Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant attacks from possibly malicious websites


  • This topic is locked This topic is locked
63 replies to this topic

#1 soloviola7871

soloviola7871

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 21 May 2011 - 03:46 PM

Hi all, my computer at work is extremely slow and is bombarded by attacks from what Malwarebytes calls possibly malicious websites.

00:04:03 Managers IP-BLOCK 212.117.160.204 (Type: outgoing)
00:04:12 Managers IP-BLOCK 188.40.69.203 (Type: outgoing)
00:08:45 Managers IP-BLOCK 98.142.248.182 (Type: incoming)
00:18:00 Managers IP-BLOCK 121.10.137.49 (Type: incoming)
00:18:00 Managers IP-BLOCK 121.10.137.49 (Type: incoming)
00:20:52 Managers IP-BLOCK 116.111.184.117 (Type: outgoing)
00:30:54 Managers IP-BLOCK 83.128.38.105 (Type: incoming)
01:03:45 Managers IP-BLOCK 194.165.0.6 (Type: outgoing)
01:03:53 Managers IP-BLOCK 222.76.133.71 (Type: outgoing)
01:29:33 Managers IP-BLOCK 58.240.74.235 (Type: incoming)
01:40:57 Managers IP-BLOCK 58.240.198.144 (Type: incoming)
01:51:07 Managers IP-BLOCK 89.28.96.102 (Type: incoming)
02:03:43 Managers IP-BLOCK 89.28.22.122 (Type: outgoing)
02:09:29 Managers IP-BLOCK 193.138.237.38 (Type: incoming)
02:17:21 Managers IP-BLOCK 206.53.53.142 (Type: outgoing)
02:18:13 Managers IP-BLOCK 59.34.2.162 (Type: outgoing)
02:24:51 Managers IP-BLOCK 188.130.177.20 (Type: incoming)
02:33:09 Managers IP-BLOCK 220.248.225.227 (Type: outgoing)
02:48:17 Managers IP-BLOCK 121.10.137.49 (Type: incoming)
03:03:51 Managers IP-BLOCK 212.113.33.128 (Type: outgoing)
03:03:53 Managers IP-BLOCK 58.240.74.235 (Type: incoming)
03:04:46 Managers IP-BLOCK 89.28.89.68 (Type: outgoing)
03:16:03 Managers IP-BLOCK 77.78.241.201 (Type: incoming)
03:18:11 Managers IP-BLOCK 121.10.137.49 (Type: incoming)
03:22:08 Managers IP-BLOCK 62.45.170.210 (Type: incoming)
03:33:08 Managers IP-BLOCK 83.128.121.51 (Type: outgoing)
03:40:01 Managers IP-BLOCK 195.242.152.40 (Type: incoming)
03:46:05 Managers IP-BLOCK 222.71.43.198 (Type: incoming)
03:46:08 Managers IP-BLOCK 89.28.42.120 (Type: incoming)
03:47:59 Managers IP-BLOCK 222.69.210.159 (Type: outgoing)
03:48:17 Managers IP-BLOCK 188.130.177.2 (Type: outgoing)
03:48:47 Managers IP-BLOCK 121.10.137.49 (Type: incoming)
03:48:48 Managers IP-BLOCK 121.10.137.49 (Type: incoming)
03:54:14 Managers IP-BLOCK 62.45.96.250 (Type: incoming)
04:08:30 Managers IP-BLOCK 195.161.25.72 (Type: incoming)
04:13:26 Managers IP-BLOCK 222.186.12.221 (Type: incoming)
04:18:53 Managers IP-BLOCK 121.10.137.49 (Type: incoming)
04:33:08 Managers IP-BLOCK 212.117.166.94 (Type: outgoing)
04:34:02 Managers IP-BLOCK 188.130.177.8 (Type: incoming)
04:35:20 Managers IP-BLOCK 62.45.204.141 (Type: incoming)
05:15:33 Managers IP-BLOCK 58.241.67.69 (Type: incoming)
05:15:57 Managers IP-BLOCK 218.8.172.123 (Type: incoming)
05:15:58 Managers IP-BLOCK 218.8.172.123 (Type: incoming)
05:20:31 Managers IP-BLOCK 218.8.172.123 (Type: incoming)
05:29:20 Managers IP-BLOCK 195.161.7.61 (Type: outgoing)
05:30:54 Managers IP-BLOCK 89.28.17.130 (Type: incoming)
05:32:23 Managers IP-BLOCK 222.70.16.62 (Type: incoming)
05:36:41 Managers IP-BLOCK 218.8.172.123 (Type: incoming)
05:36:42 Managers IP-BLOCK 218.8.172.123 (Type: incoming)
05:43:20 Managers IP-BLOCK 58.241.135.232 (Type: incoming)
05:43:39 Managers IP-BLOCK 58.241.135.232 (Type: incoming)
05:43:40 Managers IP-BLOCK 58.241.135.232 (Type: incoming)
05:43:48 Managers IP-BLOCK 58.241.135.232 (Type: incoming)
05:43:49 Managers IP-BLOCK 58.241.135.232 (Type: incoming)
05:44:15 Managers IP-BLOCK 58.241.135.232 (Type: incoming)
05:44:16 Managers IP-BLOCK 58.241.135.232 (Type: incoming)
05:45:28 Managers IP-BLOCK 89.28.111.131 (Type: outgoing)
05:47:12 Managers IP-BLOCK 218.8.172.123 (Type: incoming)
05:51:36 Managers IP-BLOCK 218.8.172.123 (Type: incoming)
05:56:48 Managers IP-BLOCK 218.8.172.123 (Type: incoming)
05:59:00 Managers IP-BLOCK 83.128.82.121 (Type: outgoing)
05:59:56 Managers IP-BLOCK 62.45.4.213 (Type: outgoing)
06:02:56 Managers IP-BLOCK 109.235.55.22 (Type: incoming)
06:10:20 Managers IP-BLOCK 58.241.112.188 (Type: incoming)
06:47:38 Managers IP-BLOCK 218.8.172.123 (Type: incoming)
06:58:56 Managers IP-BLOCK 218.8.172.123 (Type: incoming)
06:59:00 Managers IP-BLOCK 218.8.172.123 (Type: incoming)
07:04:34 Managers IP-BLOCK 89.28.111.131 (Type: incoming)
07:11:20 Managers IP-BLOCK 89.28.42.85 (Type: outgoing)
07:12:11 Managers IP-BLOCK 62.45.165.125 (Type: outgoing)
07:19:14 Managers IP-BLOCK 121.10.120.182 (Type: incoming)
07:19:23 Managers IP-BLOCK 121.10.120.182 (Type: incoming)
07:19:23 Managers IP-BLOCK 121.10.120.182 (Type: incoming)
07:33:56 Managers IP-BLOCK 218.7.209.45 (Type: incoming)
07:35:16 Managers IP-BLOCK 218.7.209.45 (Type: incoming)
07:35:17 Managers IP-BLOCK 218.7.209.45 (Type: incoming)
07:35:26 Managers IP-BLOCK 218.7.209.45 (Type: incoming)
07:35:27 Managers IP-BLOCK 218.7.209.45 (Type: incoming)
07:36:45 Managers IP-BLOCK 218.7.209.45 (Type: incoming)
07:36:46 Managers IP-BLOCK 218.7.209.45 (Type: incoming)
07:37:51 Managers IP-BLOCK 218.7.209.45 (Type: incoming)
07:37:52 Managers IP-BLOCK 218.7.209.45 (Type: incoming)
07:37:57 Managers IP-BLOCK 218.7.209.45 (Type: incoming)
07:37:58 Managers IP-BLOCK 218.7.209.45 (Type: incoming)
07:39:32 Managers IP-BLOCK 212.117.175.92 (Type: outgoing)
07:39:41 Managers IP-BLOCK 77.78.219.12 (Type: outgoing)
07:48:40 Managers IP-BLOCK 188.130.177.20 (Type: incoming)
08:08:59 Managers IP-BLOCK 89.28.16.146 (Type: incoming)
08:10:39 Managers IP-BLOCK 220.248.233.142 (Type: incoming)
08:10:57 Managers IP-BLOCK 220.248.233.142 (Type: incoming)
08:14:46 Managers IP-BLOCK 89.28.110.32 (Type: incoming)
08:20:34 Managers IP-BLOCK 222.71.84.20 (Type: incoming)
08:26:24 Managers IP-BLOCK 219.153.135.227 (Type: outgoing)
08:27:03 Managers IP-BLOCK 89.28.111.131 (Type: outgoing)
08:41:23 Managers IP-BLOCK 222.70.180.215 (Type: incoming)
08:53:47 Managers IP-BLOCK 89.28.110.66 (Type: incoming)
08:56:23 Managers IP-BLOCK 222.71.68.252 (Type: outgoing)
08:56:26 Managers IP-BLOCK 221.224.83.66 (Type: outgoing)
09:04:57 Managers IP-BLOCK 89.28.87.176 (Type: incoming)
09:18:30 Managers IP-BLOCK 121.10.120.182 (Type: incoming)
09:25:15 Managers IP-BLOCK 218.9.243.47 (Type: outgoing)
09:25:37 Managers IP-BLOCK 193.138.245.74 (Type: incoming)
09:26:34 Managers IP-BLOCK 62.45.182.91 (Type: incoming)
09:29:11 Managers IP-BLOCK 218.9.120.185 (Type: incoming)
09:40:45 Managers IP-BLOCK 218.9.120.118 (Type: incoming)
09:40:46 Managers IP-BLOCK 218.9.120.118 (Type: incoming)
09:41:11 Managers IP-BLOCK 218.9.120.118 (Type: incoming)
09:41:12 Managers IP-BLOCK 218.9.120.118 (Type: incoming)
09:50:14 Managers IP-BLOCK 194.165.0.81 (Type: incoming)
09:55:28 Managers IP-BLOCK 89.28.99.13 (Type: outgoing)
09:56:22 Managers IP-BLOCK 222.70.165.219 (Type: outgoing)
10:08:45 Managers IP-BLOCK 89.28.95.224 (Type: incoming)
10:15:13 Managers MESSAGE Scheduled update executed successfully
10:15:16 Managers MESSAGE IP Protection stopped
10:16:56 Managers MESSAGE Database updated successfully
10:17:08 Managers MESSAGE IP Protection started successfully
11:10:34 Managers IP-BLOCK 89.28.75.123 (Type: incoming)
11:25:21 Managers IP-BLOCK 91.188.43.98 (Type: outgoing)
12:22:44 Managers IP-BLOCK 188.129.179.34 (Type: outgoing)
13:05:48 Managers IP-BLOCK 62.45.88.12 (Type: incoming)
13:19:29 Managers IP-BLOCK 87.248.167.132 (Type: incoming)
13:20:55 Managers IP-BLOCK 89.28.94.200 (Type: outgoing)
13:35:15 Managers IP-BLOCK 222.64.134.63 (Type: outgoing)
13:51:44 Managers IP-BLOCK 89.28.6.194 (Type: outgoing)
13:56:43 Managers IP-BLOCK 89.28.41.130 (Type: incoming)
14:18:02 (null) MESSAGE Protection started successfully
14:30:14 Managers MESSAGE Protection started successfully
14:30:42 Managers MESSAGE IP Protection started successfully
14:31:16 Managers IP-BLOCK 218.10.191.102 (Type: outgoing)
14:48:08 Managers IP-BLOCK 89.28.121.115 (Type: outgoing)
14:52:05 Managers IP-BLOCK 188.130.176.5 (Type: incoming)
15:04:04 Managers IP-BLOCK 62.45.204.197 (Type: outgoing)
15:20:16 Managers IP-BLOCK 58.241.242.218 (Type: outgoing)


Here are all the logs. Any help on what to remove would be tremendously appreciated. Thanks!

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Managers at 12:42:25 on 2011-05-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.74 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ESDUSBMon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\EpStsSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Retail Management System\Store Operations\SOPOSUSER.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Managers\Desktop\Downloads\Defogger.exe
C:\Documents and Settings\Managers\Desktop\Downloads\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 255.255.255.0:80
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [BIBLauncher] c:\program files\business-in-a-box\BIBLauncher.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ESDUSBMon.exe] c:\windows\system32\ESDUSBMon.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} - hxxp://192.168.0.252/JpegInst.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} - hxxp://ncmpls.viewnetcam.com/MpegInst.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\managers\application data\mozilla\firefox\profiles\45c00aqb.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: network.proxy.ftp - 255.255.255.0
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 255.255.255.0
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 255.255.255.0
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 255.255.255.0
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 255.255.255.0
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl2aa6fc7e;MpKsl2aa6fc7e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1129f935-73c1-41d2-a229-3d18acb8936a}\MpKsl2aa6fc7e.sys [2011-5-20 28752]
R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
R2 Esdpdx01;Esdpdx01;c:\windows\system32\drivers\ESDPDX01.SYS [2006-5-11 95485]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-17 363344]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\linksys\wusb300n\WLService.exe [2007-11-19 53307]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-17 20952]
S1 MpKsl0ba4fb8c;MpKsl0ba4fb8c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d226a908-a890-4dd3-b970-b8f989358b5d}\mpksl0ba4fb8c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d226a908-a890-4dd3-b970-b8f989358b5d}\MpKsl0ba4fb8c.sys [?]
S1 MpKsl61b5b997;MpKsl61b5b997;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1543747-310e-4e73-acef-284121a5c12d}\mpksl61b5b997.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1543747-310e-4e73-acef-284121a5c12d}\MpKsl61b5b997.sys [?]
S1 MpKsl91722e66;MpKsl91722e66;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5272437-f7e3-4893-8b69-d5127f93fdbb}\mpksl91722e66.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5272437-f7e3-4893-8b69-d5127f93fdbb}\MpKsl91722e66.sys [?]
S1 MpKslc1bc5a5d;MpKslc1bc5a5d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c074c435-e7dc-48f9-8e5b-40083b057c1e}\mpkslc1bc5a5d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c074c435-e7dc-48f9-8e5b-40083b057c1e}\MpKslc1bc5a5d.sys [?]
S1 MpKslc3573337;MpKslc3573337;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e2aa4cfa-707a-445c-8222-acae2c1c05c5}\mpkslc3573337.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e2aa4cfa-707a-445c-8222-acae2c1c05c5}\MpKslc3573337.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 hpoid407;IEEE-1284.4 Driver;c:\windows\system32\drivers\hpoid407.sys --> c:\windows\system32\drivers\hpoid407.sys [?]
S3 hpoius07;USB to IEEE-1284.4 Translation Driver;c:\windows\system32\drivers\hpoius07.sys --> c:\windows\system32\drivers\hpoius07.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-20 21:08:26 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1129f935-73c1-41d2-a229-3d18acb8936a}\MpKsl2aa6fc7e.sys
2011-05-20 21:07:10 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1129f935-73c1-41d2-a229-3d18acb8936a}\mpengine.dll
2011-05-17 20:12:49 -------- d-----w- c:\documents and settings\managers\application data\Malwarebytes
2011-05-17 20:12:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-17 20:12:38 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-17 20:12:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-17 20:12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 12:44:59.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:48 AM

Posted 29 May 2011 - 03:29 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 soloviola7871

soloviola7871
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 29 May 2011 - 02:54 PM

Thank you for the help! So my boss brought in a new computer, but it still has the same problems. Malwarebytes keeps blocking access to "potentially malicious websites" and the computer itself is extremely slow. I'm completely unable to run GMER; it always results in a BSOD saying something about atapi.sys or something. I'll post the new DDS logs and the Malwarebytes protection log so you can see what I'm working (or trying to work) with. Unfortunately the DDS log is on the new computer, and I'm at home right now, but I'll post the DDS log as soon as possible.

Here is a small list of what Malwarebytes comes up with.

15:28:14 Nutrition City MESSAGE Protection started successfully
15:28:21 Nutrition City MESSAGE IP Protection started successfully
15:35:06 Nutrition City IP-BLOCK 89.28.5.194 (Type: outgoing)
15:38:01 Nutrition City IP-BLOCK 121.10.120.182 (Type: incoming)
15:38:11 Nutrition City IP-BLOCK 121.10.120.182 (Type: incoming)
15:38:16 Nutrition City IP-BLOCK 218.10.141.206 (Type: incoming)
15:39:12 Nutrition City IP-BLOCK 89.28.5.194 (Type: incoming)
15:48:45 Nutrition City IP-BLOCK 89.28.5.194 (Type: outgoing)
15:54:27 Nutrition City IP-BLOCK 89.28.97.165 (Type: incoming)
16:04:16 Nutrition City IP-BLOCK 91.212.124.137 (Type: outgoing)
16:14:49 Nutrition City IP-BLOCK 89.28.117.99 (Type: incoming)
16:21:01 Nutrition City IP-BLOCK 83.128.67.242 (Type: outgoing)
16:39:51 Nutrition City MESSAGE Protection started successfully
16:40:21 Nutrition City MESSAGE IP Protection started successfully
16:43:45 Nutrition City IP-BLOCK 89.28.114.213 (Type: outgoing)
16:53:10 Nutrition City IP-BLOCK 83.128.116.65 (Type: incoming)
17:14:16 Nutrition City IP-BLOCK 83.128.116.65 (Type: outgoing)
17:14:29 Nutrition City IP-BLOCK 85.234.172.253 (Type: outgoing)
17:30:09 (null) MESSAGE Protection started successfully
17:30:51 Nutrition City MESSAGE IP Protection started successfully
17:35:56 Nutrition City IP-BLOCK 195.216.173.146 (Type: incoming)
17:41:50 Nutrition City IP-BLOCK 83.128.116.65 (Type: incoming)
17:58:48 Nutrition City IP-BLOCK 195.216.173.146 (Type: incoming)
17:59:55 Nutrition City IP-BLOCK 121.10.120.182 (Type: incoming)
18:02:29 Nutrition City IP-BLOCK 220.248.164.230 (Type: outgoing)
18:03:40 Nutrition City IP-BLOCK 62.45.197.24 (Type: incoming)
18:17:17 Nutrition City IP-BLOCK 206.53.58.4 (Type: outgoing)
18:18:17 Nutrition City IP-BLOCK 219.152.137.191 (Type: outgoing)
18:21:46 Nutrition City IP-BLOCK 195.216.173.146 (Type: incoming)
18:39:31 (null) MESSAGE Protection started successfully
18:40:15 Nutrition City MESSAGE IP Protection started successfully
18:41:42 Nutrition City IP-BLOCK 195.216.173.146 (Type: incoming)
18:44:48 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
18:54:08 Nutrition City IP-BLOCK 58.241.13.210 (Type: incoming)
18:55:24 Nutrition City IP-BLOCK 58.241.13.210 (Type: outgoing)
19:00:18 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
19:11:24 Nutrition City IP-BLOCK 58.241.13.210 (Type: outgoing)
19:16:31 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
19:25:10 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
19:25:15 Nutrition City IP-BLOCK 195.161.7.14 (Type: outgoing)
19:30:11 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
19:30:38 Nutrition City IP-BLOCK 222.173.162.34 (Type: incoming)
19:31:31 Nutrition City IP-BLOCK 91.188.34.73 (Type: incoming)
19:39:11 Nutrition City IP-BLOCK 89.28.68.74 (Type: outgoing)
19:40:09 Nutrition City IP-BLOCK 89.28.15.247 (Type: outgoing)
19:45:48 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
19:55:40 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
19:55:49 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
19:55:57 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
20:00:46 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
20:10:18 Nutrition City IP-BLOCK 91.188.34.73 (Type: outgoing)
20:16:11 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
20:16:21 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
20:24:42 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
20:25:52 Nutrition City IP-BLOCK 89.28.16.18 (Type: incoming)
20:30:16 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
20:30:28 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
20:40:54 Nutrition City IP-BLOCK 62.45.252.67 (Type: outgoing)
20:41:26 Nutrition City IP-BLOCK 222.65.89.230 (Type: outgoing)
20:45:59 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
20:46:07 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
20:54:34 Nutrition City IP-BLOCK 87.248.188.212 (Type: outgoing)
20:54:52 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
20:54:57 Nutrition City IP-BLOCK 195.161.7.14 (Type: outgoing)
21:09:39 Nutrition City IP-BLOCK 89.28.124.173 (Type: outgoing)
21:23:02 Nutrition City IP-BLOCK 195.161.7.14 (Type: outgoing)
21:23:10 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
21:23:22 Nutrition City IP-BLOCK 91.188.34.73 (Type: outgoing)
21:30:59 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
21:38:39 Nutrition City IP-BLOCK 212.117.179.53 (Type: outgoing)
21:46:33 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
21:54:14 Nutrition City IP-BLOCK 91.188.34.73 (Type: outgoing)
22:00:44 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:09:50 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
22:10:30 Nutrition City IP-BLOCK 58.240.147.170 (Type: outgoing)
22:14:44 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:14:52 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:24:27 Nutrition City IP-BLOCK 89.28.86.218 (Type: outgoing)
22:24:38 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
22:25:16 Nutrition City IP-BLOCK 188.130.176.49 (Type: outgoing)
22:29:05 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:39:31 Nutrition City IP-BLOCK 89.28.86.218 (Type: outgoing)
22:39:44 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
22:44:24 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:44:32 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:54:47 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
22:59:32 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:59:38 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:02:13 Nutrition City IP-BLOCK 58.241.13.210 (Type: incoming)
23:13:48 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:13:57 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:25:00 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
23:25:37 Nutrition City IP-BLOCK 222.69.130.90 (Type: outgoing)
23:25:47 Nutrition City IP-BLOCK 195.161.7.23 (Type: outgoing)
23:29:34 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:29:43 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:34:40 Nutrition City IP-BLOCK 89.28.16.226 (Type: incoming)
23:38:59 Nutrition City IP-BLOCK 58.241.13.210 (Type: outgoing)
23:39:33 Nutrition City IP-BLOCK 89.149.194.179 (Type: outgoing)
23:44:06 Nutrition City IP-BLOCK 195.24.78.75 (Type: incoming)
23:45:16 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:45:25 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:53:03 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
23:53:15 Nutrition City IP-BLOCK 91.188.34.73 (Type: outgoing)

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:48 AM

Posted 29 May 2011 - 04:37 PM

Either a rootkit or a trojan is opening up the gates and this is why you are getting constant attacks. What's worrying is that the machine doesn't seem to be the problem but the network. atapi.sys is TDSS's favourite file to infect so that's where we'll start

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 soloviola7871

soloviola7871
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 29 May 2011 - 08:33 PM

Here is the TDSS Killer log, it came up clean...?

2011/05/29 19:58:37.0250 2936 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/29 19:58:37.0890 2936 ================================================================================
2011/05/29 19:58:37.0890 2936 SystemInfo:
2011/05/29 19:58:37.0890 2936
2011/05/29 19:58:37.0890 2936 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/29 19:58:37.0890 2936 Product type: Workstation
2011/05/29 19:58:37.0890 2936 ComputerName: NUTRITIONCITY
2011/05/29 19:58:37.0890 2936 UserName: Nutrition City
2011/05/29 19:58:37.0890 2936 Windows directory: C:\WINDOWS
2011/05/29 19:58:37.0890 2936 System windows directory: C:\WINDOWS
2011/05/29 19:58:37.0890 2936 Processor architecture: Intel x86
2011/05/29 19:58:37.0890 2936 Number of processors: 1
2011/05/29 19:58:37.0890 2936 Page size: 0x1000
2011/05/29 19:58:37.0890 2936 Boot type: Normal boot
2011/05/29 19:58:37.0890 2936 ================================================================================
2011/05/29 19:58:38.0890 2936 Initialize success
2011/05/29 19:58:43.0546 4072 ================================================================================
2011/05/29 19:58:43.0546 4072 Scan started
2011/05/29 19:58:43.0546 4072 Mode: Manual;
2011/05/29 19:58:43.0546 4072 ================================================================================
2011/05/29 19:58:45.0218 4072 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/29 19:58:45.0359 4072 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/29 19:58:45.0406 4072 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/29 19:58:45.0453 4072 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/29 19:58:45.0515 4072 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/29 19:58:45.0578 4072 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/29 19:58:45.0640 4072 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/05/29 19:58:45.0687 4072 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/29 19:58:45.0734 4072 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/29 19:58:45.0781 4072 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/29 19:58:45.0812 4072 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/29 19:58:45.0859 4072 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/29 19:58:45.0906 4072 akshasp (4ed4ce78a42070cb041c208ca53ed70a) C:\WINDOWS\system32\DRIVERS\akshasp.sys
2011/05/29 19:58:45.0968 4072 aksusb (2fa8cbcbd795014267be5f60bb8474c0) C:\WINDOWS\system32\DRIVERS\aksusb.sys
2011/05/29 19:58:46.0015 4072 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/29 19:58:46.0093 4072 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/29 19:58:46.0125 4072 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/29 19:58:46.0156 4072 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/29 19:58:46.0234 4072 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/05/29 19:58:46.0296 4072 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/29 19:58:46.0343 4072 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/29 19:58:46.0375 4072 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/29 19:58:46.0406 4072 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/29 19:58:46.0500 4072 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/29 19:58:46.0562 4072 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/29 19:58:46.0625 4072 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/29 19:58:46.0687 4072 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/29 19:58:46.0734 4072 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/05/29 19:58:46.0796 4072 bdfsfltr (c3e025d46368e3d18085eef26ef6f6a1) C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
2011/05/29 19:58:46.0859 4072 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/29 19:58:46.0921 4072 bvrp_pci (647c1626114e789c5b8ab8e9c33c04bc) C:\WINDOWS\system32\drivers\bvrp_pci.sys
2011/05/29 19:58:46.0968 4072 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/29 19:58:47.0000 4072 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/29 19:58:47.0031 4072 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/29 19:58:47.0078 4072 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/29 19:58:47.0140 4072 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/29 19:58:47.0187 4072 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/29 19:58:47.0234 4072 CFRMD (a6811f84b3df61e22e4f8749d9a8af61) C:\WINDOWS\system32\DRIVERS\CFRMD.sys
2011/05/29 19:58:47.0296 4072 CFRPD (e854bd45cfb2898108ceccba89b67d0d) C:\WINDOWS\system32\DRIVERS\CFRPD.sys
2011/05/29 19:58:47.0390 4072 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/29 19:58:47.0437 4072 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/29 19:58:47.0484 4072 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/29 19:58:47.0546 4072 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/29 19:58:47.0593 4072 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/29 19:58:47.0640 4072 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/29 19:58:47.0703 4072 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/29 19:58:47.0765 4072 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/05/29 19:58:47.0812 4072 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/05/29 19:58:47.0843 4072 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/05/29 19:58:47.0875 4072 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/05/29 19:58:47.0890 4072 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/05/29 19:58:47.0921 4072 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/05/29 19:58:47.0953 4072 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/05/29 19:58:47.0968 4072 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/05/29 19:58:48.0000 4072 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/05/29 19:58:48.0093 4072 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/29 19:58:48.0171 4072 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/29 19:58:48.0218 4072 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/29 19:58:48.0281 4072 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/29 19:58:48.0343 4072 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/05/29 19:58:48.0406 4072 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/05/29 19:58:48.0437 4072 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2011/05/29 19:58:48.0468 4072 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/05/29 19:58:48.0515 4072 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/29 19:58:48.0562 4072 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/29 19:58:48.0656 4072 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/05/29 19:58:48.0703 4072 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/05/29 19:58:48.0859 4072 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/05/29 19:58:48.0968 4072 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/05/29 19:58:49.0062 4072 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/29 19:58:49.0156 4072 EpsCe (18c26912ff46ac729b376c68a851944c) C:\WINDOWS\system32\Drivers\EpsCe.sys
2011/05/29 19:58:49.0250 4072 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/29 19:58:49.0296 4072 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/29 19:58:49.0359 4072 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/29 19:58:49.0406 4072 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/29 19:58:49.0468 4072 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/29 19:58:49.0500 4072 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/29 19:58:49.0531 4072 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/29 19:58:49.0593 4072 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/29 19:58:49.0687 4072 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\WINDOWS\system32\drivers\hardlock.sys
2011/05/29 19:58:49.0859 4072 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
2011/05/29 19:58:49.0984 4072 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/29 19:58:50.0093 4072 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/29 19:58:50.0187 4072 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/29 19:58:50.0312 4072 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/29 19:58:50.0421 4072 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/29 19:58:50.0531 4072 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/29 19:58:50.0687 4072 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/05/29 19:58:50.0890 4072 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/29 19:58:51.0125 4072 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/29 19:58:51.0250 4072 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/29 19:58:51.0343 4072 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/29 19:58:51.0437 4072 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/29 19:58:51.0609 4072 ialm (643162fbc619e35d3f1a90a095a5bb42) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/29 19:58:51.0703 4072 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/29 19:58:51.0843 4072 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/29 19:58:51.0968 4072 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/29 19:58:52.0046 4072 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/29 19:58:52.0078 4072 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/29 19:58:52.0140 4072 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/29 19:58:52.0218 4072 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/29 19:58:52.0250 4072 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/29 19:58:52.0312 4072 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/29 19:58:52.0359 4072 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/29 19:58:52.0406 4072 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/29 19:58:52.0453 4072 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/29 19:58:52.0484 4072 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/29 19:58:52.0515 4072 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/29 19:58:52.0593 4072 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/29 19:58:52.0703 4072 LxrSII1d (db7f488269290a8c1907602b7f4c213d) C:\WINDOWS\system32\Drivers\LxrSII1d.sys
2011/05/29 19:58:52.0765 4072 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2011/05/29 19:58:52.0828 4072 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/29 19:58:52.0906 4072 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/29 19:58:52.0968 4072 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/29 19:58:53.0031 4072 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/29 19:58:53.0093 4072 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/29 19:58:53.0171 4072 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/29 19:58:53.0390 4072 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/29 19:58:53.0468 4072 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/29 19:58:53.0546 4072 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/29 19:58:53.0625 4072 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/29 19:58:53.0703 4072 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/29 19:58:53.0765 4072 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/29 19:58:53.0828 4072 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/29 19:58:53.0906 4072 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/29 19:58:53.0968 4072 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/29 19:58:54.0031 4072 mv2 (1ddc53d670c6e853c4ee8558efde7b34) C:\WINDOWS\system32\DRIVERS\mv2.sys
2011/05/29 19:58:54.0109 4072 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/29 19:58:54.0140 4072 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/29 19:58:54.0171 4072 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/29 19:58:54.0203 4072 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/29 19:58:54.0281 4072 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/29 19:58:54.0328 4072 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/29 19:58:54.0375 4072 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/29 19:58:54.0437 4072 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/29 19:58:54.0468 4072 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/29 19:58:54.0500 4072 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/29 19:58:54.0562 4072 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/29 19:58:54.0703 4072 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/29 19:58:54.0843 4072 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/29 19:58:54.0875 4072 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/29 19:58:54.0953 4072 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/05/29 19:58:54.0984 4072 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/05/29 19:58:55.0031 4072 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/05/29 19:58:55.0078 4072 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/29 19:58:55.0140 4072 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/29 19:58:55.0171 4072 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/29 19:58:55.0203 4072 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/29 19:58:55.0234 4072 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/29 19:58:55.0281 4072 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/29 19:58:55.0328 4072 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/29 19:58:55.0953 4072 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/29 19:58:56.0000 4072 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/29 19:58:56.0093 4072 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/29 19:58:56.0125 4072 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/29 19:58:56.0156 4072 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/29 19:58:56.0218 4072 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/29 19:58:56.0265 4072 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/29 19:58:56.0296 4072 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/29 19:58:56.0328 4072 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/29 19:58:56.0375 4072 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/29 19:58:56.0406 4072 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/29 19:58:56.0468 4072 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/29 19:58:56.0531 4072 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/29 19:58:56.0562 4072 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/29 19:58:56.0578 4072 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/29 19:58:56.0640 4072 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/29 19:58:56.0671 4072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/29 19:58:56.0703 4072 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/29 19:58:56.0765 4072 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/29 19:58:56.0812 4072 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/29 19:58:56.0890 4072 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
2011/05/29 19:58:56.0953 4072 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/29 19:58:56.0984 4072 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/05/29 19:58:57.0046 4072 risdptsk (ace2ce73d7b04eac48fb80482e05e770) C:\WINDOWS\system32\DRIVERS\risdptsk.sys
2011/05/29 19:58:57.0078 4072 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/05/29 19:58:57.0156 4072 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/05/29 19:58:57.0218 4072 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/29 19:58:57.0296 4072 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/29 19:58:57.0375 4072 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2011/05/29 19:58:57.0437 4072 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/29 19:58:57.0484 4072 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/29 19:58:57.0578 4072 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/05/29 19:58:57.0640 4072 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/05/29 19:58:57.0703 4072 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/29 19:58:57.0781 4072 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/29 19:58:57.0859 4072 SNTNLUSB (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
2011/05/29 19:58:57.0906 4072 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/29 19:58:57.0968 4072 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/29 19:58:58.0062 4072 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/29 19:58:58.0109 4072 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/29 19:58:58.0234 4072 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/29 19:58:58.0359 4072 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/29 19:58:58.0406 4072 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/29 19:58:58.0468 4072 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/29 19:58:58.0500 4072 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/29 19:58:58.0546 4072 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/29 19:58:58.0578 4072 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/29 19:58:58.0640 4072 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/29 19:58:58.0703 4072 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/29 19:58:58.0796 4072 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/29 19:58:58.0843 4072 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/05/29 19:58:58.0906 4072 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/29 19:58:58.0953 4072 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/29 19:58:59.0000 4072 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/29 19:58:59.0078 4072 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/29 19:58:59.0171 4072 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2011/05/29 19:58:59.0218 4072 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/05/29 19:58:59.0281 4072 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/29 19:58:59.0343 4072 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/29 19:58:59.0406 4072 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/29 19:58:59.0484 4072 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/29 19:58:59.0546 4072 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/29 19:58:59.0640 4072 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/29 19:58:59.0734 4072 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/29 19:58:59.0796 4072 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/29 19:58:59.0890 4072 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/29 19:58:59.0921 4072 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/29 19:58:59.0968 4072 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/29 19:59:00.0015 4072 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/29 19:59:00.0062 4072 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/29 19:59:00.0109 4072 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/29 19:59:00.0156 4072 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/29 19:59:00.0343 4072 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/05/29 19:59:00.0546 4072 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/29 19:59:00.0640 4072 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/05/29 19:59:00.0703 4072 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/29 19:59:00.0796 4072 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/29 19:59:00.0968 4072 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/29 19:59:01.0046 4072 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/29 19:59:01.0109 4072 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/29 19:59:01.0203 4072 XRNBO (efe001f8b312cf3bb5e29c57bcf742df) c:\windows\system32\drivers\XRNBO.sys
2011/05/29 19:59:01.0265 4072 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/29 19:59:01.0453 4072 ================================================================================
2011/05/29 19:59:01.0453 4072 Scan finished
2011/05/29 19:59:01.0453 4072 ================================================================================
2011/05/29 19:59:01.0468 0732 Detected object count: 0
2011/05/29 19:59:01.0468 0732 Actual detected object count: 0

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:48 AM

Posted 30 May 2011 - 04:23 AM

Please run aswMBR, it detects newer variants.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#7 soloviola7871

soloviola7871
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 01 June 2011 - 09:08 AM

Thanks for the advice. I'll have the log posted as soon as possible!!!

#8 soloviola7871

soloviola7871
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 02 June 2011 - 07:51 PM

Here is the log you requested. Thank you for your patience!


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-02 19:05:41
-----------------------------
19:05:41.484 OS Version: Windows 5.1.2600 Service Pack 3
19:05:41.484 Number of processors: 1 586 0xD08
19:05:41.484 ComputerName: NUTRITIONCITY UserName: Admin
19:05:43.234 Initialize success
19:05:44.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:05:44.375 Disk 0 Vendor: ST960822A 8.03 Size: 55796MB BusType: 3
19:05:44.406 Disk 0 MBR read successfully
19:05:44.421 Disk 0 MBR scan
19:05:44.437 Disk 0 Windows XP default MBR code
19:05:44.453 Disk 0 scanning sectors +114254280
19:05:44.546 Disk 0 scanning C:\WINDOWS\system32\drivers
19:06:00.437 Service scanning
19:06:26.890 Disk 0 trace - called modules:
19:06:26.921 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
19:06:26.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87307ab8]
19:06:26.953 3 CLASSPNP.SYS[f76d6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87324940]
19:06:26.953 Scan finished successfully
19:06:33.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nutrition City\My Documents\Ryan\MBR.dat"
19:06:33.656 The log file has been saved successfully to "C:\Documents and Settings\Nutrition City\My Documents\Ryan\aswMBR.txt"

Attached Files


Edited by soloviola7871, 02 June 2011 - 07:52 PM.


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:48 AM

Posted 02 June 2011 - 07:58 PM

No rootkit so now we look for trojans or adware. Combofix is the right tool for this.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#10 soloviola7871

soloviola7871
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 03 June 2011 - 04:34 PM

ComboFix failed in Normal boot mode, so I ran it in Safe Mode with Networking, and here is the log from the scan:

ComboFix 11-06-03.04 - Admin 06/03/2011 16:04:25.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.776 [GMT -5:00]
Running from: c:\documents and settings\Admin\Desktop\comfix.exe.exe
AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\comfix.exe
c:\comfix.exe\023.dat
c:\comfix.exe\023v.dat
c:\comfix.exe\023w7.dat
c:\comfix.exe\AppDataFile.cfx
c:\comfix.exe\AppDataFolder.cfx
c:\comfix.exe\appinit.bad
c:\comfix.exe\asp.str
c:\comfix.exe\Assoc.cmd
c:\comfix.exe\ATTRIB.cfxxe
c:\comfix.exe\Auto-RC.cmd
c:\comfix.exe\av.cmd
c:\comfix.exe\av.vbs
c:\comfix.exe\AWF.cmd
c:\comfix.exe\badclsid.c
c:\comfix.exe\Boot-Rk.cmd
c:\comfix.exe\Boot.bat
c:\comfix.exe\BootDrv.vbs
c:\comfix.exe\c.bat
c:\comfix.exe\c.mrk
c:\comfix.exe\Catch-sub.cmd
c:\comfix.exe\catchme.cfxxe
c:\comfix.exe\CCS.bat
c:\comfix.exe\CF-Script.cmd
c:\comfix.exe\CF28819.cfxxe
c:\comfix.exe\CHCP.bat
c:\comfix.exe\clsid.c
c:\comfix.exe\Combobatch.bat
c:\comfix.exe\ComboFix-Download.cfxxe
c:\comfix.exe\Create.cmd
c:\comfix.exe\Creg.dat
c:\comfix.exe\CregC.cmd
c:\comfix.exe\CregC.dat
c:\comfix.exe\CSCRIPT.cfxxe
c:\comfix.exe\CSet.cmd
c:\comfix.exe\dd.cfxxe
c:\comfix.exe\ddsDo.sed
c:\comfix.exe\DelClsid.bat
c:\comfix.exe\DelClsid64.bat
c:\comfix.exe\desktop.ini
c:\comfix.exe\DesktopFile.cfx
c:\comfix.exe\DisclaimED.dat
c:\comfix.exe\DPF.str
c:\comfix.exe\DrvRun.vbs
c:\comfix.exe\dumphive.cfxxe
c:\comfix.exe\embedded.sed
c:\comfix.exe\ERDNT.e_e
c:\comfix.exe\ERDNTDOS.LOC
c:\comfix.exe\ERDNTWIN.LOC
c:\comfix.exe\ERUNT.cfxxe
c:\comfix.exe\erunt.dat
c:\comfix.exe\ERUNT.LOC
c:\comfix.exe\Exe.reg
c:\comfix.exe\extract.cfxxe
c:\comfix.exe\FavoriteFolder.cfx
c:\comfix.exe\FavoritesFile.cfx
c:\comfix.exe\FD-SV.cmd
c:\comfix.exe\ffdefstr.dll
c:\comfix.exe\FileKill.cfxxe
c:\comfix.exe\files.pif
c:\comfix.exe\Fin.dat
c:\comfix.exe\FIND3M.bat
c:\comfix.exe\FIXLSP.bat
c:\comfix.exe\FKMGen.cmd
c:\comfix.exe\ForeignWht
c:\comfix.exe\GetHive.cmd
c:\comfix.exe\grep.cfxxe
c:\comfix.exe\gsar.cfxxe
c:\comfix.exe\handle.cfxxe
c:\comfix.exe\HDPEInfo.cfxxe
c:\comfix.exe\hidec.cfxxe
c:\comfix.exe\history.bat
c:\comfix.exe\hwid.pif
c:\comfix.exe\iexplore.exe
c:\comfix.exe\image001.gif
c:\comfix.exe\Imefile.dat
c:\comfix.exe\Install-RC.cmd
c:\comfix.exe\katch.cmd
c:\comfix.exe\Kill-All.cmd
c:\comfix.exe\kmd.dat
c:\comfix.exe\Lang.bat
c:\comfix.exe\List-B.bat
c:\comfix.exe\List-C.bat
c:\comfix.exe\List-D.bat
c:\comfix.exe\List.bat
c:\comfix.exe\lnkread.vbs
c:\comfix.exe\LocalAppDataFile.cfx
c:\comfix.exe\LocalAppDataFolder.cfx
c:\comfix.exe\LocalService.dat
c:\comfix.exe\LocalServiceNetworkRestricted.dat
c:\comfix.exe\LocalSettingsFile.cfx
c:\comfix.exe\LocalSystemNetworkRestricted.dat
c:\comfix.exe\mbr.cfxxe
c:\comfix.exe\mbr.chk
c:\comfix.exe\md5sum.pif
c:\comfix.exe\Mirrors
c:\comfix.exe\MoveIt.bat
c:\comfix.exe\mtee.cfxxe
c:\comfix.exe\MtPt00
c:\comfix.exe\mynul.dat
c:\comfix.exe\N_\10297
c:\comfix.exe\N_\11009
c:\comfix.exe\N_\12407
c:\comfix.exe\N_\1358
c:\comfix.exe\N_\13815
c:\comfix.exe\N_\14946
c:\comfix.exe\N_\17948
c:\comfix.exe\N_\19858
c:\comfix.exe\N_\23893
c:\comfix.exe\N_\24315
c:\comfix.exe\N_\24418
c:\comfix.exe\N_\26206
c:\comfix.exe\N_\26473
c:\comfix.exe\N_\26718
c:\comfix.exe\N_\27956
c:\comfix.exe\N_\29605
c:\comfix.exe\N_\31093
c:\comfix.exe\N_\4066
c:\comfix.exe\N_\6352
c:\comfix.exe\N_\pingtest
c:\comfix.exe\ncmd.com
c:\comfix.exe\ND_.bat
c:\comfix.exe\ND_64.bat
c:\comfix.exe\ndis_combofix.dat
c:\comfix.exe\netsvc.bad.dat
c:\comfix.exe\netsvc.dat
c:\comfix.exe\netsvc.vista.dat
c:\comfix.exe\netsvc.xp.dat
c:\comfix.exe\NetworkService.dat
c:\comfix.exe\NirCmd.cfxxe
c:\comfix.exe\NircmdB.exe
c:\comfix.exe\NirCmdC.cfxxe
c:\comfix.exe\NIRKMD.cfxxe
c:\comfix.exe\NlsLanguageDefault
c:\comfix.exe\NT-OS.cmd
c:\comfix.exe\NULL
c:\comfix.exe\OSid.vbs
c:\comfix.exe\OsVer
c:\comfix.exe\pausep.cfxxe
c:\comfix.exe\PersonalFile.cfx
c:\comfix.exe\PersonalFolder.cfx
c:\comfix.exe\pev.cfxxe
c:\comfix.exe\pevb.cfxxe
c:\comfix.exe\PING.cfxxe
c:\comfix.exe\Policies.dat
c:\comfix.exe\powp.dat
c:\comfix.exe\Prep.inf
c:\comfix.exe\ProfilesFile.cfx
c:\comfix.exe\ProfilesFolder.cfx
c:\comfix.exe\ProgramsFile.cfx
c:\comfix.exe\ProgramsFolder.cfx
c:\comfix.exe\Purity.dat
c:\comfix.exe\PV.cfxxe
c:\comfix.exe\pv.com
c:\comfix.exe\rar_sfx.cmd
c:\comfix.exe\RCLink.dat
c:\comfix.exe\REGDACL.sed
c:\comfix.exe\RegDo.sed
c:\comfix.exe\region.dat
c:\comfix.exe\RegScan.cmd
c:\comfix.exe\RegScan64.cmd
c:\comfix.exe\Resident.txt
c:\comfix.exe\restore_pt.vbs
c:\comfix.exe\Rkey.cmd
c:\comfix.exe\rmbr.cfxxe
c:\comfix.exe\rogues.dat
c:\comfix.exe\ROUTE.cfxxe
c:\comfix.exe\run2.sed
c:\comfix.exe\Rust.str
c:\comfix.exe\s0rt.cfxxe
c:\comfix.exe\safeboot.dat
c:\comfix.exe\safeboot.def.dat
c:\comfix.exe\safeboot.def.vista.dat
c:\comfix.exe\Safeboot.def.w7.dat
c:\comfix.exe\sed.cfxxe
c:\comfix.exe\SetEnvmt.bat
c:\comfix.exe\setpath.cfxxe
c:\comfix.exe\setpath_N.cmd
c:\comfix.exe\SF.exe
c:\comfix.exe\sfx.cmd
c:\comfix.exe\SnapShot.cmd
c:\comfix.exe\SRestore.cmd
c:\comfix.exe\srizbi.md5
c:\comfix.exe\Start_dat
c:\comfix.exe\StartMenuFile.cfx
c:\comfix.exe\StartMenuFolder.cfx
c:\comfix.exe\StartUpFile.cfx
c:\comfix.exe\SuppScan.cmd
c:\comfix.exe\svc_wht.dat
c:\comfix.exe\SvcDrv.vbs
c:\comfix.exe\svchost.dat
c:\comfix.exe\svchost.vista.dat
c:\comfix.exe\svchost.vista.x64.dat
c:\comfix.exe\svchost.w7.dat
c:\comfix.exe\svchost.w7.x64.dat
c:\comfix.exe\swreg.cfxxe
c:\comfix.exe\swsc.cfxxe
c:\comfix.exe\swxcacls.cfxxe
c:\comfix.exe\system_ini.dat
c:\comfix.exe\tail.cfxxe
c:\comfix.exe\TemplatesFile.cfx
c:\comfix.exe\TemplatesFolder.cfx
c:\comfix.exe\toolbar.sed
c:\comfix.exe\Update-CF.cmd
c:\comfix.exe\VerCF.bat
c:\comfix.exe\version.txt
c:\comfix.exe\VikPev00
c:\comfix.exe\VInfo
c:\comfix.exe\VInfo2
c:\comfix.exe\Vipev.dat
c:\comfix.exe\vistaMcode.dat
c:\comfix.exe\vistareg.dat
c:\comfix.exe\vun.dat
c:\comfix.exe\VwinTemp.dacl
c:\comfix.exe\w_sock.dll
c:\comfix.exe\w2k_sock.dll
c:\comfix.exe\w2kreg.dat
c:\comfix.exe\w7Mcode.dat
c:\comfix.exe\w7reg.dat
c:\comfix.exe\Wmi_rem.vbs
c:\comfix.exe\XP.mac
c:\comfix.exe\xpmcode.dat
c:\comfix.exe\xpreg.dat
c:\comfix.exe\XPSBoot.reg
c:\comfix.exe\zDomain.dat
c:\comfix.exe\zhsvc.dat
c:\comfix.exe\zip.cfxxe
c:\documents and settings\Nutrition City\WINDOWS
c:\windows\system32\Cache
.
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2011-05-30 01:53 . 2011-05-30 01:53 -------- d-----w- c:\documents and settings\Admin\Application Data\BitDefender
2011-05-30 01:52 . 2011-05-30 01:52 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2011-05-30 01:22 . 2011-05-30 01:22 -------- dc----w- C:\RyanZip
2011-05-28 20:09 . 2011-05-28 20:09 11264 ----a-w- c:\windows\DCEBoot.exe
2011-05-28 19:48 . 2011-05-28 20:03 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-28 16:37 . 2011-05-30 02:57 21480 ----a-w- c:\windows\system32\mv2.dll
2011-05-28 16:37 . 2011-05-30 02:57 11496 ----a-w- c:\windows\system32\drivers\mv2.sys
2011-05-28 00:09 . 2010-04-22 18:19 149520 ----a-w- c:\windows\system32\drivers\bdfm.sys
2011-05-28 00:07 . 2011-05-28 00:07 -------- d-----w- c:\documents and settings\Nutrition City\Application Data\BitDefender
2011-05-27 23:52 . 2011-05-27 23:52 -------- d-----w- c:\documents and settings\Nutrition City\Application Data\QuickScan
2011-05-27 23:49 . 2011-05-28 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2011-05-27 23:49 . 2011-05-28 00:04 -------- d-----w- c:\program files\Common Files\BitDefender
2011-05-27 23:45 . 2011-03-12 00:45 308296 ----a-w- c:\windows\system32\drivers\Trufos.sys
2011-05-27 23:45 . 2010-05-13 22:02 12960 ----a-w- c:\windows\system32\drivers\bdrawpr.sys
2011-05-27 23:45 . 2011-05-30 02:02 73957 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin
2011-05-27 21:21 . 2011-06-03 16:18 74764 ----a-w- c:\windows\cscmondump.bin
2011-05-27 21:19 . 2011-05-27 21:19 2 --shatr- c:\windows\winstart.bat
2011-05-27 21:02 . 2011-05-27 21:02 -------- d-----w- c:\program files\COMODO
2011-05-27 21:02 . 2011-05-27 21:02 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-05-26 20:24 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 20:24 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 02:38 . 2009-12-17 14:15 114688 ----a-w- c:\windows\system32\RicohMediadriverVer.dll
2011-05-20 00:24 . 2011-05-20 00:24 -------- d-----w- c:\documents and settings\Nutrition City\Local Settings\Application Data\uTorrent
2011-05-19 23:46 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-19 23:46 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-19 23:46 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-19 23:46 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-19 23:46 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-19 23:46 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-19 23:46 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-19 23:46 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-19 20:27 . 2011-05-19 20:27 -------- d-----w- c:\documents and settings\Nutrition City\Local Settings\Application Data\VS Revo Group
2011-05-19 20:27 . 2009-12-30 16:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-05-19 20:27 . 2011-05-19 20:27 -------- d-----w- c:\program files\VS Revo Group
2011-05-19 08:05 . 2011-05-19 08:05 -------- d-----w- c:\program files\Best Uninstall Tool
2011-05-19 05:43 . 2011-05-19 20:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 05:24 . 2011-05-19 05:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-19 05:21 . 2011-05-19 05:21 -------- d-----w- c:\program files\ScottradeELITE
2011-05-17 21:03 . 2011-05-17 21:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-05-14 23:43 . 2011-05-14 23:43 -------- d-----w- c:\program files\Trend Micro
2011-05-07 18:27 . 2011-05-19 04:52 -------- d-----w- C:\RECYCLER(2)
2011-05-07 18:26 . 2011-05-19 04:52 -------- d-----w- c:\program files\Microsoft Security Client(2)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-21 23:26 . 2010-08-12 05:11 12080 ----a-w- c:\windows\system32\drivers\D7B90406.bin
2011-04-15 21:00 . 2010-01-23 00:47 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-03-24 20:36 . 2011-03-24 20:36 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-03-11 14:10 . 2004-08-11 23:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-07 05:33 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2010-07-08 15:37 . 2010-07-08 15:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2011-04-14 16:26 . 2011-05-19 23:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2008-11-06 202016]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-02-27 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 1202448]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\documents and settings\Nutrition City\My Documents\Downloads\OTL.exe" [2011-05-26 580096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0defrag_native
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"123:TCP"= 123:TCP:blackhawk
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
S1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [12/9/2010 7:14 AM 66584]
S1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [12/9/2010 7:15 AM 33232]
S1 MpKsl1b814ff4;MpKsl1b814ff4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl1b814ff4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl1b814ff4.sys [?]
S1 MpKsl2785e375;MpKsl2785e375;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BDFED46-8D9A-497D-A581-3AAE28844E29}\MpKsl2785e375.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BDFED46-8D9A-497D-A581-3AAE28844E29}\MpKsl2785e375.sys [?]
S1 MpKsl3f83cdde;MpKsl3f83cdde;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BDFED46-8D9A-497D-A581-3AAE28844E29}\MpKsl3f83cdde.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BDFED46-8D9A-497D-A581-3AAE28844E29}\MpKsl3f83cdde.sys [?]
S1 MpKsl4465fa6a;MpKsl4465fa6a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl4465fa6a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl4465fa6a.sys [?]
S1 MpKsl7432cfd4;MpKsl7432cfd4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl7432cfd4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl7432cfd4.sys [?]
S1 MpKslb1991a34;MpKslb1991a34;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BDFED46-8D9A-497D-A581-3AAE28844E29}\MpKslb1991a34.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BDFED46-8D9A-497D-A581-3AAE28844E29}\MpKslb1991a34.sys [?]
S1 MpKsldd30930c;MpKsldd30930c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B947D4C-A575-4EBB-B1F9-B8DE7E0A3C09}\MpKsldd30930c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B947D4C-A575-4EBB-B1F9-B8DE7E0A3C09}\MpKsldd30930c.sys [?]
S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [12/9/2010 7:08 AM 305600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 EpsCe;EpsCe;c:\windows\system32\drivers\EpsCe.sys [11/26/2007 6:51 AM 54784]
S2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
S2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [10/2/2007 10:08 AM 70016]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/26/2011 3:24 PM 363344]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [8/27/2010 2:59 PM 1051968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/26/2011 3:24 PM 20952]
S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [5/28/2011 11:37 AM 11496]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/19/2011 3:27 PM 27064]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/24/2010 2:41 PM 10064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 6:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XRNBO;XRNBO;c:\windows\system32\drivers\XRNBO.sys [8/12/2010 12:11 AM 177152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-02 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]
.
2011-06-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-10 05:01]
.
2011-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-21 14:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} - hxxp://ncmpls.viewnetcam.com/MpegInst.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://192.168.0.253/JpegInst.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\9dr71bp0.default\
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-03 16:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
Completion time: 2011-06-03 16:15:21
ComboFix-quarantined-files.txt 2011-06-03 21:15
.
Pre-Run: 25,072,062,464 bytes free
Post-Run: 25,005,809,664 bytes free
.
- - End Of File - - D2FE1E679E9B7B42AEF01C6B7D835D9C

Attached Files



#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:48 AM

Posted 03 June 2011 - 06:46 PM

Please now run MBAM and post the log
Posted Image
m0le is a proud member of UNITE

#12 soloviola7871

soloviola7871
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 03 June 2011 - 07:42 PM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/3/2011 7:24:44 PM
mbam-log-2011-06-03 (19-24-44).txt

Scan type: Quick scan
Objects scanned: 173655
Time elapsed: 25 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:48 AM

Posted 04 June 2011 - 06:07 AM

Sorry, I need you to run a Full Scan this time. :)
Posted Image
m0le is a proud member of UNITE

#14 soloviola7871

soloviola7871
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 04 June 2011 - 12:23 PM

Haha not a problem. Here is the log. It is clean again...?

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6769

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/4/2011 12:15:22 PM
mbam-log-2011-06-04 (12-15-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 262042
Time elapsed: 1 hour(s), 50 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:48 AM

Posted 04 June 2011 - 06:37 PM

Okay, please attempt to run Combofix in normal mode. It should run.

If not, then run FRST

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users