Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is sending unauthorized emails to my contacts


  • This topic is locked This topic is locked
15 replies to this topic

#1 dfwood

dfwood

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 20 May 2011 - 05:15 AM

Recently, a few of my Contacts have responded to emails sent from my computer saying that they are unable to open the attchment I have sent to them. I did not knowingly send them anything. How can I make this stop. I don't want to infect others with this problem.

I have run a DDS and GMER scan of the computer as suggested and the results are included below.

DFWood


.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by David Wood at 4:57:43 on 2011-05-20
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2045.1060 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\PCPitstop\PC MaticRT\PCMaticRT.exe
C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Quicken\bagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PCPitstop\Download Nitro\pcpitstop-nitro.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\David Wood\Downloads\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Download Nitro] "c:\program files\pcpitstop\download nitro\pcpitstop-nitro.exe" -autorun
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [<NO NAME>]
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [PC MaticRT] c:\program files\pcpitstop\pc maticrt\PCMaticRT.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B}
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {E856B973-45FD-4559-8F82-EAB539144667}
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15034/CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows\system32\ieframe.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-5-15 31112]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-5-19 37256]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-5-15 21896]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-5-15 15240]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl22efcb90;MpKsl22efcb90;c:\programdata\microsoft\microsoft antimalware\definition updates\{a08d6947-4042-4f11-b8dc-b8942becbbc9}\MpKsl22efcb90.sys [2011-5-20 28752]
R1 MpKsla8b011a2;MpKsla8b011a2;c:\programdata\microsoft\microsoft antimalware\definition updates\{a08d6947-4042-4f11-b8dc-b8942becbbc9}\MpKsla8b011a2.sys [2011-5-20 28752]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-9-7 176128]
R2 BCMNTIO;BCMNTIO;c:\program files\checkit\diagnostics\BCMNTIO.SYS [2004-12-4 3744]
R2 EASEUS Agent;EASEUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2011-5-19 56200]
R2 FAD;FAD;c:\program files\broadcom\bacs\FADXP32.sys [2007-6-20 16352]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MAPMEM;MAPMEM;c:\program files\checkit\diagnostics\MAPMEM.SYS [2004-12-4 3904]
R2 PCPitstop Realtime;PCPitstop Realtime;c:\program files\pcpitstop\pc maticrt\PCPitstopRTService.exe [2011-5-10 382104]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-5-23 90864]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-1-30 69976]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-9-7 6381056]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-9-7 221696]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-8-26 273960]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2010-5-15 188808]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
S3 AllShare;SAMSUNG AllShare Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2010-7-16 6638080]
S3 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
S3 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-6-11 206120]
S3 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-6-11 185640]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-10-28 632792]
.
=============== Created Last 30 ================
.
2011-05-20 08:16:41 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a08d6947-4042-4f11-b8dc-b8942becbbc9}\MpKsl22efcb90.sys
2011-05-20 07:59:08 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a08d6947-4042-4f11-b8dc-b8942becbbc9}\MpKsla8b011a2.sys
2011-05-19 22:10:13 477696 --sha-w- C:\EUMONBMP.SYS
2011-05-19 09:53:58 37256 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-05-19 09:53:45 18824 ----a-w- c:\windows\system32\fbnative.exe
2011-05-19 09:17:24 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a08d6947-4042-4f11-b8dc-b8942becbbc9}\mpengine.dll
2011-05-11 17:24:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-27 22:44:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 22:44:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 22:43:12 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 22:46:11 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-04-22 11:02:40 7071056 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-21 11:20:00 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a043b01f-e3c1-40a8-a9fc-040b9be79896}\gapaengine.dll
2011-04-21 10:55:10 -------- d-----w- c:\program files\Microsoft Security Client
.
==================== Find3M ====================
.
2011-04-22 22:26:10 21896 ----a-w- c:\windows\system32\drivers\eufs.sys
2011-04-22 22:26:08 15240 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-04-22 22:26:06 31112 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-04-22 22:26:04 188808 ----a-w- c:\windows\system32\drivers\eudisk.sys
2011-04-11 00:42:43 249856 ------w- c:\windows\Setup1.exe
2011-04-11 00:42:42 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:24:10 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24:02 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23:59 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23:55 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
============= FINISH: 4:58:48.41 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:26 AM

Posted 28 May 2011 - 05:13 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 dfwood

dfwood
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 28 May 2011 - 03:49 PM

Attached File  ark.txt   10.87KB   0 downloadsElise,

Much as I said in the original post:

Recently, a few of my Contacts have responded to emails sent from my computer saying that they are unable to open the attchment I have sent to them. I did not knowingly send them anything.

This seems to occur when the computer is in sleep mode and is unattended. So to prevent it I have been shutting it down.

How can I make this stop. I don't want to infect others with this problem.

DFWood

The results of the scan that you suggested are included below:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by David Wood at 16:27:33 on 2011-05-28
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2045.817 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\PCPitstop\PC MaticRT\PCMaticRT.exe
C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Quicken\bagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PCPitstop\Download Nitro\pcpitstop-nitro.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\Explorer.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\David Wood\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Download Nitro] "c:\program files\pcpitstop\download nitro\pcpitstop-nitro.exe" -autorun
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [<NO NAME>]
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [PC MaticRT] c:\program files\pcpitstop\pc maticrt\PCMaticRT.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B}
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {E856B973-45FD-4559-8F82-EAB539144667}
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15034/CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows\system32\ieframe.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-5-15 31112]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-5-19 37256]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-5-15 21896]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-5-15 15240]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslcb248916;MpKslcb248916;c:\programdata\microsoft\microsoft antimalware\definition updates\{8e4cc128-e55e-43d5-a9b3-927050a491ee}\MpKslcb248916.sys [2011-5-28 28752]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-9-7 176128]
R2 BCMNTIO;BCMNTIO;c:\program files\checkit\diagnostics\BCMNTIO.SYS [2004-12-4 3744]
R2 FAD;FAD;c:\program files\broadcom\bacs\FADXP32.sys [2007-6-20 16352]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MAPMEM;MAPMEM;c:\program files\checkit\diagnostics\MAPMEM.SYS [2004-12-4 3904]
R2 PCPitstop Realtime;PCPitstop Realtime;c:\program files\pcpitstop\pc maticrt\PCPitstopRTService.exe [2011-5-10 382104]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-5-23 90864]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-1-30 69976]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-9-7 6381056]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-9-7 221696]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-8-26 273960]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2010-5-15 188808]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AllShare;SAMSUNG AllShare Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2010-7-16 6638080]
S3 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 EASEUS Agent;EASEUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2011-5-19 56200]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
S3 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-6-11 206120]
S3 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-6-11 185640]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-10-28 632792]
.
=============== Created Last 30 ================
.
2011-05-28 20:04:10 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8e4cc128-e55e-43d5-a9b3-927050a491ee}\MpKslcb248916.sys
2011-05-28 20:03:35 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8e4cc128-e55e-43d5-a9b3-927050a491ee}\mpengine.dll
2011-05-23 15:21:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-22 21:02:19 -------- d-----w- c:\program files\Snapshot Viewer
2011-05-22 16:34:32 -------- d-----w- c:\program files\Sun
2011-05-22 16:31:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-22 15:00:35 -------- d-----w- c:\users\david wood\appdata\local\Secunia PSI
2011-05-22 15:00:26 -------- d-----w- c:\program files\Secunia
2011-05-21 08:51:01 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-05-21 08:50:54 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3f7bec1d-8169-4d20-bd0e-a892a20db1e4}\gapaengine.dll
2011-05-19 22:10:13 477696 --sha-w- C:\EUMONBMP.SYS
2011-05-19 09:53:58 37256 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-05-19 09:53:45 18824 ----a-w- c:\windows\system32\fbnative.exe
2011-05-11 17:24:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-04-22 22:26:10 21896 ----a-w- c:\windows\system32\drivers\eufs.sys
2011-04-22 22:26:08 15240 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-04-22 22:26:06 31112 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-04-22 22:26:04 188808 ----a-w- c:\windows\system32\drivers\eudisk.sys
2011-04-11 00:42:43 249856 ------w- c:\windows\Setup1.exe
2011-04-11 00:42:42 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35:36 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 16:28:46.57 ===============

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:26 AM

Posted 28 May 2011 - 04:09 PM

Hi, first of all, have you changed your email password(s) and did that solve the problem? If not, do that ASAP and verify it mails are still sent out.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 dfwood

dfwood
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 30 May 2011 - 05:14 AM

Elise,

I have disabled all of the antivirus, etc. programs as directed and tried to run CombiFix several times. It always freezes and fails to complete. It has been left over night and still no success. I have even tried to run it in Safe Mode.

It gets to this message and seems to stop;

"Attempting to create a new System Restore point...

What now?

DFWood

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:26 AM

Posted 30 May 2011 - 05:20 AM

Please try to run this tool:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 dfwood

dfwood
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 30 May 2011 - 03:16 PM

Here is the TDSSkiller log file:

2011/05/30 16:10:59.0655 2424 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 16:11:01.0668 2424 ================================================================================
2011/05/30 16:11:01.0668 2424 SystemInfo:
2011/05/30 16:11:01.0668 2424
2011/05/30 16:11:01.0668 2424 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/30 16:11:01.0668 2424 Product type: Workstation
2011/05/30 16:11:01.0668 2424 ComputerName: 2WOODY2
2011/05/30 16:11:01.0668 2424 UserName: David Wood
2011/05/30 16:11:01.0668 2424 Windows directory: C:\Windows
2011/05/30 16:11:01.0668 2424 System windows directory: C:\Windows
2011/05/30 16:11:01.0668 2424 Processor architecture: Intel x86
2011/05/30 16:11:01.0668 2424 Number of processors: 4
2011/05/30 16:11:01.0668 2424 Page size: 0x1000
2011/05/30 16:11:01.0668 2424 Boot type: Normal boot
2011/05/30 16:11:01.0668 2424 ================================================================================
2011/05/30 16:11:02.0479 2424 Initialize success
2011/05/30 16:11:15.0115 5492 ================================================================================
2011/05/30 16:11:15.0115 5492 Scan started
2011/05/30 16:11:15.0115 5492 Mode: Manual;
2011/05/30 16:11:15.0115 5492 ================================================================================
2011/05/30 16:11:15.0458 5492 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\Windows\system32\DRIVERS\ABP480N5.SYS
2011/05/30 16:11:15.0567 5492 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/30 16:11:15.0630 5492 ADIHdAudAddService (9e5ae3da1956a7825cc5869be3350a96) C:\Windows\system32\drivers\ADIHdAud.sys
2011/05/30 16:11:15.0739 5492 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/30 16:11:15.0786 5492 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/30 16:11:15.0801 5492 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/30 16:11:15.0833 5492 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/30 16:11:15.0926 5492 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/30 16:11:16.0035 5492 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/30 16:11:16.0067 5492 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\Windows\system32\DRIVERS\aha154x.sys
2011/05/30 16:11:16.0113 5492 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\Windows\system32\DRIVERS\aic78u2.sys
2011/05/30 16:11:16.0176 5492 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/30 16:11:16.0207 5492 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/30 16:11:16.0347 5492 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/30 16:11:16.0379 5492 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/30 16:11:16.0441 5492 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/30 16:11:16.0488 5492 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/30 16:11:16.0706 5492 amdkmdag (a350c9c2f0c4bfc6f2d9a717cfff121e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/30 16:11:16.0940 5492 amdkmdap (db533b9594bafb1e882fbb1a3a715993) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/30 16:11:17.0003 5492 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\Windows\system32\DRIVERS\amsint.sys
2011/05/30 16:11:17.0143 5492 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/30 16:11:17.0190 5492 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/30 16:11:17.0252 5492 asc (62d318e9a0c8fc9b780008e724283707) C:\Windows\system32\DRIVERS\asc.sys
2011/05/30 16:11:17.0299 5492 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\Windows\system32\DRIVERS\asc3350p.sys
2011/05/30 16:11:17.0330 5492 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\Windows\system32\DRIVERS\asc3550.sys
2011/05/30 16:11:17.0455 5492 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/30 16:11:17.0533 5492 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/30 16:11:17.0736 5492 atikmdag (a350c9c2f0c4bfc6f2d9a717cfff121e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/30 16:11:17.0985 5492 b57nd60x (1fd21000184a9fe91b14b8b542a301c1) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/30 16:11:18.0110 5492 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2011/05/30 16:11:18.0204 5492 BCMNTIO (90a87d49205b3893281203a477f66fe5) C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS
2011/05/30 16:11:18.0422 5492 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/30 16:11:18.0469 5492 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/30 16:11:18.0547 5492 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/30 16:11:18.0625 5492 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/30 16:11:18.0672 5492 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/30 16:11:18.0719 5492 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/30 16:11:18.0750 5492 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/30 16:11:18.0797 5492 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/30 16:11:18.0843 5492 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/30 16:11:18.0890 5492 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/30 16:11:18.0937 5492 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\Windows\system32\DRIVERS\cd20xrnt.sys
2011/05/30 16:11:18.0953 5492 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/30 16:11:19.0015 5492 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/30 16:11:19.0093 5492 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/30 16:11:19.0155 5492 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/30 16:11:19.0296 5492 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/30 16:11:19.0311 5492 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/05/30 16:11:19.0358 5492 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\Windows\system32\DRIVERS\cpqarray.sys
2011/05/30 16:11:19.0405 5492 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/30 16:11:19.0436 5492 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/30 16:11:19.0530 5492 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/05/30 16:11:19.0577 5492 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\Windows\system32\DRIVERS\dac2w2k.sys
2011/05/30 16:11:19.0608 5492 dac960nt (683789caa3864eb46125ae86ff677d34) C:\Windows\system32\DRIVERS\dac960nt.sys
2011/05/30 16:11:19.0764 5492 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/30 16:11:19.0857 5492 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/30 16:11:19.0920 5492 DLABMFSM (a0500678a33802d8954153839301d539) C:\Windows\system32\Drivers\DLABMFSM.SYS
2011/05/30 16:11:19.0982 5492 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\Windows\system32\Drivers\DLABOIOM.SYS
2011/05/30 16:11:20.0013 5492 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\Windows\system32\Drivers\DLACDBHM.SYS
2011/05/30 16:11:20.0029 5492 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\Windows\system32\Drivers\DLADResM.SYS
2011/05/30 16:11:20.0045 5492 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\Windows\system32\Drivers\DLAIFS_M.SYS
2011/05/30 16:11:20.0076 5492 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\Windows\system32\Drivers\DLAOPIOM.SYS
2011/05/30 16:11:20.0091 5492 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\Windows\system32\Drivers\DLAPoolM.SYS
2011/05/30 16:11:20.0123 5492 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\Windows\system32\Drivers\DLARTL_M.SYS
2011/05/30 16:11:20.0138 5492 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\Windows\system32\Drivers\DLAUDFAM.SYS
2011/05/30 16:11:20.0154 5492 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\Windows\system32\Drivers\DLAUDF_M.SYS
2011/05/30 16:11:20.0216 5492 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\Windows\system32\DRIVERS\dpti2o.sys
2011/05/30 16:11:20.0294 5492 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/30 16:11:20.0372 5492 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\Windows\system32\Drivers\DRVMCDB.SYS
2011/05/30 16:11:20.0388 5492 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\Windows\system32\Drivers\DRVNDDM.SYS
2011/05/30 16:11:20.0466 5492 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/30 16:11:20.0559 5492 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/30 16:11:20.0653 5492 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/30 16:11:20.0747 5492 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/30 16:11:20.0793 5492 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/30 16:11:20.0856 5492 EUBAKUP (9676946b540927b6f09172f038958080) C:\Windows\system32\drivers\eubakup.sys
2011/05/30 16:11:20.0903 5492 EUBKMON (ef14cd9da91de10adad99141d9fa44be) C:\Windows\system32\drivers\EUBKMON.sys
2011/05/30 16:11:20.0918 5492 EuDisk (e1f91f0d67a2e1b3e1112e812abdd039) C:\Windows\system32\drivers\eudisk.sys
2011/05/30 16:11:20.0949 5492 EUDSKACS (b430d67fac922d9c27ec17480e2ced69) C:\Windows\system32\drivers\eudskacs.sys
2011/05/30 16:11:21.0012 5492 EUFS (f85fa67e8cdefa256673345e348afc37) C:\Windows\system32\drivers\eufs.sys
2011/05/30 16:11:21.0105 5492 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/30 16:11:21.0293 5492 FAD (aa43f18605a6e62427427a7a555e7721) C:\Program Files\Broadcom\BACS\FADXP32.sys
2011/05/30 16:11:21.0527 5492 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/30 16:11:21.0636 5492 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/30 16:11:21.0683 5492 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/30 16:11:21.0745 5492 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/30 16:11:21.0807 5492 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/30 16:11:21.0901 5492 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/30 16:11:21.0995 5492 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/30 16:11:22.0073 5492 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/30 16:11:22.0104 5492 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/30 16:11:22.0197 5492 GoProto (3800262165ce4a2b9d1ed09e2bce3e9c) C:\WINDOWS\system32\Drivers\goprot51.sys
2011/05/30 16:11:22.0291 5492 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/30 16:11:22.0385 5492 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/30 16:11:22.0478 5492 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/30 16:11:22.0509 5492 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/30 16:11:22.0619 5492 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/30 16:11:22.0712 5492 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/30 16:11:22.0759 5492 hpn (b028377dea0546a5fcfba928a8aefae0) C:\Windows\system32\DRIVERS\hpn.sys
2011/05/30 16:11:22.0853 5492 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/30 16:11:22.0884 5492 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/30 16:11:22.0946 5492 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/30 16:11:23.0024 5492 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
2011/05/30 16:11:23.0071 5492 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/30 16:11:23.0118 5492 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/30 16:11:23.0180 5492 ini910u (4a40e045faee58631fd8d91afc620719) C:\Windows\system32\DRIVERS\ini910u.sys
2011/05/30 16:11:23.0211 5492 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/30 16:11:23.0258 5492 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/30 16:11:23.0305 5492 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/30 16:11:23.0383 5492 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/30 16:11:23.0430 5492 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/30 16:11:23.0461 5492 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/30 16:11:23.0508 5492 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/30 16:11:23.0586 5492 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/30 16:11:23.0633 5492 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/30 16:11:23.0679 5492 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/30 16:11:23.0726 5492 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/30 16:11:23.0804 5492 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/30 16:11:23.0898 5492 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/30 16:11:24.0038 5492 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/30 16:11:24.0101 5492 LHidUsbK (6d3730e50f5dc7ae22843a0fa6176d41) C:\Windows\system32\Drivers\LHidUsbK.Sys
2011/05/30 16:11:24.0179 5492 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/30 16:11:24.0257 5492 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/05/30 16:11:24.0381 5492 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/30 16:11:24.0413 5492 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/30 16:11:24.0491 5492 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/30 16:11:24.0522 5492 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/30 16:11:24.0647 5492 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/05/30 16:11:24.0818 5492 MAPMEM (61330a29bd4230505a7618bc41693cbb) C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS
2011/05/30 16:11:25.0052 5492 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/30 16:11:25.0193 5492 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/30 16:11:25.0286 5492 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/30 16:11:25.0333 5492 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/30 16:11:25.0395 5492 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/30 16:11:25.0427 5492 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/30 16:11:25.0489 5492 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/30 16:11:25.0551 5492 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/05/30 16:11:25.0583 5492 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/30 16:11:25.0863 5492 MpKsla8959e2d (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D2769CF-892E-4C0D-A1F9-4A68143E9876}\MpKsla8959e2d.sys
2011/05/30 16:11:26.0066 5492 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/05/30 16:11:26.0191 5492 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/30 16:11:26.0269 5492 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/30 16:11:26.0456 5492 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2011/05/30 16:11:26.0472 5492 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/05/30 16:11:26.0675 5492 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/30 16:11:26.0721 5492 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/30 16:11:26.0753 5492 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/30 16:11:26.0784 5492 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/30 16:11:26.0846 5492 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/30 16:11:26.0877 5492 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/30 16:11:26.0909 5492 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/30 16:11:27.0096 5492 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/30 16:11:27.0236 5492 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/30 16:11:27.0330 5492 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/30 16:11:27.0377 5492 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/30 16:11:27.0455 5492 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/30 16:11:27.0548 5492 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/30 16:11:27.0579 5492 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/30 16:11:27.0657 5492 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/30 16:11:27.0751 5492 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/30 16:11:27.0845 5492 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/30 16:11:27.0938 5492 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/30 16:11:27.0969 5492 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/30 16:11:28.0032 5492 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/30 16:11:28.0047 5492 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/30 16:11:28.0094 5492 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/30 16:11:28.0157 5492 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/30 16:11:28.0250 5492 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/30 16:11:28.0297 5492 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/05/30 16:11:28.0375 5492 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/30 16:11:28.0547 5492 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/30 16:11:28.0640 5492 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/30 16:11:28.0734 5492 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/30 16:11:28.0765 5492 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/30 16:11:28.0827 5492 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/30 16:11:28.0874 5492 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/30 16:11:28.0905 5492 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/30 16:11:29.0030 5492 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/30 16:11:29.0124 5492 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/05/30 16:11:29.0217 5492 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/30 16:11:29.0249 5492 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/30 16:11:29.0342 5492 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/30 16:11:29.0389 5492 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/30 16:11:29.0467 5492 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/30 16:11:29.0545 5492 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/30 16:11:29.0654 5492 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/30 16:11:29.0701 5492 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/30 16:11:29.0810 5492 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/30 16:11:29.0857 5492 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/30 16:11:29.0904 5492 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\Windows\system32\DRIVERS\ql1080.sys
2011/05/30 16:11:29.0951 5492 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\Windows\system32\DRIVERS\ql10wnt.sys
2011/05/30 16:11:29.0997 5492 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\Windows\system32\DRIVERS\ql12160.sys
2011/05/30 16:11:30.0044 5492 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\Windows\system32\DRIVERS\ql1240.sys
2011/05/30 16:11:30.0075 5492 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\Windows\system32\DRIVERS\ql1280.sys
2011/05/30 16:11:30.0185 5492 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/30 16:11:30.0247 5492 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/30 16:11:30.0309 5492 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/30 16:11:30.0356 5492 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/30 16:11:30.0403 5492 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/30 16:11:30.0481 5492 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/30 16:11:30.0559 5492 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/30 16:11:30.0637 5492 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/30 16:11:30.0715 5492 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/30 16:11:30.0793 5492 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/05/30 16:11:30.0809 5492 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/30 16:11:30.0949 5492 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/30 16:11:31.0027 5492 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
2011/05/30 16:11:31.0074 5492 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/30 16:11:31.0292 5492 sbapifs (29658f5353d5b73ca514a784e6aac54e) C:\Windows\system32\DRIVERS\sbapifs.sys
2011/05/30 16:11:31.0308 5492 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/30 16:11:31.0479 5492 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/30 16:11:31.0620 5492 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/30 16:11:31.0667 5492 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/05/30 16:11:31.0745 5492 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/30 16:11:31.0791 5492 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/30 16:11:31.0807 5492 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/30 16:11:31.0823 5492 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/30 16:11:31.0854 5492 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/30 16:11:31.0885 5492 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/30 16:11:31.0979 5492 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/30 16:11:32.0025 5492 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/30 16:11:32.0119 5492 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/30 16:11:32.0228 5492 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\Windows\system32\DRIVERS\sparrow.sys
2011/05/30 16:11:32.0353 5492 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/30 16:11:32.0415 5492 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/30 16:11:32.0462 5492 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/30 16:11:32.0540 5492 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/30 16:11:32.0696 5492 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/05/30 16:11:32.0790 5492 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/30 16:11:32.0852 5492 symc810 (1ff3217614018630d0a6758630fc698c) C:\Windows\system32\DRIVERS\symc810.sys
2011/05/30 16:11:32.0930 5492 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/30 16:11:32.0977 5492 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/30 16:11:33.0008 5492 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/30 16:11:33.0180 5492 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/05/30 16:11:33.0273 5492 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/30 16:11:33.0320 5492 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/30 16:11:33.0398 5492 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/30 16:11:33.0445 5492 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/30 16:11:33.0523 5492 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/30 16:11:33.0617 5492 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/30 16:11:33.0726 5492 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/30 16:11:33.0757 5492 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/30 16:11:33.0835 5492 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/30 16:11:33.0882 5492 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/30 16:11:33.0975 5492 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/30 16:11:34.0069 5492 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/30 16:11:34.0116 5492 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/30 16:11:34.0178 5492 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/30 16:11:34.0209 5492 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/30 16:11:34.0272 5492 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\Windows\system32\DRIVERS\ultra.sys
2011/05/30 16:11:34.0350 5492 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/30 16:11:34.0428 5492 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/30 16:11:34.0553 5492 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/30 16:11:34.0646 5492 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/30 16:11:34.0724 5492 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/30 16:11:34.0802 5492 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/30 16:11:34.0865 5492 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/30 16:11:34.0943 5492 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/30 16:11:35.0067 5492 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/30 16:11:35.0145 5492 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/30 16:11:35.0192 5492 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/30 16:11:35.0239 5492 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/30 16:11:35.0286 5492 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/30 16:11:35.0333 5492 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/30 16:11:35.0348 5492 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/30 16:11:35.0379 5492 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/30 16:11:35.0442 5492 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/30 16:11:35.0520 5492 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/30 16:11:35.0598 5492 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/30 16:11:35.0629 5492 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/30 16:11:35.0660 5492 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 16:11:35.0676 5492 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 16:11:35.0769 5492 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/30 16:11:35.0832 5492 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/30 16:11:35.0988 5492 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/30 16:11:36.0081 5492 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/30 16:11:36.0175 5492 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/30 16:11:36.0237 5492 WudfPf (13b5f255e90624a5ba0441d39cfb6be2) C:\Windows\system32\DRIVERS\WudfPf.sys
2011/05/30 16:11:36.0284 5492 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\wudfrd.sys
2011/05/30 16:11:36.0315 5492 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/05/30 16:11:36.0331 5492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/05/30 16:11:36.0331 5492 ================================================================================
2011/05/30 16:11:36.0331 5492 Scan finished
2011/05/30 16:11:36.0331 5492 ================================================================================
2011/05/30 16:11:36.0347 4524 Detected object count: 0
2011/05/30 16:11:36.0347 4524 Actual detected object count: 0
2011/05/30 16:12:47.0155 5416 Deinitialize success


Thanks for the help!

DFWood

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:26 AM

Posted 30 May 2011 - 03:18 PM

Press Windows key + R and type combofix /killall and press enter. Does it run that way?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 dfwood

dfwood
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 31 May 2011 - 07:16 PM

Elise,

Same result. It freezes at the Attemping to create a System Restore message.

DFWood

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:26 AM

Posted 01 June 2011 - 07:31 AM

Please download a new copy of combofix (delete the old one!), right click it and select Rename. Rename Combofix.exe to Random.exe and try to run it like that.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 dfwood

dfwood
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 04 June 2011 - 03:29 AM

Elise,

As directed, I renamed it to Random.exe and it finally ran. After starting the program I got a message asking me if I wanted to download an update to the program. I declined to do so, since I had just downloaded and renamed the program before running it. Hope that was a good choice.

This ran overnight and I had to reboot to produce the log file and get my desktop back. Hope that wasn't a bad move.

Here is the log file:




ComboFix 11-06-03.02 - David Wood 06/03/2011 19:49:07.3.4 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2045.996 [GMT -4:00]
Running from: c:\users\David Wood\Desktop\Random.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David Wood\Desktop\Search.lnk
c:\users\David Wood\WINDOWS
c:\windows\command
c:\windows\command\SCANDISK.INI
c:\windows\inf\internet
c:\windows\system\Drivers
c:\windows\system\Drivers\MrtRate.sys
c:\windows\system32\regobj.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FAD
-------\Service_FAD
.
.
((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-04 00:00 . 2011-06-04 08:06 -------- d-----w- c:\users\David Wood\AppData\Local\temp
2011-06-04 00:00 . 2011-06-04 00:00 -------- d-----w- c:\users\Jean Santarelli\AppData\Local\temp
2011-06-04 00:00 . 2011-06-04 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-04 00:00 . 2011-06-04 00:00 -------- d-----w- c:\users\amandabackup\AppData\Local\temp
2011-06-04 00:00 . 2011-06-04 00:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-06-03 23:43 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{911D5679-B2CB-47E6-A0BF-CDD0286FAEB7}\mpengine.dll
2011-06-03 10:33 . 2011-06-03 10:33 -------- dc----w- C:\Random
2011-05-23 20:57 . 2011-05-23 20:57 -------- d-----w- c:\users\Administrator\AppData\Roaming\Nolo
2011-05-23 20:57 . 2011-05-23 20:57 -------- d-----w- c:\users\Administrator\AppData\Local\Quicken WillMaker Plus 2011
2011-05-23 15:21 . 2011-05-23 15:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-22 21:02 . 2011-05-22 21:02 -------- d-----w- c:\program files\Snapshot Viewer
2011-05-22 16:34 . 2011-05-22 16:34 -------- d-----w- c:\program files\Sun
2011-05-22 16:31 . 2011-05-22 16:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-22 15:00 . 2011-05-22 15:00 -------- d-----w- c:\users\David Wood\AppData\Local\Secunia PSI
2011-05-22 15:00 . 2011-05-22 15:00 -------- d-----w- c:\program files\Secunia
2011-05-21 08:51 . 2011-04-21 11:19 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-05-21 08:50 . 2011-04-21 11:19 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F7BEC1D-8169-4D20-BD0E-A892A20DB1E4}\gapaengine.dll
2011-05-19 22:10 . 2011-05-19 22:10 477696 --sha-w- C:\EUMONBMP.SYS
2011-05-19 09:53 . 2011-04-22 22:26 37256 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-05-19 09:53 . 2011-04-22 22:26 18824 ----a-w- c:\windows\system32\fbnative.exe
2011-05-11 17:24 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2009-11-26 13:59 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2009-11-26 13:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-09 20:46 . 2011-04-22 11:02 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-22 22:26 . 2010-05-15 16:24 21896 ----a-w- c:\windows\system32\drivers\eufs.sys
2011-04-22 22:26 . 2010-05-15 16:23 15240 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-04-22 22:26 . 2010-05-15 16:23 31112 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-04-22 22:26 . 2010-05-15 16:23 188808 ----a-w- c:\windows\system32\drivers\eudisk.sys
2011-04-11 07:04 . 2011-04-19 22:13 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FC893F0-C451-4987-88F5-A058E715C9F3}\mpengine.dll
2011-04-11 00:42 . 2005-04-23 05:38 249856 ------w- c:\windows\Setup1.exe
2011-04-11 00:42 . 2011-04-09 12:23 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-29 11:00 . 2011-03-29 11:00 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-29 11:00 . 2011-03-29 11:00 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-29 11:00 . 2011-03-29 11:00 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-29 11:00 . 2011-03-29 11:00 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-29 11:00 . 2011-03-29 11:00 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-29 11:00 . 2011-03-29 11:00 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-29 11:00 . 2011-03-29 11:00 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-29 11:00 . 2011-03-29 11:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-29 11:00 . 2011-03-29 11:00 367104 ----a-w- c:\windows\system32\html.iec
2011-03-29 11:00 . 2011-03-29 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-29 11:00 . 2011-03-29 11:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-29 11:00 . 2011-03-29 11:00 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-29 11:00 . 2011-03-29 11:00 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-03-29 11:00 . 2011-03-29 11:00 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-29 11:00 . 2011-03-29 11:00 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-29 11:00 . 2011-03-29 11:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-29 11:00 . 2011-03-29 11:00 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-29 11:00 . 2011-03-29 11:00 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-29 11:00 . 2011-03-29 11:00 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-29 11:00 . 2011-03-29 11:00 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-29 11:00 . 2011-03-29 11:00 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-12 21:55 . 2011-04-27 22:43 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 22:00 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 22:00 1136640 ----a-w- c:\windows\system32\mfc42.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"QuickenScheduledUpdates"="c:\program files\Quicken\bagent.exe" [2011-03-10 77656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Download Nitro"="c:\program files\PCPitstop\Download Nitro\pcpitstop-nitro.exe" [2011-05-31 3593424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-06-11 206120]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-09-11 128232]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"EaseUs Watch"="c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe" [2011-04-22 69000]
"EaseUs Tray"="c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe" [2011-04-26 733576]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Speed racer"="c:\program files\Creative\PlayCenter\CTSRReg.exe" [1999-11-16 5632]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-26 17920]
"PC MaticRT"="c:\program files\PCPitstop\PC MaticRT\PCMaticRT.exe" [2011-05-10 667800]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-3 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 17:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
"CCALib8"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"MDM"=2 (0x2)
"RemoteRegistry"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 MpKsl22efcb90;MpKsl22efcb90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A08D6947-4042-4F11-B8DC-B8942BECBBC9}\MpKsl22efcb90.sys [x]
R1 MpKsl2b8b0832;MpKsl2b8b0832;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{611E9857-3EA4-45AF-8D62-A1FD6F2743AC}\MpKsl2b8b0832.sys [x]
R1 MpKsl91c6d969;MpKsl91c6d969;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D2769CF-892E-4C0D-A1F9-4A68143E9876}\MpKsl91c6d969.sys [x]
R1 MpKsla805a4dc;MpKsla805a4dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A4859414-92D6-43B7-82E4-FE530FDBA8D1}\MpKsla805a4dc.sys [x]
R1 MpKslae7705b5;MpKslae7705b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED557978-C488-479D-8235-18C82DDBBEA5}\MpKslae7705b5.sys [x]
R1 MpKslcc55fda1;MpKslcc55fda1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA57CB09-7E8E-4B6A-A5A9-7BA43E4218D1}\MpKslcc55fda1.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 136176]
R3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R3 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2007-06-20 79168]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 EASEUS Agent;EASEUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [2011-04-22 56200]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2010-06-11 206120]
R3 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2010-06-11 185640]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-04-22 31112]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-04-22 37256]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-04-22 21896]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-04-22 15240]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 176128]
S2 BCMNTIO;BCMNTIO;c:\program files\CheckIt\Diagnostics\BCMNTIO.SYS [2004-03-05 3744]
S2 MAPMEM;MAPMEM;c:\program files\CheckIt\Diagnostics\MAPMEM.SYS [2004-03-05 3904]
S2 PCPitstop Realtime;PCPitstop Realtime;c:\program files\PCPitstop\PC MaticRT\PCPitstopRTService.exe [2011-05-10 382104]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2010-10-13 90864]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-12-13 632792]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2010-06-14 69976]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 6381056]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 221696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-08-26 273960]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2011-04-22 188808]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - bdfsfltr
*Deregistered* - bdftdif
*Deregistered* - BDSelfPr
*Deregistered* - Profos
*Deregistered* - Trufos
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
dot3svc REG_MULTI_SZ dot3svc
eapsvcs REG_MULTI_SZ eaphost
WudfServiceGroup REG_MULTI_SZ WUDFSvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ sysagent
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 21:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 14:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 19:38]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 19:38]
.
2008-10-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2008-01-21 02:21]
.
2011-06-04 c:\windows\Tasks\User_Feed_Synchronization-{9EC8570E-45EB-4E2A-83C4-A082E3CBA561}.job
- c:\windows\system32\msfeedssync.exe [2011-03-29 11:00]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 71.242.0.12 71.250.0.12
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-ATIModeChange - Ati2mdxx.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-2367154087.www1.movie-promo.com - c:\program files\Microsoft Silverlight\4.0.51204.0\Silverlight.Configuration.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
EaseUs Tray = "c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe"?????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3672)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\System32\CTHELPER.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-06-04 04:14:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-04 08:14
ComboFix2.txt 2008-07-26 17:28
.
Pre-Run: 170,232,012,800 bytes free
Post-Run: 169,702,866,944 bytes free
.
- - End Of File - - 908F2E00CD27A45169556F03B33916B9




Thanks for the help.

DFWood

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:26 AM

Posted 04 June 2011 - 08:37 AM

Hi, how are things running at this point? What problems do you still have left?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 dfwood

dfwood
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 04 June 2011 - 12:35 PM

I guess that I'll have to wait and see if there are any more unauthorized emails sent. Thanks for the help and have a great day :thumbsup:

DFWood

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:26 AM

Posted 04 June 2011 - 12:43 PM

Okay, give it a day or two and let me know if email is still being sent.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:26 AM

Posted 07 June 2011 - 01:51 PM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users