Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Data Recovery Viruss Goole redirect


  • This topic is locked This topic is locked
32 replies to this topic

#1 erroll

erroll

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 12 October 2011 - 03:02 PM

This is a continuation from my previous post I cannot connect to the internet files are attached To clarify, referred from here: http://www.bleepingcomputer.com/forums/topic421930.html ~ OB

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 9:38:43 on 2011-10-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2995 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.zradio.org/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\docume~1\hp_adm~1.you\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: plaxo.com\www
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://unisourceworldwide.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{3D3ADAC6-51DB-4967-B1EB-21BA12717714} : DhcpNameServer = 65.32.5.111 65.32.5.112
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2011-10-4 206160]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-9-5 393648]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2005-5-16 85248]
S1 MpKslea350b99;MpKslea350b99;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aae178a4-9503-4b33-a3ca-9e6b188af592}\mpkslea350b99.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aae178a4-9503-4b33-a3ca-9e6b188af592}\MpKslea350b99.sys [?]
S1 MpKslee7c7297;MpKslee7c7297;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61fa82ca-1edd-4256-9e1f-f08e74230cd9}\mpkslee7c7297.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61fa82ca-1edd-4256-9e1f-f08e74230cd9}\MpKslee7c7297.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-17 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-17 136176]
.
=============== Created Last 30 ================
.
2011-10-07 23:18:36 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-07 23:18:31 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-07 23:18:30 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-07 23:18:26 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-07 23:18:19 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-07 23:17:34 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-07 23:17:27 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-07 23:17:25 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-07 23:17:13 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-07 23:17:11 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-07 23:16:32 196608 ----a-w- c:\windows\system32\dllcache\wmiadap.exe
2011-10-07 23:16:28 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-10-07 23:16:24 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-10-07 23:16:20 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-10-07 23:16:01 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2011-10-07 23:14:56 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-10-07 23:13:53 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2011-10-07 23:13:50 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-10-07 23:13:46 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2011-10-07 23:13:42 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2011-10-07 23:13:38 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-10-07 23:13:35 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2011-10-07 23:13:31 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2011-10-07 23:13:27 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-10-07 23:13:23 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2011-10-07 23:13:19 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2011-10-07 23:13:15 36736 ----a-w- c:\windows\system32\dllcache\ultra.sys
2011-10-07 23:13:09 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2011-10-07 23:13:02 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-10-07 23:11:57 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-10-07 23:10:57 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2011-10-07 23:10:54 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-10-07 23:10:51 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-10-07 23:10:47 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-10-07 23:10:43 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-10-07 23:10:40 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-10-07 23:10:35 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-10-07 23:10:31 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-10-07 23:10:28 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2011-10-07 23:10:23 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2011-10-07 23:10:15 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-10-07 23:10:11 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-10-07 23:10:05 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-10-07 23:09:58 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2011-10-07 23:09:55 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2011-10-07 23:09:51 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys
2011-10-07 23:09:47 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-10-07 23:09:44 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2011-10-07 23:09:39 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2011-10-07 23:09:34 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2011-10-07 23:09:23 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys
2011-10-07 23:08:45 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys
2011-10-07 23:08:34 143422 ----a-w- c:\windows\system32\dllcache\softkey.dll
2011-10-07 23:08:22 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-10-07 23:06:58 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2011-10-07 23:06:54 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2011-10-07 23:06:53 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2011-10-07 23:06:50 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-10-07 23:06:46 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-10-07 23:06:43 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-10-07 23:06:39 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-10-07 23:06:36 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-10-07 23:06:32 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-10-07 23:06:07 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-10-07 23:06:04 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-10-07 23:06:00 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-10-07 23:04:57 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2011-10-07 23:03:58 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-10-07 23:03:54 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2011-10-07 23:03:46 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2011-10-07 23:03:39 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-10-07 23:03:34 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2011-10-07 23:03:23 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-10-07 23:03:17 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-10-07 23:03:14 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-10-07 23:03:10 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-10-07 23:03:06 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-10-07 23:01:54 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-10-07 23:00:57 30495 ----a-w- c:\windows\system32\dllcache\pc100nds.sys
2011-10-07 22:59:46 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-10-07 22:59:43 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-10-07 22:59:28 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-10-07 22:59:22 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-10-07 22:59:18 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-10-07 22:59:17 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-10-07 22:59:07 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-10-07 22:59:03 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-07 22:57:58 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-10-07 22:57:55 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys
2011-10-07 22:57:51 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2011-10-07 22:57:48 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2011-10-07 22:57:45 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-10-07 22:57:42 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2011-10-07 22:57:41 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2011-10-07 22:57:37 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-10-07 22:57:09 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-07 22:57:03 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-07 22:56:51 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-07 22:56:49 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-07 22:56:47 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-10-07 22:56:28 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-07 22:56:24 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-07 22:56:22 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-10-07 22:56:11 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-10-07 22:56:04 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-10-07 22:54:57 797500 ----a-w- c:\windows\system32\dllcache\ltsmt.sys
2011-10-07 22:53:55 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-10-07 22:53:52 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-10-07 22:53:32 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2011-10-07 22:53:29 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2011-10-07 22:53:26 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-10-07 22:53:24 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-10-07 22:53:15 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2011-10-07 22:53:12 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
2011-10-07 22:53:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2011-10-07 22:53:08 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2011-10-07 22:53:08 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe
2011-10-07 22:53:07 88192 ----a-w- c:\windows\system32\dllcache\irda.sys
2011-10-07 22:51:57 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-10-07 22:50:59 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2011-10-07 22:49:59 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll
2011-10-07 22:48:58 470144 ----a-w- c:\windows\system32\dllcache\g200d.dll
2011-10-07 22:47:56 45568 ----a-w- c:\windows\system32\dllcache\esunib.dll
2011-10-07 22:46:59 153631 ----a-w- c:\windows\system32\dllcache\el90xnd5.sys
2011-10-07 22:45:59 952007 ----a-w- c:\windows\system32\dllcache\diwan.sys
2011-10-07 22:44:56 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2011-10-07 22:43:59 111232 ----a-w- c:\windows\system32\dllcache\cl5465.dll
2011-10-07 22:42:26 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-10-07 22:41:59 54271 ----a-w- c:\windows\system32\dllcache\bcm42xx5.sys
2011-10-07 22:40:53 101888 ----a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-10-07 22:36:17 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-10-06 01:46:50 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-04 23:05:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-04 23:05:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 15:40:37 1422672 ----a-w- c:\windows\system32\cfgmig32.dll
2011-10-04 15:40:36 -------- d-----w- c:\program files\common files\Scanner
2011-10-04 15:40:17 2760720 ----a-w- c:\windows\system32\svcprs32.exe
2011-10-04 15:40:15 4108304 ----a-w- c:\windows\system32\win32cpr.dll
2011-10-04 15:40:12 98320 ----a-w- c:\windows\system32\winsfinst.exe
2011-10-04 15:40:12 1744912 ----a-w- c:\windows\system32\winsflt.dll
2011-10-04 15:40:11 3207184 ----a-w- c:\windows\system32\mdmcls32.exe
2011-10-04 15:40:03 2990096 ----a-w- c:\windows\system32\winsflte.dll
2011-10-04 15:39:42 7440 ----a-w- c:\windows\system32\sporder.dll
2011-10-04 15:39:35 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-10-04 15:39:35 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-10-04 15:39:35 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-10-04 15:39:34 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-10-04 15:39:34 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-10-04 15:39:34 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-10-04 15:39:32 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-10-04 15:39:29 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-10-04 15:39:26 -------- d-----w- c:\program files\ISSThirdParty
2011-10-04 15:35:07 -------- d-----w- c:\documents and settings\all users\application data\CA
2011-10-03 04:06:18 -------- d--h--w- c:\program files\CCleaner
2011-10-03 04:01:38 -------- d--h--w- c:\windows\PIF
2011-10-03 02:41:56 -------- d--h--w- c:\documents and settings\all users\application data\PC Tools
2011-10-02 22:06:01 264 ---ha-w- c:\documents and settings\all users\application data\123.exe
2011-10-02 22:06:01 184 ---ha-w- c:\documents and settings\all users\application data\124.exe
2011-10-02 22:05:24 336 ---ha-w- c:\documents and settings\all users\application data\125.exe
2011-10-02 22:03:53 348160 ---ha-w- c:\documents and settings\all users\application data\126.exe
2011-09-13 00:08:31 131072 ---ha-w- c:\windows\system32\EKIJCOINST12.dll
2011-09-13 00:08:30 425984 ---ha-w- c:\windows\system32\EKIJ5000MON.dll
2011-09-13 00:08:30 196608 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
.
==================== Find3M ====================
.
2011-10-06 01:46:10 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-04 04:23:38 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-09-09 09:12:13 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 9:40:58.71 ===============

Attached Files


Edited by Orange Blossom, 13 October 2011 - 12:33 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:33 AM

Posted 16 October 2011 - 06:32 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 erroll

erroll
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 17 October 2011 - 06:35 PM

Elise
Thank you hopefully this is the information you need.
erroll


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 19:29:49 on 2011-10-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.3008 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.zradio.org/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\docume~1\hp_adm~1.you\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: plaxo.com\www
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://unisourceworldwide.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{3D3ADAC6-51DB-4967-B1EB-21BA12717714} : DhcpNameServer = 65.32.5.111 65.32.5.112
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2011-10-4 206160]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-9-5 393648]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2005-5-16 85248]
S1 MpKslea350b99;MpKslea350b99;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aae178a4-9503-4b33-a3ca-9e6b188af592}\mpkslea350b99.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aae178a4-9503-4b33-a3ca-9e6b188af592}\MpKslea350b99.sys [?]
S1 MpKslee7c7297;MpKslee7c7297;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61fa82ca-1edd-4256-9e1f-f08e74230cd9}\mpkslee7c7297.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61fa82ca-1edd-4256-9e1f-f08e74230cd9}\MpKslee7c7297.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-17 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-17 136176]
.
=============== Created Last 30 ================
.
2011-10-07 23:18:36 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-07 23:18:31 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-07 23:18:30 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-07 23:18:26 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-07 23:18:19 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-07 23:17:34 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-07 23:17:27 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-07 23:17:25 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-07 23:17:13 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-07 23:17:11 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-07 23:16:32 196608 ----a-w- c:\windows\system32\dllcache\wmiadap.exe
2011-10-07 23:16:28 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-10-07 23:16:24 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-10-07 23:16:20 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-10-07 23:16:01 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2011-10-07 23:14:56 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-10-07 23:13:53 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2011-10-07 23:13:50 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-10-07 23:13:46 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2011-10-07 23:13:42 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2011-10-07 23:13:38 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-10-07 23:13:35 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2011-10-07 23:13:31 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2011-10-07 23:13:27 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-10-07 23:13:23 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2011-10-07 23:13:19 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2011-10-07 23:13:15 36736 ----a-w- c:\windows\system32\dllcache\ultra.sys
2011-10-07 23:13:09 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2011-10-07 23:13:02 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-10-07 23:11:57 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-10-07 23:10:57 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2011-10-07 23:10:54 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-10-07 23:10:51 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-10-07 23:10:47 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-10-07 23:10:43 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-10-07 23:10:40 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-10-07 23:10:35 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-10-07 23:10:31 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-10-07 23:10:28 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2011-10-07 23:10:23 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2011-10-07 23:10:15 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-10-07 23:10:11 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-10-07 23:10:05 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-10-07 23:09:58 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2011-10-07 23:09:55 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2011-10-07 23:09:51 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys
2011-10-07 23:09:47 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-10-07 23:09:44 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2011-10-07 23:09:39 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2011-10-07 23:09:34 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2011-10-07 23:09:23 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys
2011-10-07 23:08:45 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys
2011-10-07 23:08:34 143422 ----a-w- c:\windows\system32\dllcache\softkey.dll
2011-10-07 23:08:22 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-10-07 23:06:58 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2011-10-07 23:06:54 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2011-10-07 23:06:53 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2011-10-07 23:06:50 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-10-07 23:06:46 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-10-07 23:06:43 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-10-07 23:06:39 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-10-07 23:06:36 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-10-07 23:06:32 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-10-07 23:06:07 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-10-07 23:06:04 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-10-07 23:06:00 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-10-07 23:04:57 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2011-10-07 23:03:58 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-10-07 23:03:54 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2011-10-07 23:03:46 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2011-10-07 23:03:39 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-10-07 23:03:34 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2011-10-07 23:03:23 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-10-07 23:03:17 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-10-07 23:03:14 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-10-07 23:03:10 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-10-07 23:03:06 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-10-07 23:01:54 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-10-07 23:00:57 30495 ----a-w- c:\windows\system32\dllcache\pc100nds.sys
2011-10-07 22:59:46 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-10-07 22:59:43 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-10-07 22:59:28 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-10-07 22:59:22 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-10-07 22:59:18 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-10-07 22:59:17 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-10-07 22:59:07 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-10-07 22:59:03 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-07 22:57:58 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-10-07 22:57:55 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys
2011-10-07 22:57:51 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2011-10-07 22:57:48 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2011-10-07 22:57:45 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-10-07 22:57:42 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2011-10-07 22:57:41 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2011-10-07 22:57:37 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-10-07 22:57:09 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-07 22:57:03 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-07 22:56:51 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-07 22:56:49 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-07 22:56:47 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-10-07 22:56:28 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-07 22:56:24 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-07 22:56:22 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-10-07 22:56:11 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-10-07 22:56:04 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-10-07 22:54:57 797500 ----a-w- c:\windows\system32\dllcache\ltsmt.sys
2011-10-07 22:53:55 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-10-07 22:53:52 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-10-07 22:53:32 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2011-10-07 22:53:29 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2011-10-07 22:53:26 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-10-07 22:53:24 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-10-07 22:53:15 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2011-10-07 22:53:12 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
2011-10-07 22:53:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2011-10-07 22:53:08 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2011-10-07 22:53:08 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe
2011-10-07 22:53:07 88192 ----a-w- c:\windows\system32\dllcache\irda.sys
2011-10-07 22:51:57 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-10-07 22:50:59 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2011-10-07 22:49:59 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll
2011-10-07 22:48:58 470144 ----a-w- c:\windows\system32\dllcache\g200d.dll
2011-10-07 22:47:56 45568 ----a-w- c:\windows\system32\dllcache\esunib.dll
2011-10-07 22:46:59 153631 ----a-w- c:\windows\system32\dllcache\el90xnd5.sys
2011-10-07 22:45:59 952007 ----a-w- c:\windows\system32\dllcache\diwan.sys
2011-10-07 22:44:56 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2011-10-07 22:43:59 111232 ----a-w- c:\windows\system32\dllcache\cl5465.dll
2011-10-07 22:42:26 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-10-07 22:41:59 54271 ----a-w- c:\windows\system32\dllcache\bcm42xx5.sys
2011-10-07 22:40:53 101888 ----a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-10-07 22:36:17 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-10-06 01:46:50 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-04 23:05:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-04 23:05:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 15:40:37 1422672 ----a-w- c:\windows\system32\cfgmig32.dll
2011-10-04 15:40:36 -------- d-----w- c:\program files\common files\Scanner
2011-10-04 15:40:17 2760720 ----a-w- c:\windows\system32\svcprs32.exe
2011-10-04 15:40:15 4108304 ----a-w- c:\windows\system32\win32cpr.dll
2011-10-04 15:40:12 98320 ----a-w- c:\windows\system32\winsfinst.exe
2011-10-04 15:40:12 1744912 ----a-w- c:\windows\system32\winsflt.dll
2011-10-04 15:40:11 3207184 ----a-w- c:\windows\system32\mdmcls32.exe
2011-10-04 15:40:03 2990096 ----a-w- c:\windows\system32\winsflte.dll
2011-10-04 15:39:42 7440 ----a-w- c:\windows\system32\sporder.dll
2011-10-04 15:39:35 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-10-04 15:39:35 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-10-04 15:39:35 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-10-04 15:39:34 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-10-04 15:39:34 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-10-04 15:39:34 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-10-04 15:39:32 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-10-04 15:39:29 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-10-04 15:39:26 -------- d-----w- c:\program files\ISSThirdParty
2011-10-04 15:35:07 -------- d-----w- c:\documents and settings\all users\application data\CA
2011-10-03 04:06:18 -------- d--h--w- c:\program files\CCleaner
2011-10-03 04:01:38 -------- d--h--w- c:\windows\PIF
2011-10-03 02:41:56 -------- d--h--w- c:\documents and settings\all users\application data\PC Tools
2011-10-02 22:06:01 264 ---ha-w- c:\documents and settings\all users\application data\123.exe
2011-10-02 22:06:01 184 ---ha-w- c:\documents and settings\all users\application data\124.exe
2011-10-02 22:05:24 336 ---ha-w- c:\documents and settings\all users\application data\125.exe
2011-10-02 22:03:53 348160 ---ha-w- c:\documents and settings\all users\application data\126.exe
.
==================== Find3M ====================
.
2011-10-06 01:46:10 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-04 04:23:38 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-09-09 09:12:13 599040 ---ha-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 19:30:24.07 ===============

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:33 AM

Posted 18 October 2011 - 03:18 AM

Hi, lets also do a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 erroll

erroll
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 18 October 2011 - 02:01 PM

14:54:11.0296 3208 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
14:54:11.0312 3208 ============================================================
14:54:11.0312 3208 Current date / time: 2011/10/18 14:54:11.0312
14:54:11.0312 3208 SystemInfo:
14:54:11.0312 3208
14:54:11.0312 3208 OS Version: 5.1.2600 ServicePack: 3.0
14:54:11.0312 3208 Product type: Workstation
14:54:11.0312 3208 ComputerName: EBANNISTER
14:54:11.0312 3208 UserName: HP_Administrator
14:54:11.0312 3208 Windows directory: C:\WINDOWS
14:54:11.0312 3208 System windows directory: C:\WINDOWS
14:54:11.0312 3208 Processor architecture: Intel x86
14:54:11.0312 3208 Number of processors: 2
14:54:11.0312 3208 Page size: 0x1000
14:54:11.0312 3208 Boot type: Normal boot
14:54:11.0312 3208 ============================================================
14:54:13.0359 3208 Initialize success
14:54:15.0296 3232 ============================================================
14:54:15.0296 3232 Scan started
14:54:15.0296 3232 Mode: Manual;
14:54:15.0296 3232 ============================================================
14:54:16.0812 3232 Abiosdsk - ok
14:54:17.0109 3232 abp480n5 - ok
14:54:17.0500 3232 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:54:17.0500 3232 ACPI - ok
14:54:17.0921 3232 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:54:17.0921 3232 ACPIEC - ok
14:54:18.0218 3232 adpu160m - ok
14:54:18.0656 3232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:54:18.0656 3232 aec - ok
14:54:19.0218 3232 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
14:54:19.0218 3232 AFD - ok
14:54:20.0109 3232 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:54:20.0125 3232 AgereSoftModem - ok
14:54:20.0500 3232 Aha154x - ok
14:54:20.0765 3232 aic78u2 - ok
14:54:21.0062 3232 aic78xx - ok
14:54:21.0343 3232 AliIde - ok
14:54:21.0609 3232 amsint - ok
14:54:21.0953 3232 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:54:21.0953 3232 Arp1394 - ok
14:54:22.0250 3232 asc - ok
14:54:22.0562 3232 asc3350p - ok
14:54:22.0843 3232 asc3550 - ok
14:54:23.0187 3232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:54:23.0187 3232 AsyncMac - ok
14:54:23.0546 3232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:54:23.0546 3232 atapi - ok
14:54:23.0921 3232 Atdisk - ok
14:54:24.0296 3232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:54:24.0296 3232 Atmarpc - ok
14:54:24.0609 3232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:54:24.0609 3232 audstub - ok
14:54:24.0937 3232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:54:24.0937 3232 Beep - ok
14:54:25.0265 3232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:54:25.0265 3232 cbidf2k - ok
14:54:25.0593 3232 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:54:25.0593 3232 CCDECODE - ok
14:54:25.0953 3232 cd20xrnt - ok
14:54:26.0359 3232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:54:26.0359 3232 Cdaudio - ok
14:54:26.0718 3232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:54:26.0718 3232 Cdfs - ok
14:54:27.0015 3232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:54:27.0015 3232 Cdrom - ok
14:54:27.0281 3232 Changer - ok
14:54:27.0562 3232 CmdIde - ok
14:54:27.0843 3232 Cpqarray - ok
14:54:28.0187 3232 CVirtA (72f820e457bc8a1c61aeb86df89dd41a) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
14:54:28.0187 3232 CVirtA - ok
14:54:28.0640 3232 CVPNDRVA (6416c11a89f23a70b576b83c03747cde) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
14:54:28.0640 3232 CVPNDRVA - ok
14:54:29.0093 3232 CXFALCON (0d95dccd7c2755fdf0bd0b416b0b142f) C:\WINDOWS\system32\drivers\cxfalcon.sys
14:54:29.0093 3232 CXFALCON - ok
14:54:29.0390 3232 dac2w2k - ok
14:54:29.0656 3232 dac960nt - ok
14:54:30.0046 3232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:54:30.0046 3232 Disk - ok
14:54:30.0578 3232 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:54:30.0593 3232 dmboot - ok
14:54:31.0046 3232 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:54:31.0062 3232 dmio - ok
14:54:31.0390 3232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:54:31.0390 3232 dmload - ok
14:54:31.0765 3232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:54:31.0765 3232 DMusic - ok
14:54:32.0140 3232 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
14:54:32.0140 3232 DNE - ok
14:54:32.0437 3232 dpti2o - ok
14:54:32.0703 3232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:54:32.0703 3232 drmkaud - ok
14:54:33.0062 3232 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:54:33.0062 3232 E100B - ok
14:54:33.0531 3232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:54:33.0531 3232 Fastfat - ok
14:54:33.0906 3232 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
14:54:33.0906 3232 fasttx2k - ok
14:54:34.0250 3232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:54:34.0250 3232 Fdc - ok
14:54:34.0562 3232 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:54:34.0562 3232 Fips - ok
14:54:34.0859 3232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:54:34.0859 3232 Flpydisk - ok
14:54:35.0187 3232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:54:35.0187 3232 FltMgr - ok
14:54:35.0500 3232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:54:35.0500 3232 Fs_Rec - ok
14:54:35.0890 3232 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:54:35.0890 3232 Ftdisk - ok
14:54:36.0250 3232 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:54:36.0250 3232 GEARAspiWDM - ok
14:54:36.0578 3232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:54:36.0578 3232 Gpc - ok
14:54:36.0937 3232 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:54:36.0937 3232 HDAudBus - ok
14:54:37.0250 3232 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:54:37.0250 3232 HidUsb - ok
14:54:37.0515 3232 hpn - ok
14:54:37.0921 3232 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:54:37.0921 3232 HTTP - ok
14:54:38.0359 3232 i2omgmt - ok
14:54:38.0640 3232 i2omp - ok
14:54:39.0046 3232 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:54:39.0046 3232 i8042prt - ok
14:54:39.0593 3232 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:54:39.0593 3232 ialm - ok
14:54:39.0906 3232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:54:39.0921 3232 Imapi - ok
14:54:40.0218 3232 ini910u - ok
14:54:42.0390 3232 IntcAzAudAddService (440317795d6f9af27bf305036ad43d1d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:54:42.0437 3232 IntcAzAudAddService - ok
14:54:42.0859 3232 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:54:42.0859 3232 IntelIde - ok
14:54:43.0187 3232 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:54:43.0187 3232 intelppm - ok
14:54:43.0515 3232 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:54:43.0515 3232 Ip6Fw - ok
14:54:43.0921 3232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:54:43.0921 3232 IpInIp - ok
14:54:44.0312 3232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:54:44.0312 3232 IpNat - ok
14:54:44.0671 3232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:54:44.0671 3232 IRENUM - ok
14:54:45.0078 3232 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:54:45.0078 3232 isapnp - ok
14:54:45.0406 3232 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:54:45.0406 3232 Kbdclass - ok
14:54:45.0750 3232 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:54:45.0750 3232 kbdhid - ok
14:54:46.0171 3232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:54:46.0171 3232 kmixer - ok
14:54:46.0531 3232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:54:46.0531 3232 KSecDD - ok
14:54:46.0859 3232 lbrtfdc - ok
14:54:47.0218 3232 LHidFlt2 (03976c309ede05d39017c05b817cd94f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
14:54:47.0218 3232 LHidFlt2 - ok
14:54:47.0562 3232 LHidUsb (25688115843c4028686a96d88bc28007) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
14:54:47.0562 3232 LHidUsb - ok
14:54:47.0906 3232 LMouFlt2 (26407519fca64ec4091fe1f815b4afc4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
14:54:47.0906 3232 LMouFlt2 - ok
14:54:48.0234 3232 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
14:54:48.0234 3232 MHNDRV - ok
14:54:48.0640 3232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:54:48.0640 3232 mnmdd - ok
14:54:49.0000 3232 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:54:49.0015 3232 Modem - ok
14:54:49.0343 3232 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:54:49.0343 3232 Mouclass - ok
14:54:49.0656 3232 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:54:49.0656 3232 mouhid - ok
14:54:49.0984 3232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:54:49.0984 3232 MountMgr - ok
14:54:50.0125 3232 MpKslea350b99 - ok
14:54:50.0140 3232 MpKslee7c7297 - ok
14:54:50.0500 3232 mraid35x - ok
14:54:50.0890 3232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:54:50.0890 3232 MRxDAV - ok
14:54:51.0343 3232 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:54:51.0343 3232 MRxSmb - ok
14:54:51.0656 3232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:54:51.0656 3232 Msfs - ok
14:54:52.0015 3232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:54:52.0015 3232 MSKSSRV - ok
14:54:52.0453 3232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:54:52.0453 3232 MSPCLOCK - ok
14:54:52.0796 3232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:54:52.0796 3232 MSPQM - ok
14:54:53.0093 3232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:54:53.0093 3232 mssmbios - ok
14:54:53.0390 3232 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:54:53.0390 3232 MSTEE - ok
14:54:53.0765 3232 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:54:53.0765 3232 Mup - ok
14:54:54.0093 3232 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:54:54.0093 3232 NABTSFEC - ok
14:54:54.0562 3232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:54:54.0562 3232 NDIS - ok
14:54:54.0921 3232 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:54:54.0921 3232 NdisIP - ok
14:54:55.0250 3232 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:54:55.0250 3232 NdisTapi - ok
14:54:55.0562 3232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:54:55.0562 3232 Ndisuio - ok
14:54:55.0875 3232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:54:55.0875 3232 NdisWan - ok
14:54:56.0218 3232 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:54:56.0218 3232 NDProxy - ok
14:54:56.0578 3232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:54:56.0578 3232 NetBIOS - ok
14:54:56.0937 3232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:54:56.0937 3232 NetBT - ok
14:54:57.0390 3232 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:54:57.0390 3232 NIC1394 - ok
14:54:57.0734 3232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:54:57.0734 3232 Npfs - ok
14:54:58.0171 3232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:54:58.0171 3232 Ntfs - ok
14:54:58.0468 3232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:54:58.0468 3232 Null - ok
14:54:58.0781 3232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:54:58.0781 3232 NwlnkFlt - ok
14:54:59.0125 3232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:54:59.0125 3232 NwlnkFwd - ok
14:54:59.0437 3232 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:54:59.0437 3232 ohci1394 - ok
14:54:59.0734 3232 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:54:59.0750 3232 Parport - ok
14:55:00.0046 3232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:55:00.0046 3232 PartMgr - ok
14:55:00.0359 3232 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:55:00.0359 3232 ParVdm - ok
14:55:00.0765 3232 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:55:00.0765 3232 PCI - ok
14:55:01.0062 3232 PCIDump - ok
14:55:01.0437 3232 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:55:01.0437 3232 PCIIde - ok
14:55:01.0765 3232 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:55:01.0765 3232 Pcmcia - ok
14:55:02.0062 3232 PDCOMP - ok
14:55:02.0328 3232 PDFRAME - ok
14:55:02.0593 3232 PDRELI - ok
14:55:02.0859 3232 PDRFRAME - ok
14:55:03.0156 3232 perc2 - ok
14:55:03.0437 3232 perc2hib - ok
14:55:03.0781 3232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:55:03.0781 3232 PptpMiniport - ok
14:55:04.0125 3232 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
14:55:04.0125 3232 Ps2 - ok
14:55:04.0531 3232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:55:04.0531 3232 PSched - ok
14:55:04.0859 3232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:55:04.0859 3232 Ptilink - ok
14:55:05.0218 3232 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:55:05.0218 3232 PxHelp20 - ok
14:55:05.0484 3232 ql1080 - ok
14:55:05.0750 3232 Ql10wnt - ok
14:55:06.0031 3232 ql12160 - ok
14:55:06.0296 3232 ql1240 - ok
14:55:06.0578 3232 ql1280 - ok
14:55:06.0890 3232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:55:06.0890 3232 RasAcd - ok
14:55:07.0218 3232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:55:07.0218 3232 Rasl2tp - ok
14:55:07.0531 3232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:55:07.0531 3232 RasPppoe - ok
14:55:07.0812 3232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:55:07.0812 3232 Raspti - ok
14:55:08.0234 3232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:55:08.0234 3232 Rdbss - ok
14:55:08.0593 3232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:55:08.0593 3232 RDPCDD - ok
14:55:09.0015 3232 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:55:09.0015 3232 rdpdr - ok
14:55:09.0453 3232 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:55:09.0453 3232 RDPWD - ok
14:55:09.0796 3232 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:55:09.0796 3232 redbook - ok
14:55:10.0093 3232 RimUsb - ok
14:55:10.0421 3232 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
14:55:10.0421 3232 RimVSerPort - ok
14:55:10.0750 3232 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
14:55:10.0750 3232 ROOTMODEM - ok
14:55:11.0140 3232 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:55:11.0140 3232 rtl8139 - ok
14:55:11.0515 3232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:55:11.0515 3232 Secdrv - ok
14:55:11.0859 3232 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:55:11.0859 3232 Serial - ok
14:55:12.0156 3232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:55:12.0156 3232 Sfloppy - ok
14:55:12.0421 3232 Simbad - ok
14:55:12.0718 3232 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:55:12.0718 3232 SLIP - ok
14:55:13.0015 3232 Sparrow - ok
14:55:13.0343 3232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:55:13.0343 3232 splitter - ok
14:55:13.0765 3232 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:55:13.0765 3232 sr - ok
14:55:14.0218 3232 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:55:14.0218 3232 Srv - ok
14:55:14.0546 3232 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:55:14.0546 3232 streamip - ok
14:55:14.0843 3232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:55:14.0843 3232 swenum - ok
14:55:15.0171 3232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:55:15.0171 3232 swmidi - ok
14:55:15.0437 3232 symc810 - ok
14:55:15.0718 3232 symc8xx - ok
14:55:16.0000 3232 sym_hi - ok
14:55:16.0265 3232 sym_u3 - ok
14:55:16.0562 3232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:55:16.0562 3232 sysaudio - ok
14:55:16.0984 3232 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:55:16.0984 3232 Tcpip - ok
14:55:17.0390 3232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:55:17.0390 3232 TDPIPE - ok
14:55:17.0718 3232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:55:17.0734 3232 TDTCP - ok
14:55:18.0031 3232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:55:18.0046 3232 TermDD - ok
14:55:18.0312 3232 TosIde - ok
14:55:18.0656 3232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:55:18.0656 3232 Udfs - ok
14:55:18.0984 3232 ultra - ok
14:55:19.0375 3232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:55:19.0375 3232 Update - ok
14:55:19.0718 3232 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:55:19.0718 3232 USBAAPL - ok
14:55:20.0031 3232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:55:20.0031 3232 usbccgp - ok
14:55:20.0343 3232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:55:20.0343 3232 usbehci - ok
14:55:20.0687 3232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:55:20.0687 3232 usbhub - ok
14:55:21.0171 3232 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:55:21.0171 3232 usbprint - ok
14:55:21.0484 3232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:55:21.0484 3232 usbscan - ok
14:55:21.0812 3232 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:55:21.0812 3232 USBSTOR - ok
14:55:22.0187 3232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:55:22.0187 3232 usbuhci - ok
14:55:22.0546 3232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:55:22.0546 3232 VgaSave - ok
14:55:22.0859 3232 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:55:22.0859 3232 ViaIde - ok
14:55:23.0187 3232 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:55:23.0187 3232 VolSnap - ok
14:55:23.0531 3232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:55:23.0531 3232 Wanarp - ok
14:55:23.0921 3232 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
14:55:23.0937 3232 wceusbsh - ok
14:55:24.0250 3232 WDICA - ok
14:55:24.0609 3232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:55:24.0609 3232 wdmaud - ok
14:55:24.0953 3232 WpdUsb (d87ea9f191df6731818ffd93659badf4) C:\WINDOWS\system32\Drivers\wpdusb.sys
14:55:24.0953 3232 WpdUsb - ok
14:55:25.0281 3232 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:55:25.0281 3232 WS2IFSL - ok
14:55:25.0609 3232 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:55:25.0609 3232 WSTCODEC - ok
14:55:25.0656 3232 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
14:55:25.0687 3232 \Device\Harddisk0\DR0 - ok
14:55:25.0687 3232 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk5\DR7
14:55:26.0531 3232 \Device\Harddisk5\DR7 - ok
14:55:26.0531 3232 Boot (0x1200) (8c5972a94f9c3ac7eff69e72c8cacdc4) \Device\Harddisk0\DR0\Partition0
14:55:26.0531 3232 \Device\Harddisk0\DR0\Partition0 - ok
14:55:26.0546 3232 Boot (0x1200) (cd4f8d5c2db389e8d0eeb4e6467c193f) \Device\Harddisk0\DR0\Partition1
14:55:26.0546 3232 \Device\Harddisk0\DR0\Partition1 - ok
14:55:26.0546 3232 Boot (0x1200) (5dc151058aa25adc7c0230dc4c5e28dd) \Device\Harddisk5\DR7\Partition0
14:55:26.0546 3232 \Device\Harddisk5\DR7\Partition0 - ok
14:55:26.0546 3232 ============================================================
14:55:26.0546 3232 Scan finished
14:55:26.0546 3232 ============================================================
14:55:26.0562 3236 Detected object count: 0
14:55:26.0562 3236 Actual detected object count: 0
14:55:35.0031 3228 Deinitialize success

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:33 AM

Posted 18 October 2011 - 02:07 PM

Hi erroll,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 erroll

erroll
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 20 October 2011 - 07:25 PM

My computer looks like it is back to normal.
combofix found a zero access virus here is the log.
I am still unable to connect to the internet though.

ComboFix 11-10-20.03 - HP_Administrator 10/20/2011 8:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.3184 [GMT -4:00]
Running from: K:\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\-1608216556
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\123.exe
c:\documents and settings\All Users\Application Data\124.exe
c:\documents and settings\All Users\Application Data\125.exe
c:\documents and settings\All Users\Application Data\126.exe
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\1.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\a.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\b.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\c.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\d.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\e.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\f.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\g.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\h.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\i.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\J.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\k.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\l.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\m.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\n.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\o.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\p.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\q.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\r.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\s.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\t.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\u.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\v.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\w.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\x.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\y.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\PriceGong\Data\z.xml
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\g2ax_customer_downloadhelper_win32_x86.exe
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Start Menu\Programs\Data Restore
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Start Menu\Programs\Data Restore\Data Restore.lnk
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Start Menu\Programs\Data Restore\Uninstall Data Restore.lnk
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\WINDOWS
c:\program files\Common
c:\windows\$NtUninstallKB13949$
c:\windows\$NtUninstallKB13949$\1441242213\@
c:\windows\$NtUninstallKB13949$\1441242213\bckfg.tmp
c:\windows\$NtUninstallKB13949$\1441242213\cfg.ini
c:\windows\$NtUninstallKB13949$\1441242213\Desktop.ini
c:\windows\$NtUninstallKB13949$\1441242213\keywords
c:\windows\$NtUninstallKB13949$\1441242213\kwrd.dll
c:\windows\$NtUninstallKB13949$\1441242213\L\nezyfjsm
c:\windows\$NtUninstallKB13949$\1441242213\lsflt7.ver
c:\windows\$NtUninstallKB13949$\1441242213\U\00000001.@
c:\windows\$NtUninstallKB13949$\1441242213\U\00000002.@
c:\windows\$NtUninstallKB13949$\1441242213\U\80000000.@
c:\windows\$NtUninstallKB13949$\1441242213\U\80000032.@
c:\windows\$NtUninstallKB13949$\384192805
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))))
.
.
2011-10-17 23:43 . 2008-03-18 11:27 13312 ----a-w- c:\windows\system32\agrsmsvc.exe
2011-10-17 23:43 . 2007-12-11 11:40 13312 ----a-w- c:\windows\system32\agrscoin.dll
2011-10-17 23:42 . 2003-12-11 08:50 70894 ----a-w- c:\windows\system32\drivers\LMouFlt2.Sys
2011-10-17 23:42 . 2003-12-11 08:50 25630 ----a-w- c:\windows\system32\drivers\LHidFlt2.Sys
2011-10-17 23:42 . 2003-12-11 08:50 37916 ----a-w- c:\windows\system32\drivers\LHidUsb.sys
2011-10-07 23:11 . 2001-08-17 18:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-10-07 23:11 . 2001-08-17 18:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2011-10-07 23:11 . 2001-08-17 18:07 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys
2011-10-07 23:11 . 2001-08-17 18:07 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-10-07 23:11 . 2001-08-18 02:36 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2011-10-07 23:09 . 2001-08-17 17:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2011-10-07 23:09 . 2001-08-18 02:36 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2011-10-07 23:09 . 2001-08-17 18:07 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys
2011-10-07 23:09 . 2001-08-17 17:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-10-07 23:09 . 2001-08-17 16:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2011-10-07 23:09 . 2001-08-18 02:36 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2011-10-07 23:09 . 2001-08-17 16:51 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2011-10-07 23:09 . 2001-08-17 17:53 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys
2011-10-07 23:08 . 2008-04-13 18:40 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys
2011-10-07 23:08 . 2004-08-10 12:00 143422 ----a-w- c:\windows\system32\dllcache\softkey.dll
2011-10-07 23:08 . 2001-08-17 17:53 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-10-07 23:06 . 2001-08-17 18:56 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2011-10-07 23:06 . 2001-08-17 16:50 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2011-10-07 23:06 . 2004-08-04 02:31 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2011-10-07 23:06 . 2001-08-18 02:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-10-07 23:06 . 2001-08-17 16:50 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-10-07 23:06 . 2001-08-17 18:56 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-10-07 23:06 . 2001-08-17 16:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-10-07 23:06 . 2001-08-17 18:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-10-07 23:06 . 2001-08-17 16:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-10-07 23:06 . 2001-07-21 18:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-10-07 23:06 . 2001-07-21 18:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-10-07 23:06 . 2001-08-17 16:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-10-07 23:04 . 2001-08-17 16:50 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2011-10-07 23:03 . 2001-08-18 02:36 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-10-07 23:03 . 2001-08-17 16:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2011-10-07 23:03 . 2008-04-13 18:40 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2011-10-07 23:03 . 2001-08-17 16:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-10-07 23:03 . 2001-08-18 02:36 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2011-10-07 23:03 . 2001-08-17 17:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-10-07 23:03 . 2001-08-17 17:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-10-07 23:03 . 2001-08-17 17:28 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-10-07 23:03 . 2001-08-18 02:36 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-10-07 23:03 . 2001-08-17 17:53 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-10-07 23:01 . 2001-08-18 02:36 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-10-07 23:00 . 2001-08-17 16:12 30495 ----a-w- c:\windows\system32\dllcache\pc100nds.sys
2011-10-07 22:59 . 2001-08-17 16:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-10-07 22:59 . 2001-08-18 02:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-10-07 22:59 . 2001-08-17 16:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-10-07 22:59 . 2001-08-17 17:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-10-07 22:59 . 2001-08-17 17:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-10-07 22:59 . 2008-04-13 18:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-10-07 22:59 . 2001-08-17 16:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-10-07 22:59 . 2001-08-17 16:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-07 22:57 . 2001-08-17 16:11 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-10-07 22:57 . 2001-08-17 17:50 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys
2011-10-07 22:57 . 2001-08-18 02:36 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2011-10-07 22:57 . 2001-08-17 17:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2011-10-07 22:57 . 2001-08-18 02:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-10-07 22:57 . 2001-08-17 17:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2011-10-07 22:57 . 2004-08-10 12:00 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2011-10-07 22:57 . 2001-08-17 16:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-10-07 22:57 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-07 22:57 . 2001-08-17 17:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-07 22:56 . 2001-08-17 18:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-07 22:56 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-07 22:56 . 2004-08-10 12:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-10-07 22:56 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-07 22:56 . 2001-08-17 17:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-07 22:56 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-10-07 22:56 . 2001-08-17 17:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-10-07 22:56 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-10-07 22:54 . 2001-08-17 17:28 797500 ----a-w- c:\windows\system32\dllcache\ltsmt.sys
2011-10-07 22:53 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-10-07 22:53 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-10-07 22:53 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2011-10-07 22:53 . 2001-08-17 18:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2011-10-07 22:53 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-10-07 22:53 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-10-07 22:53 . 2001-08-17 17:49 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2011-10-07 22:53 . 2001-08-17 17:51 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
2011-10-07 22:53 . 2008-04-14 00:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2011-10-07 22:53 . 2008-04-14 00:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe
2011-10-07 22:53 . 2001-08-17 17:49 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2011-10-07 22:53 . 2008-04-13 18:54 88192 ----a-w- c:\windows\system32\dllcache\irda.sys
2011-10-07 22:51 . 2001-08-18 02:36 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-10-07 22:50 . 2004-08-10 12:00 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2011-10-07 22:49 . 2001-08-18 02:36 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll
2011-10-07 22:48 . 2001-08-17 18:56 470144 ----a-w- c:\windows\system32\dllcache\g200d.dll
2011-10-07 22:47 . 2001-08-18 02:36 45568 ----a-w- c:\windows\system32\dllcache\esunib.dll
2011-10-07 22:46 . 2001-08-17 16:11 153631 ----a-w- c:\windows\system32\dllcache\el90xnd5.sys
2011-10-07 22:45 . 2001-08-17 16:14 952007 ----a-w- c:\windows\system32\dllcache\diwan.sys
2011-10-07 22:44 . 2001-08-17 16:12 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2011-10-07 22:43 . 2001-08-17 18:56 111232 ----a-w- c:\windows\system32\dllcache\cl5465.dll
2011-10-07 22:42 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-10-07 22:41 . 2001-08-17 16:11 54271 ----a-w- c:\windows\system32\dllcache\bcm42xx5.sys
2011-10-07 22:40 . 2001-08-17 18:07 101888 ----a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-10-07 22:36 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-10-06 01:46 . 2011-10-06 01:46 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-04 23:05 . 2011-10-06 13:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 23:05 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-04 15:40 . 2011-10-04 15:40 -------- d-----w- c:\program files\Common Files\Scanner
2011-10-04 15:39 . 2011-10-04 15:39 -------- d-----w- c:\program files\Common Files\InstallShield
2011-10-04 14:51 . 2011-10-04 14:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-10-04 14:51 . 2011-10-04 14:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-10-03 18:20 . 2011-10-03 18:20 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-03 04:06 . 2011-10-03 23:25 -------- d--h--w- c:\program files\CCleaner
2011-10-03 04:01 . 2011-10-03 04:01 -------- d--h--w- c:\windows\PIF
2011-10-03 02:43 . 2011-10-03 05:50 -------- d--ha-w- c:\documents and settings\All Users\Application Data\TEMP
2011-10-03 02:41 . 2011-10-03 04:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\PC Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-06 01:46 . 2011-01-15 13:05 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-04 04:23 . 2004-08-10 12:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-09-09 09:12 . 2004-08-10 12:00 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-08-16 17:46 . 2005-05-17 00:05 6427240 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-08-09 15:14 . 2005-05-17 00:05 20055144 ----a-w- c:\windows\RTHDCPL.EXE
2011-08-04 15:59 . 2009-08-15 02:18 1493608 ----a-w- c:\windows\RtlUpd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-16 2510848]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-09 20055144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-05 2232752]
.
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ---ha-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ---ha-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-11-03 17:13 64104 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 00:12 27648 ---ha-w- c:\windows\system32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-05 21:19 77824 ---ha-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-26 05:34 245760 ---ha-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2004-06-07 18:42 659456 ---ha-w- c:\windows\system32\hphmon06.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-03-28 14:18 57344 ---ha-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2005-05-10 22:50 253952 ---ha-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-02-03 17:05 233304 ---ha-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
2010-06-17 21:03 75320 ---ha-w- c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ---ha-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-17 21:03 202256 ---ha-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [9/5/2011 5:00 PM 393648]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [5/16/2005 8:07 PM 85248]
S1 MpKslea350b99;MpKslea350b99;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAE178A4-9503-4B33-A3CA-9E6B188AF592}\MpKslea350b99.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAE178A4-9503-4B33-A3CA-9E6B188AF592}\MpKslea350b99.sys [?]
S1 MpKslee7c7297;MpKslee7c7297;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61FA82CA-1EDD-4256-9E1F-F08E74230CD9}\MpKslee7c7297.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61FA82CA-1EDD-4256-9E1F-F08E74230CD9}\MpKslee7c7297.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2010 4:53 PM 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2010 4:53 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-17 20:53]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-17 20:53]
.
2011-10-08 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2011-10-08 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
2011-10-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1666320506-3108867365-748390217-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-10-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1666320506-3108867365-748390217-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-10-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1666320506-3108867365-748390217-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-10-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1666320506-3108867365-748390217-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.seifelden.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: plaxo.com\www
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-09417254.sys
SafeBoot-70390229.sys
MSConfigStartUp-AutoTBar - c:\program files\HP\Digital Imaging\bin\AUTOTBAR.EXE
AddRemove-InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 09:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1884)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\agrsmsvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-10-20 09:45:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-20 13:45
.
Pre-Run: 187,727,699,968 bytes free
Post-Run: 189,902,835,712 bytes free
.
- - End Of File - - 84021131DD9EBEEA5CDA7763E1A54A27

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:33 AM

Posted 21 October 2011 - 01:46 AM

Hi, I think I see why the internet isn't working.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    ipsec.sys
    
    :reg
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 erroll

erroll
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 21 October 2011 - 03:06 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 15:47 on 21/10/2011 by HP_Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "ipsec.sys"
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [12:52 18/03/2009] [12:00 10/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys ------- 75264 bytes [05:54 07/09/2008] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\dllcache\ipsec.sys --a---- 75264 bytes [05:54 07/09/2008] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91

Searching for " "
No files found.

========== reg ==========

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec]
(Unable to open key - key not found)

-= EOF =-

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:33 AM

Posted 22 October 2011 - 04:57 AM

Nice (not), something deleted the Ipsec service, which we will need to recreate. Please navigate to the following file: c:\windows\repair\system <-- right click this file and select Send To > Zipped (compressed) folder. Save the file to your desktop.

Upload system.zip, which will now be present on your desktop at http://www.bleepingcomputer.com/submit-malware.php?channel=105 and post here to let me know once you uploaded the file.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:33 AM

Posted 22 October 2011 - 11:45 AM

Hi again, let me know if the internet works after the following steps.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
FCopy::
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys | c:\windows\system32\drivers\ipsec.sys

Registry::
[HKEY_LOCAL_MACHINE\System\currentcontrolset\services\ipsec]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,70,73,\
  65,63,2e,73,79,73,00
"DisplayName"="IPSEC driver"
"Group"="PNP_TDI"
"Description"="IPSEC driver"
[HKEY_LOCAL_MACHINE\System\currentcontrolset\services\ipsec\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 erroll

erroll
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 22 October 2011 - 07:16 PM

Here ya go


ComboFix 11-10-20.03 - HP_Administrator 10/22/2011 19:46:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2955 [GMT -4:00]
Running from: K:\ComboFix.exe
Command switches used :: K:\CFScript.txt
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\kb913800.exe
c:\windows\system32\d3d9caps.dat
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\ipsec.sys --> c:\windows\system32\drivers\ipsec.sys
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
2011-10-22 23:46 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-10-17 23:43 . 2008-03-18 11:27 13312 ----a-w- c:\windows\system32\agrsmsvc.exe
2011-10-17 23:43 . 2007-12-11 11:40 13312 ----a-w- c:\windows\system32\agrscoin.dll
2011-10-17 23:42 . 2003-12-11 08:50 70894 ----a-w- c:\windows\system32\drivers\LMouFlt2.Sys
2011-10-17 23:42 . 2003-12-11 08:50 25630 ----a-w- c:\windows\system32\drivers\LHidFlt2.Sys
2011-10-17 23:42 . 2003-12-11 08:50 37916 ----a-w- c:\windows\system32\drivers\LHidUsb.sys
2011-10-07 22:43 . 2001-08-17 18:56 111232 ----a-w- c:\windows\system32\dllcache\cl5465.dll
2011-10-07 22:42 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-10-07 22:41 . 2001-08-17 16:11 54271 ----a-w- c:\windows\system32\dllcache\bcm42xx5.sys
2011-10-07 22:40 . 2001-08-17 18:07 101888 ----a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-10-06 01:46 . 2011-10-06 01:46 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-04 23:05 . 2011-10-06 13:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 23:05 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-04 15:40 . 2011-10-04 15:40 -------- d-----w- c:\program files\Common Files\Scanner
2011-10-04 15:39 . 2011-10-04 15:39 -------- d-----w- c:\program files\Common Files\InstallShield
2011-10-04 14:51 . 2011-10-04 14:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-10-04 14:51 . 2011-10-04 14:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-10-03 18:20 . 2011-10-03 18:20 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-03 04:06 . 2011-10-03 23:25 -------- d-----w- c:\program files\CCleaner
2011-10-03 04:01 . 2011-10-03 04:01 -------- d-----w- c:\windows\PIF
2011-10-03 02:43 . 2011-10-03 05:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-10-03 02:41 . 2011-10-03 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-06 01:46 . 2011-01-15 13:05 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-04 04:23 . 2004-08-10 12:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-09-09 09:12 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-16 17:46 . 2005-05-17 00:05 6427240 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-08-09 15:14 . 2005-05-17 00:05 20055144 ----a-w- c:\windows\RTHDCPL.EXE
2011-08-04 15:59 . 2009-08-15 02:18 1493608 ----a-w- c:\windows\RtlUpd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-16 2510848]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-09 20055144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-05 2232752]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-11-03 17:13 64104 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-05 21:19 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-26 05:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2004-06-07 18:42 659456 ----a-w- c:\windows\system32\hphmon06.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-03-28 14:18 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2005-05-10 22:50 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-02-03 17:05 233304 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
2010-06-17 21:03 75320 ----a-w- c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-17 21:03 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [9/5/2011 5:00 PM 393648]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [5/16/2005 8:07 PM 85248]
S1 MpKslea350b99;MpKslea350b99;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAE178A4-9503-4B33-A3CA-9E6B188AF592}\MpKslea350b99.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAE178A4-9503-4B33-A3CA-9E6B188AF592}\MpKslea350b99.sys [?]
S1 MpKslee7c7297;MpKslee7c7297;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61FA82CA-1EDD-4256-9E1F-F08E74230CD9}\MpKslee7c7297.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61FA82CA-1EDD-4256-9E1F-F08E74230CD9}\MpKslee7c7297.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2010 4:53 PM 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2010 4:53 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-17 20:53]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-17 20:53]
.
2011-10-08 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2011-10-08 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
2011-10-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1666320506-3108867365-748390217-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-10-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1666320506-3108867365-748390217-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-10-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1666320506-3108867365-748390217-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-10-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1666320506-3108867365-748390217-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zradio.org/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: plaxo.com\www
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-22 20:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(332)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\RTHDCPL.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-10-22 20:13:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-23 00:12
ComboFix2.txt 2011-10-20 13:45
.
Pre-Run: 190,028,427,264 bytes free
Post-Run: 189,965,086,720 bytes free
.
- - End Of File - - 9F01B0731D849D1AF0D698A9BF431818

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:33 AM

Posted 23 October 2011 - 02:05 AM

Is the internet working now?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 erroll

erroll
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 24 October 2011 - 09:02 AM

Elise
Yes
Thank You sooooooooooooooooo much
Do I need to to anything else?
Thanks
Erroll

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:33 AM

Posted 24 October 2011 - 09:18 AM

Hi again, glad to hear that. Do you have any problem left?

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users