINDOWS\system32\DRIVERS\ngrpci.sys
2011/05/15 10:37:16.0000 3812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/15 10:37:16.0140 3812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/15 10:37:16.0296 3812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/15 10:37:16.0468 3812 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/15 10:37:16.0656 3812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/15 10:37:16.0765 3812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/15 10:37:16.0906 3812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/15 10:37:17.0046 3812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/15 10:37:17.0156 3812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/15 10:37:17.0265 3812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/15 10:37:17.0468 3812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/15 10:37:17.0578 3812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/15 10:37:18.0062 3812 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/15 10:37:18.0171 3812 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/15 10:37:18.0343 3812 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
2011/05/15 10:37:18.0484 3812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/15 10:37:18.0609 3812 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/15 10:37:18.0734 3812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/15 10:37:18.0875 3812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/15 10:37:19.0015 3812 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/05/15 10:37:19.0140 3812 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/15 10:37:19.0265 3812 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/15 10:37:19.0375 3812 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/15 10:37:19.0484 3812 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/15 10:37:19.0578 3812 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/15 10:37:19.0687 3812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/15 10:37:19.0828 3812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/15 10:37:19.0984 3812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/15 10:37:20.0109 3812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/15 10:37:20.0312 3812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/15 10:37:20.0421 3812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/15 10:37:20.0562 3812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/15 10:37:20.0718 3812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/15 10:37:20.0843 3812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/15 10:37:21.0093 3812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/15 10:37:21.0250 3812 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/15 10:37:21.0375 3812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/15 10:37:21.0500 3812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/15 10:37:21.0734 3812 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/15 10:37:21.0890 3812 smwdm (9b8aeed0dc8198efb83d06baf2fab2e2) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/15 10:37:22.0250 3812 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/15 10:37:22.0500 3812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/15 10:37:22.0656 3812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/15 10:37:22.0843 3812 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/15 10:37:23.0078 3812 sscdbhk5 (9ccdff7e164afb7cc342837b01e6f40b) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/05/15 10:37:23.0218 3812 ssrtln (8137f99a7bf2202a02bf19e91ee71220) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/05/15 10:37:23.0375 3812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/15 10:37:23.0515 3812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/15 10:37:23.0687 3812 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/15 10:37:23.0796 3812 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/15 10:37:23.0921 3812 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/15 10:37:24.0078 3812 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/15 10:37:24.0203 3812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/15 10:37:24.0328 3812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/15 10:37:24.0453 3812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/15 10:37:24.0593 3812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/15 10:37:24.0703 3812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/15 10:37:24.0843 3812 tfsnboio (7ab91b002bc6b8e70a6c120d45c56cf2) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/05/15 10:37:25.0000 3812 tfsncofs (1a59190cf7284e073dbd08c358cacc81) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/05/15 10:37:25.0171 3812 tfsndrct (392902d0d19eda465e4ce555e1a2cd6d) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/05/15 10:37:25.0281 3812 tfsndres (cf4023fade6405efd78b1bc4b17b8e0e) C:\WINDOWS\system32\dla\tfsndres.sys
2011/05/15 10:37:25.0406 3812 tfsnifs (53be789b87dbd37a556f704443915147) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/05/15 10:37:25.0515 3812 tfsnopio (b39ce85a6365130365005e9ea6d48162) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/05/15 10:37:25.0640 3812 tfsnpool (fb7506e6b4d4e5391c64f219bb668e67) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/05/15 10:37:25.0765 3812 tfsnudf (86498c1e1dc1497ec3620ff5cd334ddc) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/05/15 10:37:25.0875 3812 tfsnudfa (babb027315d4279590a4009a424cc10e) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/05/15 10:37:26.0093 3812 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/15 10:37:26.0234 3812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/15 10:37:26.0359 3812 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/15 10:37:26.0484 3812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/15 10:37:26.0625 3812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/15 10:37:26.0765 3812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/15 10:37:26.0890 3812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/15 10:37:27.0062 3812 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/15 10:37:27.0171 3812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/15 10:37:27.0281 3812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/15 10:37:27.0390 3812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/15 10:37:27.0515 3812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/15 10:37:27.0640 3812 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/15 10:37:27.0750 3812 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/15 10:37:27.0875 3812 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/15 10:37:28.0062 3812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/15 10:37:28.0203 3812 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/15 10:37:28.0421 3812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/15 10:37:28.0703 3812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/15 10:37:28.0859 3812 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/15 10:37:29.0046 3812 {6080A529-897E-4629-A488-ABA0C29B635E} (02cea7fc83b48d59732dcaee910334fa) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/05/15 10:37:29.0203 3812 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (68547ea3ab2fbdbee8e6aca9640996b6) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/05/15 10:37:29.0265 3812 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/15 10:37:29.0281 3812 ================================================================================
2011/05/15 10:37:29.0281 3812 Scan finished
2011/05/15 10:37:29.0281 3812 ================================================================================
2011/05/15 10:37:29.0312 3804 Detected object count: 1
2011/05/15 10:37:35.0562 3804 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/15 10:37:35.0562 3804 \HardDisk0 - ok
2011/05/15 10:37:35.0562 3804 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/15 10:37:38.0343 2112 Deinitialize success

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:09 PM

Posted 15 May 2011 - 01:22 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also throw in a fresh DDS log and let me know how the PC is behaving.

So long, and thanks for all the fish.

 

 


#7 mtong79

mtong79
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 15 May 2011 - 02:50 PM

Computer is running fine and there are no pop-ups and redirects. ESET found two threats and the log contents is below.

For some reason I can't get DDS to complete. The computer freezes towards the end of the process right before the TXT file is generated, which obviously didn't happen earlier when I provided the first DDS log. I am trying to generate a DDS log and will post it when I can.

C:\Documents and Settings\Michael\Local Settings\temp\jar_cache3853521603795434766.tmp a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Program Files\WinRAR\rasadhlp.dll probably a variant of Win32/Delf.NWS trojan

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:09 PM

Posted 15 May 2011 - 03:25 PM

Try downloading a fresh copy - it sometimes helps.

So long, and thanks for all the fish.

 

 


#9 mtong79

mtong79
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 16 May 2011 - 07:01 AM

I can not get the DDS script to finish despite numerous restarts and reinstalls. Are there any other logs that can help? What about the results of the ESET scan I posted earlier?

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:09 PM

Posted 16 May 2011 - 02:01 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double clikc the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please go to Jotti's and click on the Browse... button at the top and navigate to the following file and then click on Submit:

C:\Program Files\WinRAR\rasadhlp.dll

When all the scans have been completed, please copy and paste the "Permalink" that you'll find in the "Jotti's malware scan" box in the upper left hand part of the page into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Go to Start > Control Panel > Java and select the General Tab.
Under Temporary Internet Files, click on Settings...
Cick on Delete Files...
Ensure that "Applications and Applets is checked - "Trace and Log Files" is optional - and then click on OK.

So long, and thanks for all the fish.

 

 


#11 mtong79

mtong79
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 16 May 2011 - 03:05 PM

OTL scan only produced one file, OTL.txt.

OTL logfile created on: 5/16/2011 3:57:38 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

638.00 Mb Total Physical Memory | 203.00 Mb Available Physical Memory | 32.00% Memory free
987.00 Mb Paging File | 589.00 Mb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.51 Gb Total Space | 39.49 Gb Free Space | 54.47% Space Free | Partition Type: NTFS

Computer Name: TONG | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 15:12:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.scr
PRC - [2011/03/16 21:11:14 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/30 21:45:13 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/09 16:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 19:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/09/23 17:45:31 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/20 22:26:37 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/18 13:15:09 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/18 13:15:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/18 13:12:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/07/15 19:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/06/26 20:36:58 | 000,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2001/11/07 06:50:06 | 001,519,616 | ---- | M] (Support.com, Inc.) -- C:\Program Files\Support.com\bin\tgcmd.exe


========== Modules (SafeList) ==========

MOD - [2011/05/16 15:12:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.scr
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PLSRemoteSvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/10/28 06:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/07/20 22:26:37 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/18 13:15:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2002/07/15 19:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/05/03 16:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/05/12 13:23:16 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/10/07 17:48:48 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2010/08/24 13:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 13:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 13:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 13:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/07/18 13:12:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 17:34:20 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2001/08/17 16:12:20 | 000,032,840 | ---- | M] (NETGEAR Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ngrpci.sys -- (ngrpci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/30 22:03:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 20:38:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/08 21:41:31 | 000,000,000 | ---D | M]

[2008/12/16 19:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2011/05/16 15:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jjn80sb6.default\extensions
[2009/07/29 21:47:38 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jjn80sb6.default\extensions\moveplayer@movenetworks.com
[2009/04/04 10:03:26 | 000,002,190 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jjn80sb6.default\searchplugins\hulu.xml
[2008/12/20 00:05:32 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jjn80sb6.default\searchplugins\youtube-video-search.xml
[2011/05/16 15:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/12 19:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/29 10:04:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/30 22:03:17 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010/10/11 17:36:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/02/19 13:46:30 | 000,429,281 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14803 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [Tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe (Support.com, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe (Support.com, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} http://www.timevision.com/codebase50/OrgPubX.cab (OrgPublisher PluginX)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab (NsvPlayX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/20 15:43:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 15:12:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.scr
[2011/05/13 16:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\gmer
[2011/05/13 13:20:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
[2011/05/13 10:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nL06509CmMdO06509
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Michael\*.tmp files -> C:\Documents and Settings\Michael\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 15:33:32 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 15:32:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 15:32:30 | 669,044,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/16 15:12:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.scr
[2011/05/16 08:34:16 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\dds.scr
[2011/05/16 08:34:16 | 000,625,664 | ---- | M] () -- C:\dds.scr
[2011/05/15 15:50:09 | 076,046,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/05/15 11:08:59 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/05/13 10:20:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\2gweorjqjutp92vjy9gake
[2011/05/12 19:25:49 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2011/05/12 13:23:16 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/04/21 18:13:05 | 006,260,767 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\B.o.B - _New York_ New York_ ft. Alicia Keys _Longer Version Remix_ Lyrics Included.mp3
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Michael\*.tmp files -> C:\Documents and Settings\Michael\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 08:34:37 | 000,625,664 | ---- | C] () -- C:\dds.scr
[2011/05/16 08:34:18 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\dds.scr
[2011/05/13 11:15:59 | 669,044,736 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/13 10:20:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\2gweorjqjutp92vjy9gake
[2011/04/21 18:12:47 | 006,260,767 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\B.o.B - _New York_ New York_ ft. Alicia Keys _Longer Version Remix_ Lyrics Included.mp3
[2010/10/06 17:47:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/22 17:55:28 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rfisisucejalaf.dat
[2010/09/22 17:55:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Oyinamehigatag.bin
[2010/08/01 11:05:31 | 000,000,614 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/03/24 23:06:10 | 000,013,458 | -HS- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\20xYJkS83BHk4
[2010/03/24 23:06:10 | 000,013,458 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4
[2008/12/16 19:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/02/28 22:28:52 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/28 22:28:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/20 22:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/02/20 22:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/09 11:34:28 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/09 11:34:28 | 000,003,443 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/01/28 22:30:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/17 19:35:57 | 000,000,191 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/02/06 21:53:39 | 000,001,370 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/26 12:47:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\dm.ini
[2005/02/21 22:17:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/20 18:21:48 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/02/20 16:46:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/20 16:32:05 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/02/20 16:23:55 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/02/20 16:05:43 | 000,012,499 | ---- | C] () -- C:\WINDOWS\System32\EONSYSREV_1.DLL
[2005/02/20 15:34:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/20 15:32:41 | 000,001,800 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/20 15:32:20 | 000,082,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/02/20 15:32:20 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise.ini
[2005/02/20 15:32:19 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2005/02/20 15:32:19 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2005/02/20 15:31:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2005/02/20 15:31:30 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2005/02/20 15:27:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2005/02/03 23:59:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\metaflac.exe
[2005/02/03 23:59:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\flac.exe
[2002/09/23 19:00:23 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2002/09/23 17:45:13 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/09/23 17:37:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/09/23 17:30:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/23 17:25:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/23 17:24:52 | 000,170,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/17 14:34:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/03/26 13:36:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2002/02/14 20:14:36 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2002/02/06 13:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/10 18:55:22 | 000,004,010 | ---- | C] () -- C:\WINDOWS\System32\egathdrv.sys
[2001/08/31 19:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/23 11:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 11:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/06/08 19:54:30 | 000,003,478 | ---- | C] () -- C:\WINDOWS\translat.ini
[1980/01/01 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 04:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 04:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/05/22 16:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/09/11 18:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bait nurb roam real
[2007/07/28 14:20:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/16 21:12:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/07/10 08:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2011/05/13 10:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nL06509CmMdO06509
[2007/09/11 18:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/02/20 16:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Aim
[2010/12/22 20:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Auslogics
[2010/06/23 18:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\AVG9
[2008/01/10 17:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\InterVideo
[2011/01/04 21:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Leadertech
[2008/05/31 01:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\LimeWire
[2005/02/20 15:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\VERITAS
[2007/03/25 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Viewpoint

========== Purity Check ==========



< End of report >

#12 mtong79

mtong79
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 16 May 2011 - 03:07 PM

Jozzi scan could not scan C:\Program Files\WinRAR\rasadhlp.dll file. It said that the file was empty (0 bytes) despite it being 65 KB in Explorer.

AVG does seem to detect it as infected though. SHould I move it to VIrus Vault?

Java temporary files were deleted.

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:09 PM

Posted 16 May 2011 - 03:16 PM

If you right click the file and select Properties from the menu that appears, what can learn about the file?

So long, and thanks for all the fish.

 

 


#14 mtong79

mtong79
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 16 May 2011 - 03:37 PM

Nothing that really stands out. It's 64 KB and was created on Friday May 13th around the same time as the infection. Read-only and Hidden attributes are DISABLED.

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:09 PM

Posted 16 May 2011 - 04:23 PM

I'm never keen on deleting files that I can't positively identify, so right click it and rename it to C:\Program Files\WinRAR\rasadhlp.old - this will disable the file but keep it handy just in case it is legitimate.
Reboot the PC and check that the file still has the .old file extension. If it does then all is well.
If Winrar won't work properly in future, then you can assume that this is a legitimate file and rename it back to .dll and that will sort that.

Let me know if it behaves as it should and then i'll post the last of the tidy-up instructions and you'll be on your way shortly thereafter.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users