Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winsock Catalog Damaged


  • This topic is locked This topic is locked
32 replies to this topic

#1 Pawl

Pawl

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 09 July 2011 - 04:29 PM

Hello, thank you for looking at this.

I was attempting to update windows through Windows Update; when it appeared to freeze for several hours. I cancelled the update (my bad), and shortly after, I went to use Internet Explorer. A message appeared in the browser saying "Internet Explorer cannot display the webpage." One of the multiple updates had to do with updating to .NET Framework 3 and 3.5.

I attempted the "Diagnose Connection Problems" option that is given. Multiple times I ran this, including restart of computer, but none has helped. I first posted in the networking forum, but after a few days I ran Gmer and saw that a rootkit was detected. So, I am posting in here to get the infection fixed before working further with the damaged Winsock Catalog.

I apologize if I should wait before posting in another forum.

I am currently using:
Windows XP Media Center Edition Service Pack 3
Internet Explorer 8
Currently .NET Framework 2.0 SP 2

The last diagnostic log from using "Diagnose Connection Problems":

Last diagnostic run time: 07/07/11 16:47:30 WinSock Diagnostic
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
error Provider entry MSAFD Tcpip [TCP/IP] could not perform simple loopback communication. Error 10050.
error Provider entry MSAFD Tcpip [UDP/IP] could not perform simple loopback communication. Error 10050.
info Provider entry MSAFD Tcpip [TCP/IPv6] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IPv6] passed the loopback communication test.
error Provider entry RSVP UDP Service Provider could not perform simple loopback communication. Error 10091.
error Provider entry RSVP TCP Service Provider could not perform simple loopback communication. Error 10091.
error A connectivity problem exists with an installed LSP.
info The user didn't approve the proposed automated repair attempt: Reset WinSock catalog
info Redirecting user to support call



Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Broadcom 440x 10/100 Integrated Controller,
MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Wireless Network Connection, Device=Dell Wireless 1390 WLAN Mini-Card,
MediaType=LAN, SubMediaType=WIRELESS
info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394
info Both Ethernet and Wireless connections available, prompting user for selection
action User input required: Select network connection
info Wireless connection selected
Network adapter status

info Network connection status: Connected



HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.



Here is my DDS log:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Paul at 15:06:24 on 2011-07-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.557 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Paul\Desktop\gmer\gmer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [ShowLOMControl] 1 (0x1)
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxdfxaudioplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXDFXAudioPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxbanneradplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXBannerAdPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxdownloadmanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxmediamanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXMediaManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxplayerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXPlayerPlugin.dll",DllRegisterServer
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x09a2 -f video -m logitech -d 12.0.1278.0
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BE746DF1-229B-41B8-B02C-6F7A3F5D0565} : DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\paul\application data\mozilla\firefox\profiles\74j0ejqf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2009-12-24 39424]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [2009-10-28 122408]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2009-10-28 92712]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2009-10-28 117288]
S0 jyre;jyre;c:\windows\system32\drivers\ysdtcb.sys --> c:\windows\system32\drivers\ysdtcb.sys [?]
S2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [2009-10-28 1117224]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\a.tmp --> c:\windows\system32\A.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
S3 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2009-10-28 113192]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]
S4 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
S4 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S4 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 477436]
S4 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 203564]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-07-07 21:27:51 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-07-07 21:27:44 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-07-07 21:27:42 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-07-07 21:27:35 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-07-07 21:27:28 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-07-07 21:27:07 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-07-07 21:27:00 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-07-07 21:26:58 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-07-07 21:26:53 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-07-07 21:26:51 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-07-07 21:26:33 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-07-07 21:26:27 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-07-07 21:26:16 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2011-07-07 21:26:08 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-07-07 21:26:08 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-07-07 21:26:07 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-07-07 21:26:00 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2011-07-07 21:24:57 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-07-07 21:24:50 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-07-07 21:24:43 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2011-07-07 21:24:36 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-07-07 21:24:27 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-07-07 21:24:20 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2011-07-07 21:24:13 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2011-07-07 21:24:06 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2011-07-07 21:23:59 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-07-07 21:23:53 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-07-07 21:23:46 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2011-07-07 21:23:39 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2011-07-07 21:23:37 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2011-07-07 21:23:34 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2011-07-07 21:23:32 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2011-07-07 21:23:24 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2011-07-07 21:23:17 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-07-07 21:23:10 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2011-07-07 21:23:04 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2011-07-07 21:22:57 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-07-07 21:22:50 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2011-07-07 21:22:44 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2011-07-07 21:22:37 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-07-07 21:22:30 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2011-07-07 21:22:24 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2011-07-07 21:22:16 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2011-07-07 21:22:16 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2011-07-07 21:22:06 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-07-07 21:21:59 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2011-07-07 21:21:53 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-07-07 21:21:46 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2011-07-07 21:21:40 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-07-07 21:21:33 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2011-07-07 21:21:26 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2011-07-07 21:21:19 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2011-07-07 21:21:17 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-07-07 21:21:11 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2011-07-07 21:21:04 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-07-07 21:19:58 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-07-07 21:19:51 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-07-07 21:19:45 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-07-07 21:19:37 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2011-07-07 21:19:31 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2011-07-07 21:19:25 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-07-07 21:19:19 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-07-07 21:19:13 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-07-07 21:19:07 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-07-07 21:19:01 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-07-07 21:18:54 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-07-07 21:18:48 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-07-07 21:18:42 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2011-07-07 21:18:36 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2011-07-07 21:18:35 16896 ----a-w- c:\windows\system32\dllcache\status.dll
2011-07-07 21:18:28 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-07-07 21:18:22 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-07-07 21:18:21 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2011-07-07 21:18:12 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-07-07 21:18:04 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2011-07-07 21:17:59 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2011-07-07 21:17:52 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-07-07 21:17:46 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2011-07-07 21:17:40 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2011-07-07 21:17:34 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2011-07-07 21:17:29 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys
2011-07-07 21:17:27 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys
2011-07-07 21:17:26 143422 ----a-w- c:\windows\system32\dllcache\softkey.dll
2011-07-07 21:17:20 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-07-07 21:17:19 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-07-07 21:15:57 45568 ----a-w- c:\windows\system32\dllcache\smb3w.dll
2011-07-07 21:14:56 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-07-07 21:14:51 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-07-07 21:14:45 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-07-07 21:14:39 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-07-07 21:14:33 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2011-07-07 21:14:33 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-07-07 21:14:20 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-07-07 21:14:14 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-07-07 21:14:08 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-07-07 21:14:02 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-07-07 21:13:57 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-07-07 21:13:50 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2011-07-07 21:13:44 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2011-07-07 21:13:40 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-07-07 21:13:27 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-07-07 21:13:25 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-07-07 21:13:19 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-07-07 21:13:19 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
2011-07-07 21:10:07 17280 ----a-w- c:\windows\system32\dllcache\scr111.sys
2011-07-07 21:10:02 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2011-07-07 21:09:55 23936 ----a-w- c:\windows\system32\dllcache\sccmusbm.sys
2011-07-07 21:09:49 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2011-07-07 21:09:47 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys
2011-07-07 21:09:42 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
2011-07-07 21:09:35 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2011-07-07 21:09:29 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
2011-07-07 21:09:23 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2011-07-07 21:09:17 198400 ----a-w- c:\windows\system32\dllcache\s3sav4.dll
2011-07-07 21:09:12 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2011-07-07 21:09:06 179264 ----a-w- c:\windows\system32\dllcache\s3sav3d.dll
2011-07-07 21:09:00 210496 ----a-w- c:\windows\system32\dllcache\s3mvirge.dll
2011-07-07 21:07:59 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-07-07 21:07:53 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-07-07 21:07:47 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2011-07-07 21:07:44 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2011-07-07 21:07:38 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-07-07 21:07:32 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2011-07-07 21:07:31 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-07-07 20:44:50 14848 ----a-w- c:\windows\system32\dllcache\register.exe
2011-07-07 20:44:41 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-07-07 20:44:35 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-07-07 20:44:29 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-07-07 20:44:23 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-07-07 20:44:18 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-07-07 20:44:17 9728 ----a-w- c:\windows\system32\dllcache\query.exe
2011-07-07 20:44:17 16384 ----a-w- c:\windows\system32\dllcache\quser.exe
2011-07-07 20:44:12 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2011-07-07 20:44:06 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
2011-07-07 20:44:00 112574 ----a-w- c:\windows\system32\dllcache\ptserlp.sys
2011-07-07 20:42:58 92416 ----a-w- c:\windows\system32\dllcache\phildec.sys
2011-07-07 20:41:58 26153 ----a-w- c:\windows\system32\dllcache\pcmlm56.sys
2011-07-07 20:40:56 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2011-07-07 20:40:51 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-07-07 20:40:45 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2011-07-07 20:40:40 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-07-07 20:40:34 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2011-07-07 20:40:29 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-07-07 20:40:23 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-07-07 20:40:12 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-07-07 20:40:07 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-07-07 20:39:59 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-07-07 20:39:58 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-07-07 20:25:49 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-07-07 20:25:44 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-07-07 20:25:43 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-07-07 20:25:36 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-07-07 20:25:30 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-07-07 20:25:24 53248 ----a-w- c:\windows\system32\dllcache\nextlink.dll
2011-07-07 20:25:24 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-07-07 20:25:20 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-07-07 20:25:14 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2011-07-07 20:25:08 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-07-07 20:25:03 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2011-07-07 20:24:57 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
2011-07-07 20:24:51 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll
2011-07-07 20:24:45 27936 ----a-w- c:\windows\system32\dllcache\n9i3d.sys
2011-07-07 20:24:40 33088 ----a-w- c:\windows\system32\dllcache\n9i128v2.sys
2011-07-07 20:24:35 59104 ----a-w- c:\windows\system32\dllcache\n9i128v2.dll
2011-07-07 20:24:30 13664 ----a-w- c:\windows\system32\dllcache\n9i128.sys
2011-07-07 20:24:25 35392 ----a-w- c:\windows\system32\dllcache\n9i128.dll
2011-07-07 20:24:19 128000 ----a-w- c:\windows\system32\dllcache\n100325.sys
2011-07-07 20:24:14 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-07-07 20:24:09 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys
2011-07-07 20:24:04 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2011-07-07 20:23:58 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2011-07-07 20:23:53 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-07-07 20:23:48 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2011-07-07 20:23:48 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2011-07-07 20:23:42 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-07-07 20:23:34 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-07-07 20:23:28 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-07-07 20:23:19 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-07-07 20:23:17 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-07-07 20:23:16 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-07-07 20:23:04 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-07-07 20:21:56 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-07-07 20:21:50 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys
2011-07-07 20:21:47 65536 ----a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2011-07-07 20:19:53 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-07-07 20:18:58 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2011-07-07 20:17:55 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-07-07 20:16:59 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2011-07-07 20:16:55 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2011-07-07 20:16:52 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-07-07 20:16:41 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2011-07-07 20:16:35 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-07-07 20:16:31 50751 ----a-w- c:\windows\system32\dllcache\hsf_tone.sys
2011-07-07 20:16:26 73279 ----a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2011-07-07 20:16:22 44863 ----a-w- c:\windows\system32\dllcache\hsf_soar.sys
2011-07-07 20:16:17 57471 ----a-w- c:\windows\system32\dllcache\hsf_samp.sys
2011-07-07 20:16:13 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys
2011-07-07 20:16:09 391199 ----a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2011-07-07 20:16:04 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-07-07 20:16:00 115807 ----a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2011-07-07 20:14:56 101376 ----a-w- c:\windows\system32\dllcache\hpgt34.dll
2011-07-07 20:13:59 1733120 ----a-w- c:\windows\system32\dllcache\g400d.dll
2011-07-07 20:04:22 24618 ----a-w- c:\windows\system32\dllcache\fa410nd5.sys
2011-07-07 20:04:19 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2011-07-07 20:04:15 11850 ----a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2011-07-07 20:04:12 12362 ----a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2011-07-07 20:04:08 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
2011-07-07 20:04:05 16998 ----a-w- c:\windows\system32\dllcache\ex10.sys
2011-07-07 20:04:03 25856 ----a-w- c:\windows\system32\dllcache\et4000.sys
2011-07-07 20:04:02 45056 ----a-w- c:\windows\system32\dllcache\esunid.dll
2011-07-07 20:02:59 18503 ----a-w- c:\windows\system32\dllcache\epro4.sys
2011-07-07 20:01:58 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
2011-07-07 20:00:58 65622 ----a-w- c:\windows\system32\dllcache\digiasyn.dll
2011-07-07 19:59:59 96256 ----a-w- c:\windows\system32\dllcache\ctlsb16.sys
2011-07-07 19:58:43 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-07-07 19:57:59 37376 ----a-w- c:\windows\system32\dllcache\atievxx.exe
2011-07-07 19:57:59 268160 ----a-w- c:\windows\system32\dllcache\atidvai.dll
2011-07-07 19:57:57 382592 ----a-w- c:\windows\system32\dllcache\atidrab.dll
2011-07-07 19:57:57 137216 ----a-w- c:\windows\system32\dllcache\atidrae.dll
2011-07-07 19:57:56 46464 ----a-w- c:\windows\system32\dllcache\atibt829.sys
2011-07-07 19:57:53 96128 ----a-w- c:\windows\system32\dllcache\ati.dll
2011-07-07 19:57:53 77568 ----a-w- c:\windows\system32\dllcache\ati.sys
2011-07-07 19:57:52 29184 ----a-w- c:\windows\system32\dllcache\asptxn.dll
2011-07-07 19:57:52 10240 ----a-w- c:\windows\system32\dllcache\aspperf.dll
2011-07-07 19:57:51 97354 ----a-w- c:\windows\system32\dllcache\aspndis3.sys
2011-07-07 19:57:50 45056 ----a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2011-07-07 19:42:33 6272 ----a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-07-07 19:42:32 36224 ----a-w- c:\windows\system32\dllcache\an983.sys
2011-07-07 19:42:31 26624 ----a-w- c:\windows\system32\dllcache\alifir.sys
2011-07-07 19:42:31 16969 ----a-w- c:\windows\system32\dllcache\amb8002.sys
2011-07-07 19:42:30 27678 ----a-w- c:\windows\system32\dllcache\ali5261.sys
2011-07-07 19:42:25 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-07-07 19:21:48 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-07-07 19:21:35 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-07-07 19:21:35 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-07-07 19:21:34 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-07-07 19:21:34 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2011-07-07 19:21:34 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2011-07-07 19:21:33 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-07-05 21:11:08 -------- d-----w- c:\program files\Sophos
2011-07-01 04:41:28 -------- d-----w- c:\windows\system32\vmm32
2011-07-01 04:25:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-01 04:25:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-01 04:24:13 -------- d-----w- C:\Inetpub
2011-07-01 04:23:56 -------- d-----w- c:\documents and settings\paul\application data\Windows Search
2011-07-01 04:19:01 -------- d-----w- c:\windows\system32\winrm
2011-07-01 04:18:38 -------- d-----w- c:\documents and settings\paul\application data\Windows Desktop Search
2011-07-01 03:20:48 1253376 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2011-07-01 03:08:46 45056 ----a-r- c:\documents and settings\paul\application data\microsoft\installer\{2764ca82-dfb9-4498-af85-719340bf5305}\NewShortcut1_2764CA82DFB94498AF85719340BF5305.exe
2011-07-01 03:02:53 446464 ----a-r- c:\windows\system32\hhactivex.dll
2011-07-01 03:02:53 328480 ----a-w- c:\windows\system32\ssa3d30.ocx
2011-07-01 03:02:53 176128 ----a-w- c:\windows\system32\RcdScan.dll
2011-07-01 03:02:50 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-07-01 03:02:42 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-06-30 07:21:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-29 00:59:45 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2011-06-28 23:58:20 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-28 23:56:25 -------- d-----w- c:\documents and settings\paul\local settings\application data\PCHealth
2011-06-28 23:55:45 -------- d-----w- c:\program files\Windows Desktop Search
2011-06-28 23:55:41 -------- d--h--w- c:\windows\system32\GroupPolicy
.
==================== Find3M ====================
.
2011-06-08 02:26:33 54016 ----a-w- c:\windows\system32\drivers\cmut.sys
2011-06-04 07:03:52 54016 ----a-w- c:\windows\system32\drivers\smmyqifh.sys
2011-06-01 02:25:33 54016 ----a-w- c:\windows\system32\drivers\bbvyvv.sys
2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 03:41:11 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-05-26 20:52:39 94208 ----a-w- c:\windows\DUMP4e9d.tmp
2011-05-26 20:28:54 208 ----a-w- c:\documents and settings\paul\delme.bat
2011-05-26 20:28:23 96 ----a-w- c:\documents and settings\paul\swork.bat
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-16 00:06:05 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-16 00:06:04 139264 ----a-w- c:\windows\War3Unin.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK8032GSX rev.AS112D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x870DB6F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x870e1a10]; MOV EAX, [0x870e1a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x87161AB8]
3 CLASSPNP[0xF7591FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000074[0x8711BCA0]
5 ACPI[0xF7428620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x871C6940]
\Driver\atapi[0x871608C0] -> IRP_MJ_CREATE -> 0x870DB6F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x100; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSW ; JMP FAR 0x0:0x62c; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x870DB53B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:07:42.57 ===============


Thank you for your time looking through all of this info!!

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:23 AM

Posted 25 July 2011 - 04:50 PM

Hi,

Hopefully you have access to another computer to download the following program to a USB and transfer over to the infected computer:
We'll worry about getting the Recovery Console installed when your connection is back.



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Pawl

Pawl
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 25 July 2011 - 10:53 PM

Thank you so much for taking some of your time to help me with this. You rock!

I am running combofix at the moment. I just wanted to get back to you that I noticed your post.

Thank you,

Paul

#4 Pawl

Pawl
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 25 July 2011 - 11:13 PM

A window appeared asking to install Microsoft Windows Recovery Console. I hit yes, but a window came up saying I have no connection. I made sure my wireless internet was on and running but still no good. I continued with the combofix scan, and it finished.
Here is the report.


ComboFix 11-07-25.03 - Paul 07/25/2011 21:22:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.550 [GMT -5:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Paul\Cookies\435385296na.t
c:\documents and settings\Paul\Cookies\435401218na.t
c:\documents and settings\Paul\Cookies\435413718na.t
c:\documents and settings\Paul\delme.bat
c:\documents and settings\Paul\Local Settings\Application Data\MouseDriver.bat
c:\documents and settings\Paul\WINDOWS
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\IsUn0407.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\searchindexer.exe
c:\windows\system32\User.ini
c:\windows\Tasks\DnE.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WSearch
-------\Service_WSearch
.
.
((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-13 17:02 . 2011-07-13 17:09 -------- d-----w- C:\pebuilder3110a
2011-07-07 21:17 . 2001-08-18 03:36 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-07-07 21:16 . 2001-08-18 03:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-07-07 21:13 . 2001-08-18 03:36 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-07-07 21:13 . 2001-08-18 03:36 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-07-07 21:07 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-07-07 20:39 . 2001-08-18 03:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-07-07 20:23 . 2001-08-17 17:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-07-07 20:23 . 2008-04-13 17:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-07-07 20:23 . 2001-08-17 18:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-07-07 20:23 . 2001-08-17 19:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-07-07 20:23 . 2008-04-13 17:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-07-07 20:23 . 2004-08-10 11:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-07-07 20:23 . 2001-08-17 19:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-07-07 20:21 . 2001-08-17 17:12 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-07-07 20:21 . 2001-08-17 18:52 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys
2011-07-07 20:21 . 2001-08-18 03:36 65536 ----a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2011-07-07 20:19 . 2001-08-17 17:12 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-07-07 20:18 . 2001-08-17 18:49 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2011-07-07 20:17 . 2001-08-18 03:36 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-07-07 20:16 . 2001-08-17 17:49 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2011-07-07 20:16 . 2001-08-17 19:56 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2011-07-07 20:16 . 2004-08-10 11:00 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-07-07 20:16 . 2004-08-10 11:00 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2011-07-07 20:16 . 2001-08-17 18:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-07-07 20:16 . 2001-08-17 18:28 50751 ----a-w- c:\windows\system32\dllcache\hsf_tone.sys
2011-07-07 20:16 . 2001-08-17 18:28 73279 ----a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2011-07-07 20:16 . 2001-08-17 18:28 44863 ----a-w- c:\windows\system32\dllcache\hsf_soar.sys
2011-07-07 20:16 . 2001-08-17 18:28 57471 ----a-w- c:\windows\system32\dllcache\hsf_samp.sys
2011-07-07 20:16 . 2001-08-17 18:28 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys
2011-07-07 20:16 . 2001-08-17 18:28 391199 ----a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2011-07-07 20:16 . 2001-08-18 03:36 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-07-07 20:16 . 2001-08-17 18:28 115807 ----a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2011-07-07 20:14 . 2001-08-18 03:36 101376 ----a-w- c:\windows\system32\dllcache\hpgt34.dll
2011-07-07 20:13 . 2001-08-17 19:56 1733120 ----a-w- c:\windows\system32\dllcache\g400d.dll
2011-07-07 20:04 . 2001-08-17 17:12 24618 ----a-w- c:\windows\system32\dllcache\fa410nd5.sys
2011-07-07 20:04 . 2001-08-17 17:12 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2011-07-07 20:04 . 2001-08-17 17:11 11850 ----a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2011-07-07 20:04 . 2001-08-17 17:11 12362 ----a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2011-07-07 20:04 . 2001-08-17 18:52 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
2011-07-07 20:04 . 2001-08-17 17:12 16998 ----a-w- c:\windows\system32\dllcache\ex10.sys
2011-07-07 20:04 . 2004-08-10 11:00 25856 ----a-w- c:\windows\system32\dllcache\et4000.sys
2011-07-07 20:04 . 2004-08-10 11:00 45056 ----a-w- c:\windows\system32\dllcache\esunid.dll
2011-07-07 20:02 . 2001-08-17 17:12 18503 ----a-w- c:\windows\system32\dllcache\epro4.sys
2011-07-07 20:01 . 2001-08-17 17:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
2011-07-07 20:00 . 2001-08-18 03:36 65622 ----a-w- c:\windows\system32\dllcache\digiasyn.dll
2011-07-07 19:59 . 2001-08-17 17:19 96256 ----a-w- c:\windows\system32\dllcache\ctlsb16.sys
2011-07-07 19:58 . 2001-08-17 18:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-07-07 19:57 . 2001-08-18 03:36 37376 ----a-w- c:\windows\system32\dllcache\atievxx.exe
2011-07-07 19:57 . 2001-08-17 19:56 268160 ----a-w- c:\windows\system32\dllcache\atidvai.dll
2011-07-07 19:57 . 2001-08-17 19:56 137216 ----a-w- c:\windows\system32\dllcache\atidrae.dll
2011-07-07 19:57 . 2001-08-17 19:55 382592 ----a-w- c:\windows\system32\dllcache\atidrab.dll
2011-07-07 19:57 . 2001-08-17 17:49 46464 ----a-w- c:\windows\system32\dllcache\atibt829.sys
2011-07-07 19:57 . 2001-08-17 19:55 96128 ----a-w- c:\windows\system32\dllcache\ati.dll
2011-07-07 19:57 . 2001-08-17 18:57 77568 ----a-w- c:\windows\system32\dllcache\ati.sys
2011-07-07 19:57 . 2004-08-10 11:00 29184 ----a-w- c:\windows\system32\dllcache\asptxn.dll
2011-07-07 19:57 . 2004-08-10 11:00 10240 ----a-w- c:\windows\system32\dllcache\aspperf.dll
2011-07-07 19:57 . 2001-08-17 17:12 97354 ----a-w- c:\windows\system32\dllcache\aspndis3.sys
2011-07-07 19:57 . 2001-08-18 03:36 45056 ----a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2011-07-07 19:42 . 2001-08-17 18:47 6272 ----a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-07-07 19:42 . 2004-08-04 03:31 36224 ----a-w- c:\windows\system32\dllcache\an983.sys
2011-07-07 19:42 . 2001-08-17 18:49 26624 ----a-w- c:\windows\system32\dllcache\alifir.sys
2011-07-07 19:42 . 2001-08-17 17:11 16969 ----a-w- c:\windows\system32\dllcache\amb8002.sys
2011-07-07 19:42 . 2001-08-17 17:11 27678 ----a-w- c:\windows\system32\dllcache\ali5261.sys
2011-07-07 19:42 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-07-07 19:21 . 2004-08-10 11:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-07-07 19:21 . 2004-08-10 11:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-07-07 19:21 . 2004-08-10 11:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-07-07 19:21 . 2004-08-10 11:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2011-07-07 19:21 . 2004-08-10 11:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2011-07-07 19:21 . 2004-08-10 11:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-07-05 21:11 . 2011-07-05 21:11 -------- d-----w- c:\program files\Sophos
2011-07-01 07:29 . 2011-07-01 07:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-07-01 04:41 . 2011-07-01 04:41 -------- d-----w- c:\windows\system32\vmm32
2011-07-01 04:25 . 2011-07-01 04:25 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-01 04:24 . 2011-07-01 04:24 -------- d-----w- C:\Inetpub
2011-07-01 04:23 . 2011-07-01 04:23 -------- d-----w- c:\documents and settings\Paul\Application Data\Windows Search
2011-07-01 04:21 . 2011-07-01 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2011-07-01 04:19 . 2011-07-01 04:19 -------- d-----w- c:\windows\system32\winrm
2011-07-01 04:18 . 2011-07-01 04:18 -------- d-----w- c:\documents and settings\Paul\Application Data\Windows Desktop Search
2011-07-01 03:20 . 2007-03-16 23:10 1253376 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2011-07-01 03:08 . 2011-07-01 04:41 45056 ----a-r- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{2764CA82-DFB9-4498-AF85-719340BF5305}\NewShortcut1_2764CA82DFB94498AF85719340BF5305.exe
2011-07-01 03:02 . 2002-01-08 22:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2011-07-01 03:02 . 2000-03-23 17:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2011-07-01 03:02 . 1998-11-10 15:46 328480 ----a-w- c:\windows\system32\ssa3d30.ocx
2011-07-01 03:02 . 1998-06-18 04:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-07-01 03:02 . 2000-01-04 10:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-06-30 17:32 . 2011-06-30 17:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-06-30 07:21 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-29 01:03 . 2011-06-29 01:03 -------- d-----w- c:\documents and settings\Paul\Application Data\Leadertech
2011-06-29 01:00 . 2011-06-29 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2011-06-29 00:59 . 2011-06-29 00:59 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2011-06-28 23:58 . 2011-07-01 04:19 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-28 23:57 . 2011-07-01 04:21 -------- d-----w- c:\program files\Common Files\logishrd
2011-06-28 23:56 . 2011-06-28 23:56 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\PCHealth
2011-06-28 23:55 . 2011-07-01 04:23 -------- d-----w- c:\program files\Windows Desktop Search
2011-06-28 23:55 . 2011-07-03 04:41 -------- d--h--w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-08 02:26 . 2011-06-08 02:26 54016 ----a-w- c:\windows\system32\drivers\cmut.sys
2011-06-04 07:03 . 2011-06-04 07:03 54016 ----a-w- c:\windows\system32\drivers\smmyqifh.sys
2011-06-01 02:25 . 2011-06-01 02:25 54016 ----a-w- c:\windows\system32\drivers\bbvyvv.sys
2011-05-29 14:11 . 2010-10-07 09:12 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2010-10-07 09:12 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 03:41 . 2011-05-27 03:41 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-05-26 20:52 . 2006-03-18 19:49 94208 ----a-w- c:\windows\DUMP4e9d.tmp
2011-05-26 20:32 . 2011-05-26 20:32 3072 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\c8suguy4w.tmp
2011-05-26 20:31 . 2011-05-26 20:31 3072 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\i1o0rtbu.tmp
2011-05-26 20:30 . 2011-05-26 20:30 3072 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\0zadf9q1.tmp
2011-05-26 20:29 . 2011-05-26 20:29 3072 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\6egr56dkg.tmp
2011-05-26 20:29 . 2011-05-26 20:29 140 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\e6le8hoc.bat
2011-05-26 20:28 . 2011-05-26 20:28 96 ----a-w- c:\documents and settings\Paul\swork.bat
2011-05-02 15:31 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2005-08-16 10:18 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-18 19:40 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2009-05-01 453400]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2006-03-18 19:48 61440 ----a-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-15 16:44 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-02-23 01:00 49152 ----a-w- c:\dell\E-Center\GTB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 09:04 59392 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 16:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-02-13 18:06 2196240 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-01-12 23:26 3046808 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-18 20:15 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-11-17 03:35 397312 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 22:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"iPod Service"=3 (0x3)
"sftvsa"=3 (0x3)
"sftlist"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"LexBceS"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"cvhsvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Riot Games\\League of Legends\\RADS\\projects\\lol_air_client\\releases\\0.0.0.48\\deploy\\LolClient.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Wow.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Server
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [12/24/2009 5:52 PM 39424]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [10/28/2009 6:25 PM 122408]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [10/28/2009 6:11 PM 92712]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [10/28/2009 6:11 PM 117288]
S0 jyre;jyre;c:\windows\system32\drivers\ysdtcb.sys --> c:\windows\system32\drivers\ysdtcb.sys [?]
S2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [10/28/2009 6:25 PM 1117224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 11:23 PM 554344]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 11:23 PM 211432]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 11:23 PM 20584]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 11:23 PM 18280]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [10/28/2009 6:11 PM 113192]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/16/2005 5:18 AM 14336]
S4 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]
S4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S4 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 477436]
S4 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 203564]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\74j0ejqf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-4ECYTQ9SIC - c:\docume~1\Paul\LOCALS~1\Temp\Anz.exe
MSConfigStartUp-506E7F4A_0 - c:\docume~1\Paul\LOCALS~1\Temp\kplv.exe
MSConfigStartUp-BackupSoft - \BackupSoft.exe
MSConfigStartUp-cftmon - c:\windows\system32\ciyxi.exe
MSConfigStartUp-Ghanoxehotepop - c:\windows\uzotoxolib.dll
MSConfigStartUp-HNUkOXRme - c:\docume~1\Paul\LOCALS~1\Temp\avp.exe
MSConfigStartUp-HNUkOXRmSc - c:\docume~1\Paul\LOCALS~1\Temp\avp32.exe
MSConfigStartUp-HNUkOXRnoc - c:\docume~1\Paul\LOCALS~1\Temp\debug.exe
MSConfigStartUp-HNUkOXRnRQ - c:\docume~1\Paul\LOCALS~1\Temp\e36guu9.exe
MSConfigStartUp-HNUkOXRnsc - c:\docume~1\Paul\LOCALS~1\Temp\drweb.exe
MSConfigStartUp-HNUkOXRnZ - c:\docume~1\Paul\LOCALS~1\Temp\cmd.exe
MSConfigStartUp-HNUkOXRoMc - c:\docume~1\Paul\LOCALS~1\Temp\gdi32.exe
MSConfigStartUp-HNUkOXRouqc - c:\docume~1\Paul\LOCALS~1\Temp\iexplarer.exe
MSConfigStartUp-HNUkOXRprc - c:\docume~1\Paul\LOCALS~1\Temp\login.exe
MSConfigStartUp-HNUkOXRptc - c:\docume~1\Paul\LOCALS~1\Temp\msmgm.exe
MSConfigStartUp-HNUkOXRpuc - c:\docume~1\Paul\LOCALS~1\Temp\lsass.exe
MSConfigStartUp-HNUkOXRpw+ - c:\docume~1\Paul\LOCALS~1\Temp\nvsvc32.exe
MSConfigStartUp-HNUkOXRpZ - c:\docume~1\Paul\LOCALS~1\Temp\mdm.exe
MSConfigStartUp-HNUkOXRqdc - c:\docume~1\Paul\LOCALS~1\Temp\retk2.exe
MSConfigStartUp-HNUkOXRqPJ - c:\docume~1\Paul\LOCALS~1\Temp\o51fsc1.exe
MSConfigStartUp-HNUkOXRre - c:\docume~1\Paul\LOCALS~1\Temp\user.exe
MSConfigStartUp-HNUkOXRrg - c:\docume~1\Paul\LOCALS~1\Temp\smss.exe
MSConfigStartUp-HNUkOXRrrb - c:\docume~1\Paul\LOCALS~1\Temp\taskmgr.exe
MSConfigStartUp-HNUkOXRrse - c:\docume~1\Paul\LOCALS~1\Temp\svchost.exe
MSConfigStartUp-HNUkOXRrtc - c:\docume~1\Paul\LOCALS~1\Temp\sysedit.exe
MSConfigStartUp-HNUkOXRruf - c:\docume~1\Paul\LOCALS~1\Temp\spoolsv.exe
MSConfigStartUp-HNUkOXRrwe - c:\docume~1\Paul\LOCALS~1\Temp\sysmgm.exe
MSConfigStartUp-HNUkOXRsPc - c:\docume~1\Paul\LOCALS~1\Temp\win32.exe
MSConfigStartUp-HNUkOXRspe - c:\docume~1\Paul\LOCALS~1\Temp\winamp.exe
MSConfigStartUp-HNUkOXRsre - c:\docume~1\Paul\LOCALS~1\Temp\wininst.exe
MSConfigStartUp-HNUkOXRssc - c:\docume~1\Paul\LOCALS~1\Temp\winlogon.exe
MSConfigStartUp-iolo Personal Firewall - c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
MSConfigStartUp-J40NOZ44HU - c:\docume~1\Paul\LOCALS~1\Temp\An8.exe
MSConfigStartUp-Jcetamol - c:\windows\idqavinp.dll
MSConfigStartUp-l3aqrb - c:\documents and settings\Paul\Local Settings\Application Data\qm9bg.exe
MSConfigStartUp-MKayc - c:\windows\csrss.exe
MSConfigStartUp-MKbta - c:\windows\install.exe
MSConfigStartUp-MKbtc - c:\windows\hexdump.exe
MSConfigStartUp-MKcrc - c:\windows\login.exe
MSConfigStartUp-MKctc - c:\windows\msmgm.exe
MSConfigStartUp-MKdw+ - c:\windows\nvsvc32.exe
MSConfigStartUp-MKerb - c:\windows\taskmgr.exe
MSConfigStartUp-MKetc - c:\windows\sysedit.exe
MSConfigStartUp-MKexe - c:\windows\system.exe
MSConfigStartUp-MKfpe - c:\windows\winamp.exe
MSConfigStartUp-MKfsc - c:\windows\winlogon.exe
MSConfigStartUp-MKZe - c:\windows\avp.exe
MSConfigStartUp-MKZSc - c:\windows\avp32.exe
AddRemove-7-Zip - g:\program files\7-Zip\Uninstall.exe
AddRemove-BitComet - g:\save\My Documents\Command and Conquer Generals Data\Maps\ice canyon\New Folder\BitComet\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 22:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,98,29,b8,3c,ca,64,48,a7,78,79,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,98,29,b8,3c,ca,64,48,a7,78,79,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(440)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2476)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-25 22:53:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-26 03:52
.
Pre-Run: 2,491,297,792 bytes free
Post-Run: 3,693,752,320 bytes free
.
- - End Of File - - 5BBA0CD4451B2826B45FE1C80283D87C

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:23 AM

Posted 25 July 2011 - 11:52 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic408652.html/page__pid__2348117#entry2348117

Collect::
c:\windows\system32\drivers\cmut.sys
c:\windows\system32\drivers\smmyqifh.sys
c:\windows\system32\drivers\bbvyvv.sys
c:\windows\system32\drivers\ysdtcb.sys

File::
c:\windows\DUMP4e9d.tmp
c:\documents and settings\Paul\Local Settings\Application Data\c8suguy4w.tmp
c:\documents and settings\Paul\Local Settings\Application Data\i1o0rtbu.tmp
c:\documents and settings\Paul\Local Settings\Application Data\0zadf9q1.tmp
c:\documents and settings\Paul\Local Settings\Application Data\6egr56dkg.tmp
c:\documents and settings\Paul\Local Settings\Application Data\e6le8hoc.bat

Driver::
jyre


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Pawl

Pawl
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 26 July 2011 - 06:25 PM

Thank you again. Sorry I did not stay with you last night. I had thought you would have headed to bed. I'll be sure to check back more often.

I ran combofix as you instructed. Combofix attempted to upload information to bleepingcomputer but and error screen came up saying the website was temporarily unavailable. I then tried running internet explorer but nothing.

Here is the report:


ComboFix 11-07-25.03 - Paul 07/26/2011 17:45:46.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.572 [GMT -5:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Paul\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\documents and settings\Paul\Local Settings\Application Data\0zadf9q1.tmp"
"c:\documents and settings\Paul\Local Settings\Application Data\6egr56dkg.tmp"
"c:\documents and settings\Paul\Local Settings\Application Data\c8suguy4w.tmp"
"c:\documents and settings\Paul\Local Settings\Application Data\e6le8hoc.bat"
"c:\documents and settings\Paul\Local Settings\Application Data\i1o0rtbu.tmp"
"c:\windows\DUMP4e9d.tmp"
.
file zipped: c:\windows\system32\drivers\bbvyvv.sys
file zipped: c:\windows\system32\drivers\cmut.sys
file zipped: c:\windows\system32\drivers\smmyqifh.sys
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Paul\Local Settings\Application Data\{6E728A58-88C5-4775-95A4-20DA82C94C68}
c:\documents and settings\Paul\Local Settings\Application Data\{6E728A58-88C5-4775-95A4-20DA82C94C68}\chrome.manifest
c:\documents and settings\Paul\Local Settings\Application Data\{6E728A58-88C5-4775-95A4-20DA82C94C68}\chrome\content\_cfg.js
c:\documents and settings\Paul\Local Settings\Application Data\{6E728A58-88C5-4775-95A4-20DA82C94C68}\chrome\content\overlay.xul
c:\documents and settings\Paul\Local Settings\Application Data\{6E728A58-88C5-4775-95A4-20DA82C94C68}\install.rdf
c:\documents and settings\Paul\Local Settings\Application Data\0zadf9q1.tmp
c:\documents and settings\Paul\Local Settings\Application Data\6egr56dkg.tmp
c:\documents and settings\Paul\Local Settings\Application Data\c8suguy4w.tmp
c:\documents and settings\Paul\Local Settings\Application Data\e6le8hoc.bat
c:\documents and settings\Paul\Local Settings\Application Data\i1o0rtbu.tmp
c:\windows\DUMP4e9d.tmp
c:\windows\system32\drivers\bbvyvv.sys
c:\windows\system32\drivers\cmut.sys
c:\windows\system32\drivers\smmyqifh.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_jyre
.
.
((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-13 17:02 . 2011-07-13 17:09 -------- d-----w- C:\pebuilder3110a
2011-07-07 21:17 . 2001-08-18 03:36 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-07-07 21:16 . 2001-08-18 03:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-07-07 21:13 . 2001-08-18 03:36 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-07-07 21:13 . 2001-08-18 03:36 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-07-07 21:07 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-07-07 20:39 . 2001-08-18 03:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-07-07 20:21 . 2001-08-17 17:12 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-07-07 20:21 . 2001-08-17 18:52 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys
2011-07-07 20:21 . 2001-08-18 03:36 65536 ----a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2011-07-07 20:19 . 2001-08-17 17:12 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-07-07 20:18 . 2001-08-17 18:49 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2011-07-07 20:17 . 2001-08-18 03:36 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-07-07 20:16 . 2001-08-17 17:49 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2011-07-07 20:16 . 2001-08-17 19:56 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2011-07-07 20:16 . 2004-08-10 11:00 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-07-07 20:16 . 2004-08-10 11:00 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2011-07-07 20:16 . 2001-08-17 18:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-07-07 20:16 . 2001-08-17 18:28 50751 ----a-w- c:\windows\system32\dllcache\hsf_tone.sys
2011-07-07 20:16 . 2001-08-17 18:28 73279 ----a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2011-07-07 20:16 . 2001-08-17 18:28 44863 ----a-w- c:\windows\system32\dllcache\hsf_soar.sys
2011-07-07 20:16 . 2001-08-17 18:28 57471 ----a-w- c:\windows\system32\dllcache\hsf_samp.sys
2011-07-07 20:16 . 2001-08-17 18:28 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys
2011-07-07 20:16 . 2001-08-17 18:28 391199 ----a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2011-07-07 20:16 . 2001-08-18 03:36 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-07-07 20:16 . 2001-08-17 18:28 115807 ----a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2011-07-07 20:14 . 2001-08-18 03:36 101376 ----a-w- c:\windows\system32\dllcache\hpgt34.dll
2011-07-07 20:13 . 2001-08-17 19:56 1733120 ----a-w- c:\windows\system32\dllcache\g400d.dll
2011-07-07 20:04 . 2001-08-17 17:12 24618 ----a-w- c:\windows\system32\dllcache\fa410nd5.sys
2011-07-07 20:04 . 2001-08-17 17:12 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2011-07-07 20:04 . 2001-08-17 17:11 11850 ----a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2011-07-07 20:04 . 2001-08-17 17:11 12362 ----a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2011-07-07 20:04 . 2001-08-17 18:52 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
2011-07-07 20:04 . 2001-08-17 17:12 16998 ----a-w- c:\windows\system32\dllcache\ex10.sys
2011-07-07 20:04 . 2004-08-10 11:00 25856 ----a-w- c:\windows\system32\dllcache\et4000.sys
2011-07-07 20:04 . 2004-08-10 11:00 45056 ----a-w- c:\windows\system32\dllcache\esunid.dll
2011-07-07 20:02 . 2001-08-17 17:12 18503 ----a-w- c:\windows\system32\dllcache\epro4.sys
2011-07-07 20:01 . 2001-08-17 17:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
2011-07-07 20:00 . 2001-08-18 03:36 65622 ----a-w- c:\windows\system32\dllcache\digiasyn.dll
2011-07-07 19:59 . 2001-08-17 17:19 96256 ----a-w- c:\windows\system32\dllcache\ctlsb16.sys
2011-07-07 19:58 . 2001-08-17 18:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-07-07 19:57 . 2001-08-18 03:36 37376 ----a-w- c:\windows\system32\dllcache\atievxx.exe
2011-07-07 19:57 . 2001-08-17 19:56 268160 ----a-w- c:\windows\system32\dllcache\atidvai.dll
2011-07-07 19:57 . 2001-08-17 19:56 137216 ----a-w- c:\windows\system32\dllcache\atidrae.dll
2011-07-07 19:57 . 2001-08-17 19:55 382592 ----a-w- c:\windows\system32\dllcache\atidrab.dll
2011-07-07 19:57 . 2001-08-17 17:49 46464 ----a-w- c:\windows\system32\dllcache\atibt829.sys
2011-07-07 19:57 . 2001-08-17 19:55 96128 ----a-w- c:\windows\system32\dllcache\ati.dll
2011-07-07 19:57 . 2001-08-17 18:57 77568 ----a-w- c:\windows\system32\dllcache\ati.sys
2011-07-07 19:57 . 2004-08-10 11:00 29184 ----a-w- c:\windows\system32\dllcache\asptxn.dll
2011-07-07 19:57 . 2004-08-10 11:00 10240 ----a-w- c:\windows\system32\dllcache\aspperf.dll
2011-07-07 19:57 . 2001-08-17 17:12 97354 ----a-w- c:\windows\system32\dllcache\aspndis3.sys
2011-07-07 19:57 . 2001-08-18 03:36 45056 ----a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2011-07-07 19:42 . 2001-08-17 18:47 6272 ----a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-07-07 19:42 . 2004-08-04 03:31 36224 ----a-w- c:\windows\system32\dllcache\an983.sys
2011-07-07 19:42 . 2001-08-17 18:49 26624 ----a-w- c:\windows\system32\dllcache\alifir.sys
2011-07-07 19:42 . 2001-08-17 17:11 16969 ----a-w- c:\windows\system32\dllcache\amb8002.sys
2011-07-07 19:42 . 2001-08-17 17:11 27678 ----a-w- c:\windows\system32\dllcache\ali5261.sys
2011-07-07 19:42 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-07-07 19:21 . 2004-08-10 11:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-07-07 19:21 . 2004-08-10 11:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-07-07 19:21 . 2004-08-10 11:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-07-07 19:21 . 2004-08-10 11:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2011-07-07 19:21 . 2004-08-10 11:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2011-07-07 19:21 . 2004-08-10 11:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-07-05 21:11 . 2011-07-05 21:11 -------- d-----w- c:\program files\Sophos
2011-07-01 07:29 . 2011-07-01 07:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-07-01 04:41 . 2011-07-01 04:41 -------- d-----w- c:\windows\system32\vmm32
2011-07-01 04:25 . 2011-07-01 04:25 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-01 04:24 . 2011-07-01 04:24 -------- d-----w- C:\Inetpub
2011-07-01 04:23 . 2011-07-01 04:23 -------- d-----w- c:\documents and settings\Paul\Application Data\Windows Search
2011-07-01 04:21 . 2011-07-01 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2011-07-01 04:19 . 2011-07-01 04:19 -------- d-----w- c:\windows\system32\winrm
2011-07-01 04:18 . 2011-07-01 04:18 -------- d-----w- c:\documents and settings\Paul\Application Data\Windows Desktop Search
2011-07-01 03:20 . 2007-03-16 23:10 1253376 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2011-07-01 03:08 . 2011-07-01 04:41 45056 ----a-r- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{2764CA82-DFB9-4498-AF85-719340BF5305}\NewShortcut1_2764CA82DFB94498AF85719340BF5305.exe
2011-07-01 03:02 . 2002-01-08 22:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2011-07-01 03:02 . 2000-03-23 17:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2011-07-01 03:02 . 1998-11-10 15:46 328480 ----a-w- c:\windows\system32\ssa3d30.ocx
2011-07-01 03:02 . 1998-06-18 04:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-07-01 03:02 . 2000-01-04 10:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-06-30 17:32 . 2011-06-30 17:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-06-30 07:21 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-29 01:03 . 2011-06-29 01:03 -------- d-----w- c:\documents and settings\Paul\Application Data\Leadertech
2011-06-29 01:00 . 2011-06-29 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2011-06-29 00:59 . 2011-06-29 00:59 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2011-06-28 23:58 . 2011-07-01 04:19 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-28 23:57 . 2011-07-01 04:21 -------- d-----w- c:\program files\Common Files\logishrd
2011-06-28 23:56 . 2011-06-28 23:56 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\PCHealth
2011-06-28 23:55 . 2011-07-01 04:23 -------- d-----w- c:\program files\Windows Desktop Search
2011-06-28 23:55 . 2011-07-03 04:41 -------- d--h--w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2010-10-07 09:12 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2010-10-07 09:12 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 03:41 . 2011-05-27 03:41 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-05-26 20:28 . 2011-05-26 20:28 96 ----a-w- c:\documents and settings\Paul\swork.bat
2011-05-02 15:31 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2005-08-16 10:18 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-18 19:40 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2009-05-01 453400]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2006-03-18 19:48 61440 ----a-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-15 16:44 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-02-23 01:00 49152 ----a-w- c:\dell\E-Center\GTB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 09:04 59392 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 16:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-02-13 18:06 2196240 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-01-12 23:26 3046808 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-18 20:15 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-11-17 03:35 397312 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 22:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"iPod Service"=3 (0x3)
"sftvsa"=3 (0x3)
"sftlist"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"LexBceS"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"cvhsvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Riot Games\\League of Legends\\RADS\\projects\\lol_air_client\\releases\\0.0.0.48\\deploy\\LolClient.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Wow.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Server
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [12/24/2009 5:52 PM 39424]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [10/28/2009 6:25 PM 122408]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [10/28/2009 6:11 PM 92712]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [10/28/2009 6:11 PM 117288]
S2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [10/28/2009 6:25 PM 1117224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 11:23 PM 554344]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 11:23 PM 211432]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 11:23 PM 20584]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 11:23 PM 18280]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [10/28/2009 6:11 PM 113192]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/16/2005 5:18 AM 14336]
S4 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]
S4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S4 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 477436]
S4 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 203564]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\74j0ejqf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,98,29,b8,3c,ca,64,48,a7,78,79,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,98,29,b8,3c,ca,64,48,a7,78,79,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(440)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-26 18:00:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-26 23:00
ComboFix2.txt 2011-07-26 03:53
.
Pre-Run: 3,705,561,088 bytes free
Post-Run: 3,683,840,000 bytes free
.
- - End Of File - - E641EEEFAEA36AA2699AD276D567A446

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:23 AM

Posted 26 July 2011 - 06:49 PM

Hi


Please download TDSSKiller.zip to a USB and transfer it over to the infected machine

  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


Please run the following troubleshooting steps checking to see if you can connect after each step, let me know if any step resolves the issue

if your network icon appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair.


Posted Image

If you have no task bar icon do this:

  • Click on the Start button.
  • Click on the Settings menu option.
  • Click on the Control Panel option.
  • When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
  • You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
  • click on the Repair menu option.

Posted Image

Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.


if no luck - try this:

  • Go to Start > Control Panel, and choose Network Connections.
  • Right click on your default connection, usually Local Area Connection for cable and DSL or Dial-up Connection if you are using Dial-up, and choose Properties.
  • Click the Networking tab
  • Double-click on the Internet Protocol (TCP/IP) item.
  • Write down the settings in case you should need to change them back.
  • Select the radio button that says "Obtain DNS servers automatically".
  • Click OK twice to get out of the properties screen and restart your computer.
  • If not prompted to reboot go ahead and reboot manually.

In I.E.
  • Check internet options settings.
  • Tools > Internet Options > Connections
  • LAN settings
  • Choose "automatically detect settings"
  • uncheck both proxy settings boxes

In FireFox
  • Click on Advanced -> Network -> Settings…
  • the No Proxy option should be selected



Next: - try this:

Go to Start > Run > type in CMD to open a command prompt.

Type in the following command in the command prompt and press Enter.


netsh int ip reset reset.log

Then also type the following command and hit enter.

netsh winsock reset catalog

Once that completes then restart the system and see then if you are able to get online.


next this -

Go to Start > Run then type: CMD into the run box

You will now see a black DOS-like screen.

Type the following at the command prompt:

IPconfig /release. (Note the space between the "g" and the slash / it needs to be there)

Hit enter Then type:

IPconfig /Renew (Note the space between the "g" and the slash / it needs to be there)

Hit enter

Edited by CatByte, 26 July 2011 - 06:52 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Pawl

Pawl
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 26 July 2011 - 08:00 PM

I ran the tdsskiller and nothing was found. I did run this on 13 July and have that report should you want it.
Here is the report for tdsskiller from today 26 July:


2011/07/26 19:04:13.0062 2088 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/26 19:04:13.0156 2088 ================================================================================
2011/07/26 19:04:13.0156 2088 SystemInfo:
2011/07/26 19:04:13.0156 2088
2011/07/26 19:04:13.0156 2088 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/26 19:04:13.0156 2088 Product type: Workstation
2011/07/26 19:04:13.0156 2088 ComputerName: PIZZ
2011/07/26 19:04:13.0156 2088 UserName: Paul
2011/07/26 19:04:13.0156 2088 Windows directory: C:\WINDOWS
2011/07/26 19:04:13.0156 2088 System windows directory: C:\WINDOWS
2011/07/26 19:04:13.0156 2088 Processor architecture: Intel x86
2011/07/26 19:04:13.0156 2088 Number of processors: 2
2011/07/26 19:04:13.0156 2088 Page size: 0x1000
2011/07/26 19:04:13.0156 2088 Boot type: Normal boot
2011/07/26 19:04:13.0156 2088 ================================================================================
2011/07/26 19:04:14.0765 2088 Initialize success
2011/07/26 19:04:25.0187 2140 ================================================================================
2011/07/26 19:04:25.0187 2140 Scan started
2011/07/26 19:04:25.0187 2140 Mode: Manual;
2011/07/26 19:04:25.0187 2140 ================================================================================
2011/07/26 19:04:25.0671 2140 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/26 19:04:25.0734 2140 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/26 19:04:25.0796 2140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/26 19:04:25.0843 2140 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/26 19:04:25.0875 2140 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/26 19:04:25.0968 2140 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/26 19:04:26.0125 2140 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/26 19:04:26.0156 2140 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/26 19:04:26.0203 2140 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/26 19:04:26.0234 2140 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/26 19:04:26.0281 2140 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/26 19:04:26.0328 2140 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/26 19:04:26.0359 2140 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/26 19:04:26.0406 2140 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/26 19:04:26.0500 2140 AMP (72de526e037d4b159b3e39fb2ebcceef) C:\WINDOWS\system32\DRIVERS\amp.sys
2011/07/26 19:04:26.0671 2140 AMPSE (cc08b7cdea3467867878fada90306f6a) C:\WINDOWS\system32\DRIVERS\ampse.sys
2011/07/26 19:04:26.0734 2140 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/26 19:04:26.0781 2140 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/07/26 19:04:26.0875 2140 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/26 19:04:26.0968 2140 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/26 19:04:27.0000 2140 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/26 19:04:27.0031 2140 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/26 19:04:27.0093 2140 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/07/26 19:04:27.0156 2140 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/26 19:04:27.0187 2140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/26 19:04:27.0312 2140 ati2mtag (bf12cd6b0abd88681841611f5c3aca7d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/26 19:04:27.0500 2140 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/26 19:04:27.0562 2140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/26 19:04:27.0656 2140 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/07/26 19:04:27.0718 2140 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/07/26 19:04:27.0796 2140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/26 19:04:27.0859 2140 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/26 19:04:27.0984 2140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/26 19:04:28.0062 2140 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/26 19:04:28.0125 2140 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/26 19:04:28.0156 2140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/26 19:04:28.0187 2140 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/26 19:04:28.0218 2140 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/26 19:04:28.0265 2140 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/26 19:04:28.0296 2140 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/26 19:04:28.0343 2140 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/26 19:04:28.0500 2140 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/26 19:04:28.0562 2140 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/26 19:04:28.0625 2140 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/26 19:04:28.0671 2140 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/26 19:04:28.0765 2140 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/26 19:04:28.0812 2140 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/26 19:04:28.0968 2140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/26 19:04:29.0000 2140 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/26 19:04:29.0078 2140 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/26 19:04:29.0140 2140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/26 19:04:29.0187 2140 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/07/26 19:04:29.0203 2140 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/07/26 19:04:29.0265 2140 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/26 19:04:29.0343 2140 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/26 19:04:29.0375 2140 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/26 19:04:29.0546 2140 FilterService (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/07/26 19:04:29.0578 2140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/26 19:04:29.0625 2140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/26 19:04:29.0687 2140 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/26 19:04:29.0718 2140 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/26 19:04:29.0765 2140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/26 19:04:29.0812 2140 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/26 19:04:29.0875 2140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/26 19:04:29.0953 2140 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/26 19:04:30.0031 2140 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/26 19:04:30.0078 2140 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/26 19:04:30.0171 2140 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/07/26 19:04:30.0250 2140 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/07/26 19:04:30.0343 2140 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/26 19:04:30.0484 2140 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/26 19:04:30.0531 2140 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/26 19:04:30.0578 2140 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/26 19:04:30.0593 2140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/26 19:04:30.0671 2140 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/26 19:04:30.0703 2140 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/26 19:04:30.0765 2140 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/26 19:04:30.0843 2140 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/26 19:04:30.0937 2140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/26 19:04:31.0000 2140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/26 19:04:31.0046 2140 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/26 19:04:31.0109 2140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/26 19:04:31.0140 2140 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/26 19:04:31.0171 2140 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/26 19:04:31.0234 2140 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/26 19:04:31.0328 2140 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/26 19:04:31.0437 2140 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/26 19:04:31.0562 2140 LVcKap (9ce361764c5dd5fa5506510fe5d2297b) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/07/26 19:04:31.0625 2140 LVPr2Mon (94d03b31f36bb362fa5713470fcf1c79) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/07/26 19:04:31.0703 2140 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/07/26 19:04:32.0125 2140 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/07/26 19:04:32.0656 2140 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/26 19:04:32.0734 2140 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/07/26 19:04:32.0796 2140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/26 19:04:32.0859 2140 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/26 19:04:32.0890 2140 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/26 19:04:32.0953 2140 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/26 19:04:32.0984 2140 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/26 19:04:33.0140 2140 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/26 19:04:33.0156 2140 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/26 19:04:33.0250 2140 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/26 19:04:33.0328 2140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/26 19:04:33.0359 2140 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/26 19:04:33.0406 2140 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/26 19:04:33.0437 2140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/26 19:04:33.0515 2140 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/26 19:04:33.0609 2140 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/26 19:04:33.0671 2140 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/26 19:04:33.0718 2140 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/26 19:04:33.0796 2140 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/26 19:04:33.0828 2140 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/26 19:04:33.0875 2140 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/26 19:04:33.0906 2140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/26 19:04:33.0984 2140 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/26 19:04:34.0078 2140 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/26 19:04:34.0109 2140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/26 19:04:34.0156 2140 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/26 19:04:34.0234 2140 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/26 19:04:34.0312 2140 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
2011/07/26 19:04:34.0343 2140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/26 19:04:34.0406 2140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/26 19:04:34.0625 2140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/26 19:04:34.0765 2140 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/26 19:04:34.0953 2140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/26 19:04:34.0984 2140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/26 19:04:35.0031 2140 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/26 19:04:35.0093 2140 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/07/26 19:04:35.0156 2140 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/26 19:04:35.0187 2140 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/26 19:04:35.0234 2140 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/26 19:04:35.0281 2140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/26 19:04:35.0578 2140 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/26 19:04:35.0640 2140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/26 19:04:35.0687 2140 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/26 19:04:35.0718 2140 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/26 19:04:35.0796 2140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/26 19:04:35.0828 2140 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/26 19:04:35.0859 2140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/26 19:04:35.0921 2140 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/26 19:04:36.0031 2140 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/26 19:04:36.0109 2140 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/26 19:04:36.0156 2140 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/26 19:04:36.0171 2140 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/26 19:04:36.0203 2140 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/26 19:04:36.0234 2140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/26 19:04:36.0296 2140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/26 19:04:36.0343 2140 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/26 19:04:36.0390 2140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/26 19:04:36.0421 2140 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/26 19:04:36.0468 2140 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/26 19:04:36.0734 2140 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/26 19:04:36.0781 2140 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/26 19:04:36.0859 2140 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/07/26 19:04:36.0890 2140 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/07/26 19:04:36.0937 2140 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/07/26 19:04:37.0031 2140 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/07/26 19:04:37.0093 2140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/26 19:04:37.0250 2140 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/26 19:04:37.0296 2140 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/26 19:04:37.0359 2140 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/07/26 19:04:37.0406 2140 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/07/26 19:04:37.0421 2140 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/26 19:04:37.0515 2140 Sftfs (14cb193ecd4e71a32446790f9ecf39dd) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
2011/07/26 19:04:37.0625 2140 Sftplay (1f05637831caf19b069aaf361d720bb9) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
2011/07/26 19:04:37.0734 2140 Sftredir (423628f17862593d7d43e02187f4c1b5) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
2011/07/26 19:04:37.0781 2140 Sftvol (258ab73a01fa1b8d1a2a053c6bba5544) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
2011/07/26 19:04:37.0859 2140 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/26 19:04:37.0906 2140 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/26 19:04:37.0968 2140 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/26 19:04:38.0031 2140 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/26 19:04:38.0062 2140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/26 19:04:38.0140 2140 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/26 19:04:38.0328 2140 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/07/26 19:04:38.0359 2140 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/07/26 19:04:38.0484 2140 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/07/26 19:04:38.0546 2140 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/26 19:04:38.0578 2140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/26 19:04:38.0609 2140 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/26 19:04:38.0781 2140 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/26 19:04:38.0812 2140 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/26 19:04:38.0859 2140 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/26 19:04:38.0890 2140 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/26 19:04:38.0968 2140 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/26 19:04:39.0031 2140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/26 19:04:39.0125 2140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/26 19:04:39.0312 2140 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/07/26 19:04:39.0359 2140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/26 19:04:39.0390 2140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/26 19:04:39.0437 2140 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/26 19:04:39.0500 2140 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/07/26 19:04:39.0562 2140 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/07/26 19:04:39.0593 2140 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/07/26 19:04:39.0625 2140 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/07/26 19:04:39.0734 2140 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/07/26 19:04:39.0765 2140 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/07/26 19:04:39.0781 2140 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/07/26 19:04:39.0828 2140 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/07/26 19:04:39.0859 2140 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/07/26 19:04:39.0968 2140 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/26 19:04:40.0046 2140 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/07/26 19:04:40.0109 2140 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/26 19:04:40.0265 2140 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/26 19:04:40.0328 2140 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/26 19:04:40.0625 2140 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/26 19:04:40.0843 2140 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/26 19:04:40.0906 2140 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/26 19:04:40.0968 2140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/26 19:04:41.0031 2140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/26 19:04:41.0187 2140 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/26 19:04:41.0250 2140 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/26 19:04:41.0312 2140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/26 19:04:41.0359 2140 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/26 19:04:41.0421 2140 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/07/26 19:04:41.0484 2140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/26 19:04:41.0687 2140 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/26 19:04:41.0718 2140 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/26 19:04:41.0765 2140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/26 19:04:41.0828 2140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/26 19:04:41.0906 2140 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/07/26 19:04:41.0984 2140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/26 19:04:42.0171 2140 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/07/26 19:04:42.0265 2140 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/07/26 19:04:42.0328 2140 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/07/26 19:04:42.0390 2140 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/26 19:04:42.0468 2140 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/07/26 19:04:42.0625 2140 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/07/26 19:04:42.0671 2140 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/26 19:04:42.0734 2140 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/26 19:04:42.0843 2140 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/26 19:04:42.0890 2140 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/26 19:04:42.0968 2140 XPacket (84421b007070d7d95483315ab3164c45) C:\WINDOWS\system32\xpacket.sys
2011/07/26 19:04:43.0140 2140 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/07/26 19:04:43.0187 2140 MBR (0x1B8) (2ba3e330828ad649a40ef55575d98871) \Device\Harddisk0\DR0
2011/07/26 19:04:43.0218 2140 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR6
2011/07/26 19:04:44.0937 2140 Boot (0x1200) (cfc0ddbee33c0211cafb00a9a016f3df) \Device\Harddisk0\DR0\Partition0
2011/07/26 19:04:44.0953 2140 Boot (0x1200) (0f89d9e8c9620c0851dc2f61e790b77a) \Device\Harddisk1\DR6\Partition0
2011/07/26 19:04:44.0953 2140 ================================================================================
2011/07/26 19:04:44.0953 2140 Scan finished
2011/07/26 19:04:44.0953 2140 ================================================================================
2011/07/26 19:04:44.0984 2580 Detected object count: 0
2011/07/26 19:04:44.0984 2580 Actual detected object count: 0
2011/07/26 19:05:46.0421 2540 Deinitialize success


I went through each of the troubleshooting attempts and none were successful. When I attempted to right click on my wireless connection and repair it, I got this error message:

Windows could not finish repairing the problem because the following action cannot be completed: Connecting to the wireless network.

I triple checked the password and it was correct.
Then, when I use the command prompt to do the command "IPconfig /release" I got this error message:


An internal error occurred: The request is not supported.
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.


Sorry this took a while to complete

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:23 AM

Posted 26 July 2011 - 08:10 PM

Try the fix it button here:

http://support.microsoft.com/?kbid=299357


have you looked in Device Manager? Are there any warning triangles?

Press the WinKey + R to open a run box > copoy / paste the following > press OK

devmgmt.msc

Expand the "Network Adapters" tree > try updating the driver, if that makes no difference the uninstall it > reboot and allow windows to re-install the driver.


If that still does not help, then Use the Fix It button to repair the winsock corruption here

http://support.microsoft.com/kb/811259

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Pawl

Pawl
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 26 July 2011 - 08:22 PM

In Device Manager in the network adapters tree, my "WAN Miniport (L2TP)" has an issue. I double click WAN Miniport and in the device status box it says:

Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)

I attempted to uninstall it by right clicking it but an error message comes up saying:

Failed to uninstall the device. The device may be required to boot up the computer.

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:23 AM

Posted 26 July 2011 - 08:31 PM

Try booting into safe mode >


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account


Now open up device manager > Click on View > Click on Show Hidden Devices.

Now see if you can uninstall the listed devices and re-install them on reboot..

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Pawl

Pawl
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 26 July 2011 - 08:58 PM

While in safe mode, none of the network devices have a conflict. I went ahead and uninstalled all that I could. There were an extra 5 or so devices listed while in safe mode. I still was not able to uninstall the WLAN Miniport (LT2P) or any of the other listed WLAN Miniports. An error message comes up stating it is used to boot the computer. Currently I am attempting to reinstall the ones I uninstalled.

I am going to be away from my computer for the next hour and an half. Thank you again for your help.

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:23 AM

Posted 26 July 2011 - 09:02 PM

OK

This is getting out of my area of expertise, so I need to run this by some expert colleagues to see if anyone has a resolution for this,

hopefully someone will have a solution, you probably won't hear back from me till tomorrow.

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Pawl

Pawl
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 26 July 2011 - 11:54 PM

Ah gotcha. Those extra devices listed while in safe mode are actually listed when in normal mode. I just had to turn on "show hidden devices." Unfortunately, that one network device is still having the same conflict. That is the WLAN Miniport (LT2P) device.

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:23 AM

Posted 27 July 2011 - 06:32 AM

Hi,

Let's give Winsock fix a try

Download WinsockFix http://www.greyknight17.com/spy/WinsockFix.zip and unzip it. Then double click on WinsockFix.exe to run it.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users