Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

limited or no connectivity; can't renew IP address


  • This topic is locked This topic is locked
18 replies to this topic

#1 jblitz

jblitz

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 24 November 2011 - 05:42 PM

Older Dell desktop, Windows XP Home, SP3. Internet connection via Linksys Wireless-N Gigabit router. Has worked fine in the past and continues to work with other computers and devices in the house. After a malware attack I cannot restore the internet connection. My wireless signal is strong, but get a "limited or no connectivity" error message because "network did not assign a network address to the computer." Network connection details: IP Address 169.254.227.169; subnet mask 255.255.0.0. After clicking "Repair" I get "Windows could not finish repairing because the following action cannot be completed: Renewing your IP address." TCP/IP is set set to obtain IP address and DNS server address automatically. When I try to access Windows Firewall settings I get error message "cannot be displayed because the associated service is not running." when I try to start the Windows Firewall/Internet Connection Sharing (ICS) service, Windows can't start it. I have now tried putting in a static IP address. This eliminates the "limited or no connectivity" problem but I still can't connect to the internet. Any help is much appreciated.

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by John at 13:00:05 on 2011-11-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.2028 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://my.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Desktop Search Capture: {7c1ce531-09e9-4fc5-9803-1c2956615786} - IeCaptureBho Object
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\~disab~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\~disab~1\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxps://teamroom.williamsmullen.com/qp2.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149041529671
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DB1778CC-EF79-486E-A416-7B79176C013F} - hxxp://docs.sonic.com/cprm/9302/SonicDownloadManager.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{0A90A594-C1D5-4382-B99B-61A9FE004CBD} : NameServer = 68.105.28.11,68.105.29.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\john\application data\mozilla\firefox\profiles\zl9q0xa3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi(2).dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi(3).dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npCinemaNowPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-3 13496]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-7-3 328536]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2009-6-26 102400]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.SYS [?]
S2 gupdate1c98624efeae92a;Google Update Service (gupdate1c98624efeae92a);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-3 271480]
S3 DSCVc;Video Capture;c:\windows\system32\drivers\CoachVc.sys [2008-4-24 44256]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-7-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-7-9 40552]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 594048]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
.
=============== Created Last 30 ================
.
2011-11-19 15:16:35 98816 ----a-w- c:\windows\sed.exe
2011-11-19 15:16:35 518144 ----a-w- c:\windows\SWREG.exe
2011-11-19 15:16:35 256000 ----a-w- c:\windows\PEV.exe
2011-11-19 15:16:35 208896 ----a-w- c:\windows\MBR.exe
2011-11-13 19:53:42 -------- d-----w- c:\windows\Internet Logs
2011-11-13 19:41:38 -------- d-----w- c:\windows\Internet Logs(4)
2011-11-13 16:05:31 -------- d-----w- c:\documents and settings\john\application data\SUPERAntiSpyware.com
2011-11-13 15:59:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-12 18:27:48 -------- d-----w- c:\windows\Internet Logs(2)
2011-11-12 15:28:20 -------- d-----w- C:\ERDNT
2011-11-10 13:52:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-16 15:02:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 13:00:58.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 AM

Posted 29 November 2011 - 05:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/429188 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 jblitz

jblitz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 29 November 2011 - 07:58 PM

I have already described the problem as best I can in the original post and the attached logs in that post are current. After the malware attack became apparent, I ran Super Anti-spyware, Malware bytes, and combofix. Nothing found in the first two. Combofix found and deleted a rootkit. I also tried running various commands suggested on posts with similar problems. Also turned modem and router off and on. Nothing has worked. I do have the Windows XP installation cd with SP2.

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:01 PM

Posted 30 November 2011 - 04:16 AM

Hi,

One reason why we ask not to follow instructions given for other users but create own topic. Instructions are not same for each infected system even if symptoms look similar. It can make situation even worse.

Post contents of c:\ComboFix.txt file (don't re-run ComboFix). Post also fresh dds.txt contents.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 jblitz

jblitz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 30 November 2011 - 07:58 PM

Attached File  attach 30 Nov..txt   16.37KB   2 downloads Thank you for helping. I can't locate the combofix log. Here is a new DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by John at 19:52:19 on 2011-11-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.2016 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://my.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Desktop Search Capture: {7c1ce531-09e9-4fc5-9803-1c2956615786} - IeCaptureBho Object
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\~disab~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\~disab~1\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxps://teamroom.williamsmullen.com/qp2.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149041529671
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DB1778CC-EF79-486E-A416-7B79176C013F} - hxxp://docs.sonic.com/cprm/9302/SonicDownloadManager.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{0A90A594-C1D5-4382-B99B-61A9FE004CBD} : NameServer = 68.105.28.11,68.105.29.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\john\application data\mozilla\firefox\profiles\zl9q0xa3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi(2).dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi(3).dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npCinemaNowPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-3 13496]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-7-3 328536]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2009-6-26 102400]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.SYS [?]
S2 gupdate1c98624efeae92a;Google Update Service (gupdate1c98624efeae92a);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-3 271480]
S3 DSCVc;Video Capture;c:\windows\system32\drivers\CoachVc.sys [2008-4-24 44256]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-7-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-7-9 40552]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 594048]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
.
=============== Created Last 30 ================
.
2011-11-19 15:16:35 98816 ----a-w- c:\windows\sed.exe
2011-11-19 15:16:35 518144 ----a-w- c:\windows\SWREG.exe
2011-11-19 15:16:35 256000 ----a-w- c:\windows\PEV.exe
2011-11-19 15:16:35 208896 ----a-w- c:\windows\MBR.exe
2011-11-13 19:53:42 -------- d-----w- c:\windows\Internet Logs
2011-11-13 19:41:38 -------- d-----w- c:\windows\Internet Logs(4)
2011-11-13 16:05:31 -------- d-----w- c:\documents and settings\john\application data\SUPERAntiSpyware.com
2011-11-13 15:59:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-12 18:27:48 -------- d-----w- c:\windows\Internet Logs(2)
2011-11-12 15:28:20 -------- d-----w- C:\ERDNT
2011-11-10 13:52:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-16 15:02:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:52:36.87 ===============

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:01 PM

Posted 01 December 2011 - 12:58 AM

Hi,

Look from c:\ComboFix folder too. If not found run ComboFix again (let it update itself) to get a log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 jblitz

jblitz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 01 December 2011 - 08:46 AM

Found it.

ComboFix 11-11-19.03 - John 11/19/2011 10:18:48.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.1944 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\123.exe.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-13 19:33 . 2011-11-13 19:53 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\ZoneAlarm_Security
2011-11-13 19:33 . 2011-11-13 19:53 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-11-13 19:33 . 2011-11-13 19:53 -------- d-----w- c:\windows\system32\ZoneLabs
2011-11-13 19:33 . 2011-11-13 19:33 -------- d-----w- c:\program files\Zone Labs
2011-11-13 16:05 . 2011-11-13 16:05 -------- d-----w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com
2011-11-13 15:59 . 2011-11-13 19:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-12 15:28 . 2011-11-13 19:33 -------- d-----w- C:\ERDNT
2011-11-10 13:52 . 2011-11-13 19:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 15:02 . 2011-08-11 04:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2008-12-30 23:16 . 2008-12-30 23:16 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-12-30 23:16 . 2008-12-30 23:16 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-12-30 23:16 . 2008-12-30 23:16 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-11-01 23:20 . 2011-03-26 15:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-24 14:45 . 2005-05-19 14:24 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla(2).dll
2011-03-24 14:45 . 2005-05-19 14:24 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla(3).dll
2011-03-24 14:45 . 2005-05-19 14:24 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-13_22.50.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-12-13 16:12 . 2011-11-13 16:19 72160 c:\windows\SYSTEM32\PERFC009.DAT
+ 2004-12-13 16:12 . 2011-11-13 22:57 72160 c:\windows\SYSTEM32\PERFC009.DAT
+ 2004-12-13 16:12 . 2011-11-13 22:57 442894 c:\windows\SYSTEM32\PERFH009.DAT
- 2004-12-13 16:12 . 2011-11-13 16:19 442894 c:\windows\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-06-26 450560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\~Disabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 942]
2004-08-31 14:18 294912 ----a-w- c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM]
2004-07-27 14:08 262144 ----a-w- c:\program files\Dell Photo AIO Printer 942\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 21:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cakewalk\\SONAR 5 Producer Edition\\SONARPDR.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\SYSTEM32\DRIVERS\SmartDefragDriver.sys [7/3/2011 10:15 AM 13496]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [7/3/2011 10:14 AM 328536]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [6/26/2009 2:56 PM 102400]
R3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [11/7/2010 3:52 PM 47360]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
S2 gupdate1c98624efeae92a;Google Update Service (gupdate1c98624efeae92a);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 12:29 PM 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 2:43 PM 204800]
S2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" --> c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [?]
S3 DSCVc;Video Capture;c:\windows\SYSTEM32\DRIVERS\CoachVc.sys [4/24/2008 10:08 AM 44256]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 12:29 PM 133104]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\SYSTEM32\DRIVERS\RTL8192su.sys [1/6/2010 4:21 PM 594048]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-11-16 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-07-03 20:40]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 17:28]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 17:28]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-797953205-403173144-552636913-500Core.job
- c:\documents and settings\Administrator.DB3HG961\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-13 00:51]
.
2007-12-31 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
.
2011-04-17 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 08:30]
.
2011-04-17 c:\windows\Tasks\RCHubTask 1 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 08:30]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://my.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {DB1778CC-EF79-486E-A416-7B79176C013F} - hxxp://docs.sonic.com/cprm/9302/SonicDownloadManager.dll
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\zl9q0xa3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 10:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(8032)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-11-19 10:28:51
ComboFix-quarantined-files.txt 2011-11-19 15:28
ComboFix2.txt 2011-11-13 22:55
ComboFix3.txt 2011-06-18 22:55
ComboFix4.txt 2011-06-05 17:57
ComboFix5.txt 2011-11-19 15:16
.
Pre-Run: 24,751,886,336 bytes free
Post-Run: 24,724,877,312 bytes free
.
- - End Of File - - DAA82B3433F0BBC17DB144A9BC6F0DCE

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:01 PM

Posted 01 December 2011 - 11:12 AM

Hi,

Post contents of ComboFix5.txt file. It should be in c:\ComboFix or c:\qoobox folder.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 jblitz

jblitz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 01 December 2011 - 07:38 PM

Hello,

ComboFix5:

ComboFix 10-07-08.02 - John 07/09/2010 15:39:28.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.2119 [GMT -4:00]
Running from: C:\ComboFix.exe
.
ComboFix encountered a terminal error!! Please upload this file - C:\ComboFix_error.dat
to: http://www.bleepingcomputer.com/submit-malware.php?channel=4

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\John\Local Settings\Application Data\{AB6DA049-1C54-4114-A7BC-B95CB83CEFE6}
c:\documents and settings\John\Local Settings\Application Data\{AB6DA049-1C54-4114-A7BC-B95CB83CEFE6}\chrome\content\_cfg.js
c:\documents and settings\John\Local Settings\Application Data\{AB6DA049-1C54-4114-A7BC-B95CB83CEFE6}\chrome\content\overlay.xul
c:\documents and settings\John\Local Settings\Application Data\{AB6DA049-1C54-4114-A7BC-B95CB83CEFE6}\install.rdf
c:\windows\jestertb.dll
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-09 19:48 . 2010-07-09 19:48 45655 ----a-w- C:\ComboFix_error.dat
2010-07-09 19:25 . 2010-07-09 19:25 3728667 ----a-r- C:\ComboFix.exe
2010-07-09 19:13 . 2010-07-09 19:19 -------- d-----w- C:\remote-service
2010-07-09 18:49 . 2010-07-09 18:49 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2010-07-09 16:40 . 2010-07-09 16:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-07-09 16:40 . 2010-07-09 16:46 -------- d-s---w- c:\documents and settings\Administrator
2010-07-09 13:26 . 2010-07-09 16:46 -------- dc----w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-08 23:08 . 2010-07-09 16:47 -------- d-----w- c:\program files\Common Files\McAfee(2)
2010-07-08 23:08 . 2010-07-09 16:47 -------- d-----w- c:\program files\McAfee(2).com
2010-07-08 23:08 . 2010-07-09 16:48 -------- d-----w- c:\program files\McAfee(2)
2010-07-08 15:55 . 2010-07-09 18:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-08 15:43 . 2010-07-09 12:22 0 ----a-w- c:\windows\Ijoxiwedoke.bin
2010-07-08 15:43 . 2010-07-08 22:14 120 ----a-w- c:\windows\Htiqu.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 18:48 . 2010-07-09 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-09 16:46 . 2010-07-09 16:46 -------- d--h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-07-06 00:39 . 2005-01-23 19:57 -------- d-----w- c:\documents and settings\John\Application Data\Roxio
2010-06-27 16:24 . 2010-02-18 19:07 -------- d-----w- c:\documents and settings\John\Application Data\CameraWindowDC
2010-06-27 16:22 . 2009-01-01 22:42 -------- d-----w- c:\documents and settings\John\Application Data\Canon
2010-06-27 16:16 . 2009-01-08 01:17 -------- d-----w- c:\documents and settings\John\Application Data\ZoomBrowser EX
2010-06-10 00:40 . 2008-12-29 23:53 -------- d-----w- c:\program files\WebEx
2010-06-08 15:04 . 2009-11-07 16:04 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-22 13:50 . 2010-05-22 13:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 12:24 . 2010-05-21 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2010-05-04 17:20 . 2004-08-04 11:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2009-09-16 01:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 13:50 . 2009-11-07 16:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-02 13:50 . 2009-11-07 18:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-02 05:22 . 2004-08-04 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-10-24 06:47 . 2005-05-19 14:24 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-30 23:16 . 2008-12-30 23:16 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-12-30 23:16 . 2008-12-30 23:16 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-12-30 23:16 . 2008-12-30 23:16 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2009-03-14 16:21 . 2009-03-11 19:02 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-04-17 197856]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
caclsAllowAndDelete.exe [2010-2-25 22016]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 21:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cakewalk\\SONAR 5 Producer Edition\\SONARPDR.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [11/7/2009 12:04 PM 64288]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [1/30/2009 7:14 PM 125304]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 1:51 PM 25824]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 4:22 PM 102400]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
S2 gupdate1c98624efeae92a;Google Update Service (gupdate1c98624efeae92a);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 1:29 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/9/2010 9:21 AM 1352832]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
S3 DSCVc;Video Capture;c:\windows\SYSTEM32\DRIVERS\CoachVc.sys [4/24/2008 11:08 AM 44256]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/10/2005 10:48 PM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-06-15 15:04]

2010-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 17:28]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 17:28]

2007-12-31 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]

2010-07-06 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 08:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: cinemanow.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {DB1778CC-EF79-486E-A416-7B79176C013F} - hxxp://docs.sonic.com/cprm/9302/SonicDownloadManager.dll
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\zl9q0xa3.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - component: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\zl9q0xa3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npCinemaNowPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 16:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\John\Application Data\WD\WD Anywhere Backup\instances\44E8327B-9530-454D-98D4-6936C8CB1BDC\44e8327b-9530-454d-98d4-6936c8cb1bdc-errors.db3-journal

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2380)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\fxssvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe
c:\program files\CinemaNow\CinemaNow Media Manager\CNRpc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\WD\WD Anywhere Backup\MemeoBackup.exe
.
**************************************************************************
.
Completion time: 2010-07-09 16:09:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-09 20:09

Pre-Run: 39,820,709,888 bytes free
Post-Run: 39,756,337,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - CF312B2C7E10B852E353F810F191C517
ComboFix 11-05-28.01 - Administrator 05/29/2011 13:48:43.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.2263 [GMT -4:00]
Running from: c:\documents and settings\Administrator.DB3HG961\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\John\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
.
.
2011-05-29 17:09 . 2011-05-29 17:09 -------- d-----w- c:\windows\LastGood.Tmp
2011-05-29 16:40 . 2011-05-29 16:40 -------- d-----w- c:\documents and settings\Administrator.DB3HG961\Local Settings\Application Data\Apple Computer
2011-05-29 15:53 . 2011-05-29 15:53 -------- d-----w- c:\documents and settings\Administrator.DB3HG961\Local Settings\Application Data\Identities
2011-05-19 01:00 . 2011-05-29 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-18 03:16 . 2011-05-18 03:16 -------- d-----w- C:\$AVG
2011-05-18 02:59 . 2011-05-18 02:59 -------- d-----w- c:\documents and settings\Administrator.DB3HG961\Application Data\AVG10
2011-05-18 02:41 . 2011-05-29 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-05-18 02:33 . 2011-05-18 02:33 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-05-18 02:32 . 2011-05-29 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-05-14 16:13 . 2011-05-14 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-14 16:13 . 2011-05-14 16:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-14 15:39 . 2011-05-14 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-05-14 15:39 . 2011-05-14 18:30 -------- d-----w- c:\program files\IObit
2011-05-12 21:50 . 2011-05-12 21:50 -------- d-----w- c:\documents and settings\Administrator.DB3HG961\Local Settings\Application Data\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-04 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-04 11:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2008-12-30 23:16 . 2008-12-30 23:16 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-12-30 23:16 . 2008-12-30 23:16 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-12-30 23:16 . 2008-12-30 23:16 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-05-01 15:05 . 2011-03-26 15:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-24 14:45 . 2005-05-19 14:24 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-24 30192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\~Disabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 942]
2004-08-31 14:18 294912 ----a-w- c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM]
2004-07-27 14:08 262144 ----a-w- c:\program files\Dell Photo AIO Printer 942\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 21:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cakewalk\\SONAR 5 Producer Edition\\SONARPDR.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 4:22 PM 102400]
S2 0238581305246838mcinstcleanup;McAfee Application Installer Cleanup (0238581305246838);c:\docume~1\ADMINI~1.DB~\LOCALS~1\Temp\023858~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1.DB~\LOCALS~1\Temp\023858~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c98624efeae92a;Google Update Service (gupdate1c98624efeae92a);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 1:29 PM 133104]
S3 DSCVc;Video Capture;c:\windows\SYSTEM32\DRIVERS\CoachVc.sys [4/24/2008 11:08 AM 44256]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/10/2005 10:48 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 1:29 PM 133104]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\SYSTEM32\DRIVERS\RTL8192su.sys [1/6/2010 5:21 PM 594048]
S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 17:28]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 17:28]
.
2007-12-31 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
.
2011-04-17 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 08:30]
.
2011-04-17 c:\windows\Tasks\RCHubTask 1 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 08:30]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://my.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {DB1778CC-EF79-486E-A416-7B79176C013F} - hxxp://docs.sonic.com/cprm/9302/SonicDownloadManager.dll
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\zl9q0xa3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-Advanced Spyware Remover - c:\program files\IObit\Advanced Spyware Remover\ASRtray.exe
MSConfigStartUp-avast - c:\program files\AVAST Software\Avast\avastUI.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-ctfmon - c:\windows\system32\ctfmon.exe
MSConfigStartUp-IObit Security 360 - c:\program files\IObit\IObit Security 360\IS360tray.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-29 14:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(7348)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\java.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\fxssvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-05-29 14:06:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-29 18:06
ComboFix2.txt 2010-07-09 20:09
.
Pre-Run: 25,718,861,824 bytes free
Post-Run: 24,504,995,840 bytes free
.
- - End Of File - - C0B250A055A09BD3F481C36BF07BE7B4

Result.txt

MiniToolBox by Farbar
Ran by John (administrator) on 01-12-2011 at 19:34:12
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : OFFICE

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-87-35-8C

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 87 35 8c ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (12/01/2011 07:04:00 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (12/01/2011 07:03:30 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (12/01/2011 07:03:30 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (12/01/2011 07:03:00 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (12/01/2011 07:03:00 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (12/01/2011 07:02:30 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (12/01/2011 07:02:30 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (12/01/2011 07:02:00 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (12/01/2011 07:02:00 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (12/01/2011 07:01:30 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 2550.07 MB
Available physical RAM: 2013.92 MB
Total Pagefile: 3152.36 MB
Available Pagefile: 2840.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.02 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:146.21 GB) (Free:24.01 GB) NTFS
2 Drive f: () (Removable) (Total:1.87 GB) (Free:1.76 GB) FAT

========================= Users: ========================================

User accounts for \\OFFICE

Administrator Guest HelpAssistant
John SUPPORT_388945a0


**** End of log ****

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:01 PM

Posted 02 December 2011 - 12:58 AM

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 jblitz

jblitz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 02 December 2011 - 09:38 AM

Hello,

Sorry, but I was doing this too quickly and selected "Continue" without changing to "Skip." There was one rootkit threat detected and "cured." Here is the log

09:10:28.0531 12012 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
09:10:28.0546 12012 ============================================================
09:10:28.0546 12012 Current date / time: 2011/12/02 09:10:28.0546
09:10:28.0546 12012 SystemInfo:
09:10:28.0546 12012
09:10:28.0546 12012 OS Version: 5.1.2600 ServicePack: 3.0
09:10:28.0546 12012 Product type: Workstation
09:10:28.0546 12012 ComputerName: OFFICE
09:10:28.0546 12012 UserName: John
09:10:28.0546 12012 Windows directory: C:\WINDOWS
09:10:28.0546 12012 System windows directory: C:\WINDOWS
09:10:28.0546 12012 Processor architecture: Intel x86
09:10:28.0546 12012 Number of processors: 2
09:10:28.0546 12012 Page size: 0x1000
09:10:28.0546 12012 Boot type: Normal boot
09:10:28.0546 12012 ============================================================
09:10:29.0406 12012 Initialize success
09:10:41.0921 12220 ============================================================
09:10:41.0921 12220 Scan started
09:10:41.0921 12220 Mode: Manual;
09:10:41.0921 12220 ============================================================
09:10:42.0406 12220 Abiosdsk - ok
09:10:42.0468 12220 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:10:42.0468 12220 abp480n5 - ok
09:10:42.0484 12220 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:10:42.0484 12220 ACPI - ok
09:10:42.0515 12220 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:10:42.0515 12220 ACPIEC - ok
09:10:42.0546 12220 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:10:42.0546 12220 adpu160m - ok
09:10:42.0609 12220 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
09:10:42.0609 12220 aeaudio - ok
09:10:42.0640 12220 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:10:42.0640 12220 aec - ok
09:10:42.0703 12220 AFD (cec2900181f03c43fbcb97a9fc4ccc9d) C:\WINDOWS\System32\drivers\afd.sys
09:10:42.0703 12220 AFD ( Rootkit.Win32.ZAccess.k ) - infected
09:10:42.0703 12220 AFD - detected Rootkit.Win32.ZAccess.k (0)
09:10:42.0718 12220 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:10:42.0718 12220 agp440 - ok
09:10:42.0750 12220 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:10:42.0765 12220 agpCPQ - ok
09:10:42.0781 12220 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:10:42.0781 12220 Aha154x - ok
09:10:42.0796 12220 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:10:42.0796 12220 aic78u2 - ok
09:10:42.0812 12220 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:10:42.0812 12220 aic78xx - ok
09:10:42.0843 12220 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:10:42.0843 12220 AliIde - ok
09:10:42.0859 12220 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:10:42.0859 12220 alim1541 - ok
09:10:42.0890 12220 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:10:42.0890 12220 amdagp - ok
09:10:42.0921 12220 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:10:42.0921 12220 amsint - ok
09:10:42.0953 12220 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:10:42.0953 12220 asc - ok
09:10:42.0968 12220 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:10:42.0968 12220 asc3350p - ok
09:10:42.0984 12220 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:10:42.0984 12220 asc3550 - ok
09:10:43.0046 12220 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:10:43.0046 12220 AsyncMac - ok
09:10:43.0062 12220 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:10:43.0062 12220 atapi - ok
09:10:43.0078 12220 Atdisk - ok
09:10:43.0125 12220 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:10:43.0125 12220 Atmarpc - ok
09:10:43.0171 12220 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:10:43.0171 12220 audstub - ok
09:10:43.0234 12220 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:10:43.0234 12220 Beep - ok
09:10:43.0250 12220 bvrp_pci - ok
09:10:43.0265 12220 catchme - ok
09:10:43.0312 12220 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:10:43.0312 12220 cbidf - ok
09:10:43.0328 12220 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:10:43.0328 12220 cbidf2k - ok
09:10:43.0375 12220 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:10:43.0375 12220 CCDECODE - ok
09:10:43.0390 12220 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:10:43.0390 12220 cd20xrnt - ok
09:10:43.0421 12220 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:10:43.0421 12220 Cdaudio - ok
09:10:43.0453 12220 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:10:43.0453 12220 Cdfs - ok
09:10:43.0484 12220 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
09:10:43.0484 12220 cdrbsdrv - ok
09:10:43.0500 12220 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:10:43.0500 12220 Cdrom - ok
09:10:43.0515 12220 Changer - ok
09:10:43.0562 12220 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:10:43.0562 12220 CmdIde - ok
09:10:43.0609 12220 CoachUsb (7a0b457eefef8cbaa0cc44c8819113bd) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
09:10:43.0609 12220 CoachUsb - ok
09:10:43.0640 12220 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:10:43.0640 12220 Cpqarray - ok
09:10:43.0687 12220 cwcspud (798ddec7fc30464f8cb6521122bead05) C:\WINDOWS\system32\drivers\cwcspud.sys
09:10:43.0687 12220 cwcspud - ok
09:10:43.0750 12220 cwcwdm (a53a331cda2434a9cb421c3d1717a8d2) C:\WINDOWS\system32\drivers\cwcwdm.sys
09:10:43.0750 12220 cwcwdm - ok
09:10:43.0796 12220 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:10:43.0796 12220 dac2w2k - ok
09:10:43.0828 12220 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:10:43.0828 12220 dac960nt - ok
09:10:43.0875 12220 DELTA (704c8d42e92dbdb0a0b2afdd277df3b8) C:\WINDOWS\system32\DRIVERS\delta.sys
09:10:43.0875 12220 DELTA - ok
09:10:43.0890 12220 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:10:43.0890 12220 Disk - ok
09:10:43.0953 12220 DLABMFSM (7a1e8f722479ef934d71798ac3617ed7) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
09:10:43.0953 12220 DLABMFSM - ok
09:10:43.0968 12220 DLABOIOM (2281b5c596c04645426b3771a3bd5657) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:10:43.0968 12220 DLABOIOM - ok
09:10:44.0015 12220 DLACDBHM (43749294a1d9f22fe164a62c1a42919d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:10:44.0015 12220 DLACDBHM - ok
09:10:44.0046 12220 DLADResM (54a3f9ebd1ddc975736f8e18a9b8fce9) C:\WINDOWS\system32\DLA\DLADResM.SYS
09:10:44.0046 12220 DLADResM - ok
09:10:44.0062 12220 DLAIFS_M (e0fbaf0146bfceec29f31f07452db4ad) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:10:44.0062 12220 DLAIFS_M - ok
09:10:44.0093 12220 DLAOPIOM (d3ce0c76496a5332032399639485774f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:10:44.0093 12220 DLAOPIOM - ok
09:10:44.0109 12220 DLAPoolM (fce1882364d4c324b937a841ef9c58ac) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:10:44.0109 12220 DLAPoolM - ok
09:10:44.0156 12220 DLARTL_M (14183a8eff683eb0c1774802578ed0f4) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
09:10:44.0156 12220 DLARTL_M - ok
09:10:44.0171 12220 DLAUDFAM (2ef8c92ab8411589387845f58534c7d9) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:10:44.0171 12220 DLAUDFAM - ok
09:10:44.0203 12220 DLAUDF_M (a2096fd7b5037085a3dc580e2891d2c4) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:10:44.0203 12220 DLAUDF_M - ok
09:10:44.0281 12220 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:10:44.0281 12220 dmboot - ok
09:10:44.0312 12220 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:10:44.0312 12220 dmio - ok
09:10:44.0343 12220 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:10:44.0343 12220 dmload - ok
09:10:44.0375 12220 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:10:44.0375 12220 DMusic - ok
09:10:44.0437 12220 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:10:44.0437 12220 dpti2o - ok
09:10:44.0468 12220 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:10:44.0468 12220 drmkaud - ok
09:10:44.0500 12220 drvmcdb (1fb11e1eac27668754fd18a079cccfb3) C:\WINDOWS\system32\drivers\drvmcdb.sys
09:10:44.0500 12220 drvmcdb - ok
09:10:44.0515 12220 drvnddm (9628dfa16b1a47615c65318f8776f233) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:10:44.0515 12220 drvnddm - ok
09:10:44.0546 12220 DSCVc (614ca0bfa09861e42ad8d14b83540758) C:\WINDOWS\system32\DRIVERS\CoachVc.sys
09:10:44.0546 12220 DSCVc - ok
09:10:44.0671 12220 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
09:10:44.0671 12220 DSproct - ok
09:10:44.0718 12220 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
09:10:44.0718 12220 dsunidrv - ok
09:10:44.0765 12220 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:10:44.0765 12220 E100B - ok
09:10:44.0843 12220 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:10:44.0843 12220 Fastfat - ok
09:10:44.0890 12220 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:10:44.0890 12220 Fdc - ok
09:10:44.0921 12220 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
09:10:44.0921 12220 FilterService - ok
09:10:44.0953 12220 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:10:44.0953 12220 Fips - ok
09:10:45.0000 12220 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:10:45.0000 12220 Flpydisk - ok
09:10:45.0046 12220 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:10:45.0046 12220 FltMgr - ok
09:10:45.0093 12220 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:10:45.0093 12220 Fs_Rec - ok
09:10:45.0125 12220 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:10:45.0125 12220 Ftdisk - ok
09:10:45.0140 12220 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
09:10:45.0140 12220 gameenum - ok
09:10:45.0187 12220 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:10:45.0187 12220 GEARAspiWDM - ok
09:10:45.0234 12220 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:10:45.0234 12220 Gpc - ok
09:10:45.0281 12220 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:10:45.0281 12220 HidUsb - ok
09:10:45.0343 12220 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:10:45.0343 12220 hpn - ok
09:10:45.0375 12220 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:10:45.0375 12220 HPZid412 - ok
09:10:45.0406 12220 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:10:45.0406 12220 HPZipr12 - ok
09:10:45.0437 12220 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:10:45.0437 12220 HPZius12 - ok
09:10:45.0500 12220 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:10:45.0500 12220 HSFHWBS2 - ok
09:10:45.0562 12220 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:10:45.0562 12220 HSF_DP - ok
09:10:45.0609 12220 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:10:45.0609 12220 HTTP - ok
09:10:45.0656 12220 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:10:45.0656 12220 i2omgmt - ok
09:10:45.0703 12220 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:10:45.0703 12220 i2omp - ok
09:10:45.0750 12220 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:10:45.0750 12220 i8042prt - ok
09:10:45.0812 12220 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:10:45.0828 12220 ialm - ok
09:10:45.0859 12220 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
09:10:45.0859 12220 Imapi - ok
09:10:45.0875 12220 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:10:45.0890 12220 ini910u - ok
09:10:45.0906 12220 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:10:45.0906 12220 IntelIde - ok
09:10:45.0953 12220 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:10:45.0953 12220 intelppm - ok
09:10:45.0984 12220 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:10:45.0984 12220 Ip6Fw - ok
09:10:46.0015 12220 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:10:46.0015 12220 IpFilterDriver - ok
09:10:46.0046 12220 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:10:46.0046 12220 IpInIp - ok
09:10:46.0093 12220 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:10:46.0093 12220 IpNat - ok
09:10:46.0140 12220 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:10:46.0140 12220 IPSec - ok
09:10:46.0187 12220 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:10:46.0187 12220 IRENUM - ok
09:10:46.0234 12220 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:10:46.0234 12220 isapnp - ok
09:10:46.0281 12220 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:10:46.0281 12220 Kbdclass - ok
09:10:46.0359 12220 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:10:46.0359 12220 kbdhid - ok
09:10:46.0406 12220 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:10:46.0421 12220 kmixer - ok
09:10:46.0453 12220 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:10:46.0453 12220 KSecDD - ok
09:10:46.0484 12220 lbrtfdc - ok
09:10:46.0531 12220 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
09:10:46.0531 12220 LVPr2Mon - ok
09:10:46.0593 12220 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
09:10:46.0593 12220 LVRS - ok
09:10:46.0640 12220 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
09:10:46.0640 12220 LVUSBSta - ok
09:10:47.0859 12220 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
09:10:47.0890 12220 LVUVC - ok
09:10:48.0203 12220 MBAMProtector - ok
09:10:48.0500 12220 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:10:48.0500 12220 mdmxsdk - ok
09:10:48.0781 12220 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
09:10:48.0781 12220 mferkdk - ok
09:10:49.0062 12220 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
09:10:49.0062 12220 mfesmfk - ok
09:10:49.0359 12220 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:10:49.0359 12220 mnmdd - ok
09:10:49.0609 12220 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:10:49.0609 12220 Modem - ok
09:10:49.0671 12220 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:10:49.0671 12220 MODEMCSA - ok
09:10:49.0703 12220 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:10:49.0703 12220 Mouclass - ok
09:10:49.0750 12220 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:10:49.0750 12220 mouhid - ok
09:10:49.0765 12220 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:10:49.0765 12220 MountMgr - ok
09:10:49.0796 12220 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:10:49.0796 12220 mraid35x - ok
09:10:49.0843 12220 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:10:49.0843 12220 MRxDAV - ok
09:10:49.0875 12220 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:10:49.0875 12220 MRxSmb - ok
09:10:49.0921 12220 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:10:49.0921 12220 Msfs - ok
09:10:49.0953 12220 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:10:49.0953 12220 MSKSSRV - ok
09:10:49.0968 12220 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:10:49.0968 12220 MSPCLOCK - ok
09:10:49.0984 12220 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:10:49.0984 12220 MSPQM - ok
09:10:50.0031 12220 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:10:50.0031 12220 mssmbios - ok
09:10:50.0062 12220 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:10:50.0062 12220 MSTEE - ok
09:10:50.0093 12220 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:10:50.0093 12220 Mup - ok
09:10:50.0125 12220 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:10:50.0125 12220 NABTSFEC - ok
09:10:50.0171 12220 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:10:50.0171 12220 NDIS - ok
09:10:50.0203 12220 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:10:50.0203 12220 NdisIP - ok
09:10:50.0250 12220 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:10:50.0250 12220 NdisTapi - ok
09:10:50.0265 12220 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:10:50.0265 12220 Ndisuio - ok
09:10:50.0296 12220 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:10:50.0296 12220 NdisWan - ok
09:10:50.0328 12220 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:10:50.0328 12220 NDProxy - ok
09:10:50.0359 12220 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:10:50.0359 12220 NetBIOS - ok
09:10:50.0406 12220 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:10:50.0421 12220 NetBT - ok
09:10:50.0484 12220 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:10:50.0484 12220 Npfs - ok
09:10:50.0515 12220 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:10:50.0531 12220 Ntfs - ok
09:10:50.0546 12220 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
09:10:50.0562 12220 NuidFltr - ok
09:10:50.0593 12220 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:10:50.0593 12220 Null - ok
09:10:50.0687 12220 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:10:50.0703 12220 nv - ok
09:10:50.0750 12220 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:10:50.0750 12220 NwlnkFlt - ok
09:10:50.0781 12220 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:10:50.0781 12220 NwlnkFwd - ok
09:10:50.0796 12220 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
09:10:50.0796 12220 omci - ok
09:10:50.0843 12220 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:10:50.0843 12220 Parport - ok
09:10:50.0906 12220 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:10:50.0906 12220 PartMgr - ok
09:10:50.0937 12220 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:10:50.0937 12220 ParVdm - ok
09:10:50.0953 12220 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:10:50.0953 12220 PCI - ok
09:10:50.0968 12220 PCIDump - ok
09:10:50.0984 12220 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:10:50.0984 12220 PCIIde - ok
09:10:51.0015 12220 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:10:51.0015 12220 Pcmcia - ok
09:10:51.0046 12220 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
09:10:51.0046 12220 pcouffin - ok
09:10:51.0062 12220 PDCOMP - ok
09:10:51.0078 12220 PDFRAME - ok
09:10:51.0093 12220 PDRELI - ok
09:10:51.0109 12220 PDRFRAME - ok
09:10:51.0125 12220 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:10:51.0125 12220 perc2 - ok
09:10:51.0140 12220 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:10:51.0140 12220 perc2hib - ok
09:10:51.0203 12220 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
09:10:51.0203 12220 pnarp - ok
09:10:51.0250 12220 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
09:10:51.0250 12220 Point32 - ok
09:10:51.0296 12220 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:10:51.0296 12220 PptpMiniport - ok
09:10:51.0312 12220 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:10:51.0312 12220 PSched - ok
09:10:51.0328 12220 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:10:51.0328 12220 Ptilink - ok
09:10:51.0359 12220 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
09:10:51.0359 12220 purendis - ok
09:10:51.0390 12220 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:10:51.0390 12220 PxHelp20 - ok
09:10:51.0406 12220 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:10:51.0406 12220 ql1080 - ok
09:10:51.0421 12220 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:10:51.0421 12220 Ql10wnt - ok
09:10:51.0437 12220 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:10:51.0437 12220 ql12160 - ok
09:10:51.0453 12220 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:10:51.0453 12220 ql1240 - ok
09:10:51.0468 12220 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:10:51.0484 12220 ql1280 - ok
09:10:51.0500 12220 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:10:51.0500 12220 RasAcd - ok
09:10:51.0531 12220 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:10:51.0531 12220 Rasl2tp - ok
09:10:51.0546 12220 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:10:51.0546 12220 RasPppoe - ok
09:10:51.0562 12220 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:10:51.0562 12220 Raspti - ok
09:10:51.0625 12220 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:10:51.0625 12220 Rdbss - ok
09:10:51.0656 12220 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:10:51.0656 12220 rdpdr - ok
09:10:51.0703 12220 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:10:51.0703 12220 RDPWD - ok
09:10:51.0796 12220 RTL8192su (b29eeb1ea7971bd83069eb2e2258d224) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
09:10:51.0812 12220 RTL8192su - ok
09:10:51.0906 12220 RVIEG01 (93f66faea8bf047d4242ac85aada403d) C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys
09:10:51.0906 12220 RVIEG01 - ok
09:10:51.0953 12220 RxFilter (78f204f3a885de987d41b12f9bb8dffb) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
09:10:51.0953 12220 RxFilter - ok
09:10:51.0984 12220 SASDIFSV - ok
09:10:51.0984 12220 SASKUTIL - ok
09:10:52.0046 12220 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:10:52.0046 12220 Secdrv - ok
09:10:52.0093 12220 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:10:52.0093 12220 serenum - ok
09:10:52.0125 12220 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:10:52.0125 12220 Serial - ok
09:10:52.0171 12220 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:10:52.0171 12220 Sfloppy - ok
09:10:52.0203 12220 Simbad - ok
09:10:52.0218 12220 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:10:52.0218 12220 sisagp - ok
09:10:52.0250 12220 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:10:52.0250 12220 SLIP - ok
09:10:52.0296 12220 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
09:10:52.0296 12220 SmartDefragDriver - ok
09:10:52.0359 12220 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
09:10:52.0359 12220 smwdm - ok
09:10:52.0390 12220 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
09:10:52.0390 12220 SONYPVU1 - ok
09:10:52.0421 12220 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:10:52.0421 12220 Sparrow - ok
09:10:52.0468 12220 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:10:52.0468 12220 splitter - ok
09:10:52.0500 12220 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:10:52.0500 12220 sr - ok
09:10:52.0546 12220 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:10:52.0546 12220 Srv - ok
09:10:52.0578 12220 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
09:10:52.0578 12220 StillCam - ok
09:10:52.0625 12220 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:10:52.0625 12220 streamip - ok
09:10:52.0640 12220 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:10:52.0640 12220 swenum - ok
09:10:52.0671 12220 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:10:52.0671 12220 swmidi - ok
09:10:52.0734 12220 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:10:52.0734 12220 symc810 - ok
09:10:52.0750 12220 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:10:52.0750 12220 symc8xx - ok
09:10:52.0765 12220 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:10:52.0765 12220 sym_hi - ok
09:10:52.0781 12220 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:10:52.0796 12220 sym_u3 - ok
09:10:52.0812 12220 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:10:52.0812 12220 sysaudio - ok
09:10:52.0859 12220 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:10:52.0859 12220 Tcpip - ok
09:10:52.0890 12220 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:10:52.0890 12220 TDPIPE - ok
09:10:52.0906 12220 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:10:52.0921 12220 TDTCP - ok
09:10:52.0953 12220 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:10:52.0953 12220 TermDD - ok
09:10:53.0015 12220 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:10:53.0015 12220 TosIde - ok
09:10:53.0062 12220 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:10:53.0062 12220 Udfs - ok
09:10:53.0078 12220 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:10:53.0078 12220 ultra - ok
09:10:53.0125 12220 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:10:53.0140 12220 Update - ok
09:10:53.0187 12220 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:10:53.0187 12220 USBAAPL - ok
09:10:53.0218 12220 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:10:53.0218 12220 usbaudio - ok
09:10:53.0234 12220 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:10:53.0234 12220 usbccgp - ok
09:10:53.0265 12220 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:10:53.0281 12220 usbehci - ok
09:10:53.0328 12220 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:10:53.0328 12220 usbhub - ok
09:10:53.0359 12220 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:10:53.0359 12220 usbprint - ok
09:10:53.0390 12220 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:10:53.0390 12220 usbscan - ok
09:10:53.0421 12220 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:10:53.0421 12220 USBSTOR - ok
09:10:53.0468 12220 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:10:53.0468 12220 usbuhci - ok
09:10:53.0515 12220 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:10:53.0515 12220 VgaSave - ok
09:10:53.0546 12220 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:10:53.0546 12220 viaagp - ok
09:10:53.0562 12220 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:10:53.0562 12220 ViaIde - ok
09:10:53.0593 12220 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:10:53.0593 12220 VolSnap - ok
09:10:53.0625 12220 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:10:53.0625 12220 Wanarp - ok
09:10:53.0640 12220 wanatw - ok
09:10:53.0656 12220 WDC_SAM - ok
09:10:53.0703 12220 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:10:53.0703 12220 Wdf01000 - ok
09:10:53.0718 12220 WDICA - ok
09:10:53.0781 12220 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:10:53.0781 12220 wdmaud - ok
09:10:53.0843 12220 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:10:53.0843 12220 winachsf - ok
09:10:53.0921 12220 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
09:10:53.0921 12220 winusb - ok
09:10:53.0968 12220 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:10:53.0968 12220 WpdUsb - ok
09:10:54.0015 12220 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:10:54.0015 12220 WS2IFSL - ok
09:10:54.0062 12220 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:10:54.0062 12220 WSTCODEC - ok
09:10:54.0109 12220 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:10:54.0109 12220 WudfPf - ok
09:10:54.0125 12220 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:10:54.0140 12220 WudfRd - ok
09:10:54.0187 12220 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
09:10:54.0203 12220 \Device\Harddisk0\DR0 - ok
09:10:54.0203 12220 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR16
09:10:55.0218 12220 \Device\Harddisk1\DR16 - ok
09:10:55.0218 12220 Boot (0x1200) (fd3d6c269990163e77e09bf88f132e21) \Device\Harddisk0\DR0\Partition0
09:10:55.0234 12220 \Device\Harddisk0\DR0\Partition0 - ok
09:10:55.0234 12220 Boot (0x1200) (850ce9ce3c9d275d10ec275a4e3841dc) \Device\Harddisk1\DR16\Partition0
09:10:55.0234 12220 \Device\Harddisk1\DR16\Partition0 - ok
09:10:55.0234 12220 ============================================================
09:10:55.0234 12220 Scan finished
09:10:55.0234 12220 ============================================================
09:10:55.0250 12232 Detected object count: 1
09:10:55.0250 12232 Actual detected object count: 1
09:11:10.0218 12232 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
09:11:10.0453 12232 Backup copy found, using it..
09:11:10.0484 12232 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
09:11:14.0515 12232 AFD ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
09:12:26.0546 10212 Deinitialize success

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:01 PM

Posted 02 December 2011 - 10:11 AM

Hi,

Reboot and run TDSSKiller again with skip this time. That infected item is prolly still detected.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 jblitz

jblitz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 03 December 2011 - 10:08 AM

There was no threat found.

18:57:49.0296 3200 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
18:57:49.0312 3200 ============================================================
18:57:49.0312 3200 Current date / time: 2011/12/02 18:57:49.0312
18:57:49.0312 3200 SystemInfo:
18:57:49.0312 3200
18:57:49.0312 3200 OS Version: 5.1.2600 ServicePack: 3.0
18:57:49.0312 3200 Product type: Workstation
18:57:49.0312 3200 ComputerName: OFFICE
18:57:49.0312 3200 UserName: John
18:57:49.0312 3200 Windows directory: C:\WINDOWS
18:57:49.0312 3200 System windows directory: C:\WINDOWS
18:57:49.0312 3200 Processor architecture: Intel x86
18:57:49.0312 3200 Number of processors: 2
18:57:49.0312 3200 Page size: 0x1000
18:57:49.0312 3200 Boot type: Normal boot
18:57:49.0312 3200 ============================================================
18:57:50.0343 3200 Initialize success
18:57:52.0921 2652 ============================================================
18:57:52.0921 2652 Scan started
18:57:52.0921 2652 Mode: Manual;
18:57:52.0921 2652 ============================================================
18:57:53.0968 2652 Abiosdsk - ok
18:57:54.0015 2652 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:57:54.0015 2652 abp480n5 - ok
18:57:54.0046 2652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:57:54.0046 2652 ACPI - ok
18:57:54.0093 2652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:57:54.0093 2652 ACPIEC - ok
18:57:54.0109 2652 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:57:54.0109 2652 adpu160m - ok
18:57:54.0171 2652 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
18:57:54.0171 2652 aeaudio - ok
18:57:54.0218 2652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:57:54.0218 2652 aec - ok
18:57:54.0265 2652 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:57:54.0265 2652 AFD - ok
18:57:54.0312 2652 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:57:54.0312 2652 agp440 - ok
18:57:54.0343 2652 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:57:54.0343 2652 agpCPQ - ok
18:57:54.0359 2652 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:57:54.0359 2652 Aha154x - ok
18:57:54.0375 2652 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:57:54.0375 2652 aic78u2 - ok
18:57:54.0390 2652 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:57:54.0390 2652 aic78xx - ok
18:57:54.0421 2652 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:57:54.0421 2652 AliIde - ok
18:57:54.0437 2652 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:57:54.0437 2652 alim1541 - ok
18:57:54.0468 2652 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:57:54.0468 2652 amdagp - ok
18:57:54.0484 2652 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:57:54.0484 2652 amsint - ok
18:57:54.0515 2652 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:57:54.0515 2652 asc - ok
18:57:54.0546 2652 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:57:54.0546 2652 asc3350p - ok
18:57:54.0562 2652 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:57:54.0562 2652 asc3550 - ok
18:57:54.0625 2652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:57:54.0625 2652 AsyncMac - ok
18:57:54.0640 2652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:57:54.0640 2652 atapi - ok
18:57:54.0656 2652 Atdisk - ok
18:57:54.0703 2652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:57:54.0703 2652 Atmarpc - ok
18:57:54.0734 2652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:57:54.0734 2652 audstub - ok
18:57:54.0796 2652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:57:54.0796 2652 Beep - ok
18:57:54.0828 2652 bvrp_pci - ok
18:57:54.0828 2652 catchme - ok
18:57:54.0875 2652 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:57:54.0875 2652 cbidf - ok
18:57:54.0890 2652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:57:54.0890 2652 cbidf2k - ok
18:57:54.0937 2652 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:57:54.0937 2652 CCDECODE - ok
18:57:54.0953 2652 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:57:54.0953 2652 cd20xrnt - ok
18:57:54.0968 2652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:57:54.0968 2652 Cdaudio - ok
18:57:55.0015 2652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:57:55.0015 2652 Cdfs - ok
18:57:55.0031 2652 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
18:57:55.0046 2652 cdrbsdrv - ok
18:57:55.0062 2652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:57:55.0062 2652 Cdrom - ok
18:57:55.0078 2652 Changer - ok
18:57:55.0109 2652 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:57:55.0109 2652 CmdIde - ok
18:57:55.0156 2652 CoachUsb (7a0b457eefef8cbaa0cc44c8819113bd) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
18:57:55.0156 2652 CoachUsb - ok
18:57:55.0187 2652 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:57:55.0187 2652 Cpqarray - ok
18:57:55.0250 2652 cwcspud (798ddec7fc30464f8cb6521122bead05) C:\WINDOWS\system32\drivers\cwcspud.sys
18:57:55.0250 2652 cwcspud - ok
18:57:55.0296 2652 cwcwdm (a53a331cda2434a9cb421c3d1717a8d2) C:\WINDOWS\system32\drivers\cwcwdm.sys
18:57:55.0296 2652 cwcwdm - ok
18:57:55.0359 2652 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:57:55.0359 2652 dac2w2k - ok
18:57:55.0500 2652 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:57:55.0500 2652 dac960nt - ok
18:57:55.0703 2652 DELTA (704c8d42e92dbdb0a0b2afdd277df3b8) C:\WINDOWS\system32\DRIVERS\delta.sys
18:57:55.0718 2652 DELTA - ok
18:57:55.0734 2652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:57:55.0734 2652 Disk - ok
18:57:55.0781 2652 DLABMFSM (7a1e8f722479ef934d71798ac3617ed7) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
18:57:55.0781 2652 DLABMFSM - ok
18:57:55.0812 2652 DLABOIOM (2281b5c596c04645426b3771a3bd5657) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
18:57:55.0812 2652 DLABOIOM - ok
18:57:55.0828 2652 DLACDBHM (43749294a1d9f22fe164a62c1a42919d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:57:55.0828 2652 DLACDBHM - ok
18:57:55.0843 2652 DLADResM (54a3f9ebd1ddc975736f8e18a9b8fce9) C:\WINDOWS\system32\DLA\DLADResM.SYS
18:57:55.0843 2652 DLADResM - ok
18:57:55.0875 2652 DLAIFS_M (e0fbaf0146bfceec29f31f07452db4ad) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
18:57:55.0875 2652 DLAIFS_M - ok
18:57:55.0890 2652 DLAOPIOM (d3ce0c76496a5332032399639485774f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
18:57:55.0890 2652 DLAOPIOM - ok
18:57:55.0906 2652 DLAPoolM (fce1882364d4c324b937a841ef9c58ac) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
18:57:55.0906 2652 DLAPoolM - ok
18:57:55.0953 2652 DLARTL_M (14183a8eff683eb0c1774802578ed0f4) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
18:57:55.0953 2652 DLARTL_M - ok
18:57:55.0968 2652 DLAUDFAM (2ef8c92ab8411589387845f58534c7d9) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
18:57:55.0968 2652 DLAUDFAM - ok
18:57:55.0984 2652 DLAUDF_M (a2096fd7b5037085a3dc580e2891d2c4) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
18:57:55.0984 2652 DLAUDF_M - ok
18:57:56.0062 2652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:57:56.0093 2652 dmboot - ok
18:57:56.0140 2652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:57:56.0140 2652 dmio - ok
18:57:56.0156 2652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:57:56.0156 2652 dmload - ok
18:57:56.0234 2652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:57:56.0234 2652 DMusic - ok
18:57:56.0296 2652 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:57:56.0296 2652 dpti2o - ok
18:57:56.0312 2652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:57:56.0312 2652 drmkaud - ok
18:57:56.0343 2652 drvmcdb (1fb11e1eac27668754fd18a079cccfb3) C:\WINDOWS\system32\drivers\drvmcdb.sys
18:57:56.0343 2652 drvmcdb - ok
18:57:56.0375 2652 drvnddm (9628dfa16b1a47615c65318f8776f233) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:57:56.0375 2652 drvnddm - ok
18:57:56.0406 2652 DSCVc (614ca0bfa09861e42ad8d14b83540758) C:\WINDOWS\system32\DRIVERS\CoachVc.sys
18:57:56.0406 2652 DSCVc - ok
18:57:56.0531 2652 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
18:57:56.0531 2652 DSproct - ok
18:57:56.0578 2652 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
18:57:56.0578 2652 dsunidrv - ok
18:57:56.0625 2652 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:57:56.0625 2652 E100B - ok
18:57:56.0687 2652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:57:56.0687 2652 Fastfat - ok
18:57:56.0734 2652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:57:56.0734 2652 Fdc - ok
18:57:56.0765 2652 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
18:57:56.0765 2652 FilterService - ok
18:57:56.0796 2652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:57:56.0796 2652 Fips - ok
18:57:56.0843 2652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:57:56.0843 2652 Flpydisk - ok
18:57:56.0890 2652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:57:56.0890 2652 FltMgr - ok
18:57:56.0921 2652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:57:56.0921 2652 Fs_Rec - ok
18:57:56.0953 2652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:57:56.0953 2652 Ftdisk - ok
18:57:56.0968 2652 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
18:57:56.0968 2652 gameenum - ok
18:57:57.0015 2652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:57:57.0015 2652 GEARAspiWDM - ok
18:57:57.0031 2652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:57:57.0031 2652 Gpc - ok
18:57:57.0078 2652 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:57:57.0078 2652 HidUsb - ok
18:57:57.0140 2652 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:57:57.0140 2652 hpn - ok
18:57:57.0171 2652 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:57:57.0171 2652 HPZid412 - ok
18:57:57.0203 2652 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:57:57.0203 2652 HPZipr12 - ok
18:57:57.0234 2652 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:57:57.0234 2652 HPZius12 - ok
18:57:57.0328 2652 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
18:57:57.0328 2652 HSFHWBS2 - ok
18:57:57.0390 2652 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:57:57.0421 2652 HSF_DP - ok
18:57:57.0468 2652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:57:57.0468 2652 HTTP - ok
18:57:57.0515 2652 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:57:57.0515 2652 i2omgmt - ok
18:57:57.0546 2652 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:57:57.0546 2652 i2omp - ok
18:57:57.0593 2652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:57:57.0593 2652 i8042prt - ok
18:57:57.0656 2652 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:57:57.0687 2652 ialm - ok
18:57:57.0734 2652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
18:57:57.0734 2652 Imapi - ok
18:57:57.0750 2652 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:57:57.0750 2652 ini910u - ok
18:57:57.0781 2652 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:57:57.0781 2652 IntelIde - ok
18:57:57.0796 2652 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:57:57.0796 2652 intelppm - ok
18:57:57.0828 2652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:57:57.0828 2652 Ip6Fw - ok
18:57:57.0859 2652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:57:57.0859 2652 IpFilterDriver - ok
18:57:57.0906 2652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:57:57.0906 2652 IpInIp - ok
18:57:57.0937 2652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:57:57.0937 2652 IpNat - ok
18:57:58.0000 2652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:57:58.0000 2652 IPSec - ok
18:57:58.0031 2652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:57:58.0031 2652 IRENUM - ok
18:57:58.0078 2652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:57:58.0078 2652 isapnp - ok
18:57:58.0125 2652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:57:58.0125 2652 Kbdclass - ok
18:57:58.0156 2652 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:57:58.0156 2652 kbdhid - ok
18:57:58.0203 2652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:57:58.0203 2652 kmixer - ok
18:57:58.0250 2652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:57:58.0250 2652 KSecDD - ok
18:57:58.0265 2652 lbrtfdc - ok
18:57:58.0328 2652 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
18:57:58.0328 2652 LVPr2Mon - ok
18:57:58.0390 2652 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
18:57:58.0421 2652 LVRS - ok
18:57:58.0468 2652 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
18:57:58.0468 2652 LVUSBSta - ok
18:57:58.0656 2652 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
18:57:58.0812 2652 LVUVC - ok
18:57:58.0828 2652 MBAMProtector - ok
18:57:58.0875 2652 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:57:58.0875 2652 mdmxsdk - ok
18:57:58.0906 2652 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
18:57:58.0921 2652 mferkdk - ok
18:57:58.0953 2652 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
18:57:58.0953 2652 mfesmfk - ok
18:57:58.0984 2652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:57:58.0984 2652 mnmdd - ok
18:57:59.0031 2652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:57:59.0031 2652 Modem - ok
18:57:59.0062 2652 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:57:59.0062 2652 MODEMCSA - ok
18:57:59.0093 2652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:57:59.0093 2652 Mouclass - ok
18:57:59.0125 2652 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:57:59.0125 2652 mouhid - ok
18:57:59.0187 2652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:57:59.0187 2652 MountMgr - ok
18:57:59.0218 2652 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:57:59.0218 2652 mraid35x - ok
18:57:59.0265 2652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:57:59.0265 2652 MRxDAV - ok
18:57:59.0296 2652 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:57:59.0296 2652 MRxSmb - ok
18:57:59.0343 2652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:57:59.0343 2652 Msfs - ok
18:57:59.0375 2652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:57:59.0375 2652 MSKSSRV - ok
18:57:59.0390 2652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:57:59.0390 2652 MSPCLOCK - ok
18:57:59.0406 2652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:57:59.0406 2652 MSPQM - ok
18:57:59.0453 2652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:57:59.0453 2652 mssmbios - ok
18:57:59.0468 2652 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:57:59.0468 2652 MSTEE - ok
18:57:59.0515 2652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:57:59.0515 2652 Mup - ok
18:57:59.0546 2652 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:57:59.0546 2652 NABTSFEC - ok
18:57:59.0593 2652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:57:59.0609 2652 NDIS - ok
18:57:59.0640 2652 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:57:59.0640 2652 NdisIP - ok
18:57:59.0671 2652 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:57:59.0671 2652 NdisTapi - ok
18:57:59.0703 2652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:57:59.0703 2652 Ndisuio - ok
18:57:59.0718 2652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:57:59.0734 2652 NdisWan - ok
18:57:59.0750 2652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:57:59.0750 2652 NDProxy - ok
18:57:59.0796 2652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:57:59.0796 2652 NetBIOS - ok
18:57:59.0843 2652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:57:59.0843 2652 NetBT - ok
18:57:59.0921 2652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:57:59.0921 2652 Npfs - ok
18:57:59.0968 2652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:57:59.0984 2652 Ntfs - ok
18:58:00.0031 2652 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:58:00.0031 2652 NuidFltr - ok
18:58:00.0062 2652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:58:00.0062 2652 Null - ok
18:58:00.0156 2652 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:58:00.0218 2652 nv - ok
18:58:00.0250 2652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:58:00.0250 2652 NwlnkFlt - ok
18:58:00.0265 2652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:58:00.0265 2652 NwlnkFwd - ok
18:58:00.0312 2652 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
18:58:00.0312 2652 omci - ok
18:58:00.0359 2652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:58:00.0359 2652 Parport - ok
18:58:00.0421 2652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:58:00.0421 2652 PartMgr - ok
18:58:00.0453 2652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:58:00.0453 2652 ParVdm - ok
18:58:00.0468 2652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:58:00.0468 2652 PCI - ok
18:58:00.0484 2652 PCIDump - ok
18:58:00.0500 2652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:58:00.0500 2652 PCIIde - ok
18:58:00.0531 2652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:58:00.0531 2652 Pcmcia - ok
18:58:00.0578 2652 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
18:58:00.0578 2652 pcouffin - ok
18:58:00.0593 2652 PDCOMP - ok
18:58:00.0609 2652 PDFRAME - ok
18:58:00.0625 2652 PDRELI - ok
18:58:00.0640 2652 PDRFRAME - ok
18:58:00.0687 2652 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:58:00.0687 2652 perc2 - ok
18:58:00.0703 2652 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:58:00.0703 2652 perc2hib - ok
18:58:00.0750 2652 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
18:58:00.0750 2652 pnarp - ok
18:58:00.0796 2652 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
18:58:00.0796 2652 Point32 - ok
18:58:00.0859 2652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:58:00.0859 2652 PptpMiniport - ok
18:58:00.0875 2652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:58:00.0875 2652 PSched - ok
18:58:00.0890 2652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:58:00.0890 2652 Ptilink - ok
18:58:00.0921 2652 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
18:58:00.0921 2652 purendis - ok
18:58:00.0937 2652 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:58:00.0937 2652 PxHelp20 - ok
18:58:00.0953 2652 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:58:00.0953 2652 ql1080 - ok
18:58:00.0968 2652 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:58:00.0968 2652 Ql10wnt - ok
18:58:01.0000 2652 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:58:01.0000 2652 ql12160 - ok
18:58:01.0031 2652 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:58:01.0031 2652 ql1240 - ok
18:58:01.0046 2652 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:58:01.0046 2652 ql1280 - ok
18:58:01.0078 2652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:58:01.0078 2652 RasAcd - ok
18:58:01.0140 2652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:58:01.0140 2652 Rasl2tp - ok
18:58:01.0156 2652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:58:01.0156 2652 RasPppoe - ok
18:58:01.0171 2652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:58:01.0171 2652 Raspti - ok
18:58:01.0203 2652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:58:01.0203 2652 Rdbss - ok
18:58:01.0234 2652 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:58:01.0250 2652 rdpdr - ok
18:58:01.0281 2652 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:58:01.0296 2652 RDPWD - ok
18:58:01.0390 2652 RTL8192su (b29eeb1ea7971bd83069eb2e2258d224) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
18:58:01.0390 2652 RTL8192su - ok
18:58:01.0484 2652 RVIEG01 (93f66faea8bf047d4242ac85aada403d) C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys
18:58:01.0484 2652 RVIEG01 - ok
18:58:01.0593 2652 RxFilter (78f204f3a885de987d41b12f9bb8dffb) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
18:58:01.0593 2652 RxFilter - ok
18:58:01.0625 2652 SASDIFSV - ok
18:58:01.0640 2652 SASKUTIL - ok
18:58:01.0687 2652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:58:01.0687 2652 Secdrv - ok
18:58:01.0734 2652 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:58:01.0734 2652 serenum - ok
18:58:01.0765 2652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:58:01.0781 2652 Serial - ok
18:58:01.0828 2652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:58:01.0828 2652 Sfloppy - ok
18:58:01.0843 2652 Simbad - ok
18:58:01.0859 2652 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:58:01.0875 2652 sisagp - ok
18:58:01.0906 2652 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:58:01.0906 2652 SLIP - ok
18:58:01.0937 2652 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
18:58:01.0937 2652 SmartDefragDriver - ok
18:58:02.0000 2652 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
18:58:02.0000 2652 smwdm - ok
18:58:02.0031 2652 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:58:02.0031 2652 SONYPVU1 - ok
18:58:02.0078 2652 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:58:02.0078 2652 Sparrow - ok
18:58:02.0125 2652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:58:02.0125 2652 splitter - ok
18:58:02.0140 2652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:58:02.0140 2652 sr - ok
18:58:02.0187 2652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:58:02.0187 2652 Srv - ok
18:58:02.0234 2652 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:58:02.0234 2652 StillCam - ok
18:58:02.0265 2652 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:58:02.0281 2652 streamip - ok
18:58:02.0281 2652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:58:02.0281 2652 swenum - ok
18:58:02.0328 2652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:58:02.0328 2652 swmidi - ok
18:58:02.0390 2652 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:58:02.0390 2652 symc810 - ok
18:58:02.0406 2652 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:58:02.0406 2652 symc8xx - ok
18:58:02.0421 2652 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:58:02.0421 2652 sym_hi - ok
18:58:02.0437 2652 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:58:02.0437 2652 sym_u3 - ok
18:58:02.0468 2652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:58:02.0468 2652 sysaudio - ok
18:58:02.0500 2652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:58:02.0515 2652 Tcpip - ok
18:58:02.0546 2652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:58:02.0546 2652 TDPIPE - ok
18:58:02.0562 2652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:58:02.0562 2652 TDTCP - ok
18:58:02.0593 2652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:58:02.0593 2652 TermDD - ok
18:58:02.0656 2652 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:58:02.0656 2652 TosIde - ok
18:58:02.0703 2652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:58:02.0703 2652 Udfs - ok
18:58:02.0718 2652 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:58:02.0734 2652 ultra - ok
18:58:02.0781 2652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:58:02.0781 2652 Update - ok
18:58:02.0828 2652 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:58:02.0828 2652 USBAAPL - ok
18:58:02.0859 2652 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:58:02.0859 2652 usbaudio - ok
18:58:02.0890 2652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:58:02.0890 2652 usbccgp - ok
18:58:02.0921 2652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:58:02.0921 2652 usbehci - ok
18:58:02.0937 2652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:58:02.0937 2652 usbhub - ok
18:58:03.0000 2652 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:58:03.0000 2652 usbprint - ok
18:58:03.0031 2652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:58:03.0031 2652 usbscan - ok
18:58:03.0062 2652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:58:03.0062 2652 USBSTOR - ok
18:58:03.0109 2652 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:58:03.0109 2652 usbuhci - ok
18:58:03.0156 2652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:58:03.0156 2652 VgaSave - ok
18:58:03.0234 2652 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:58:03.0234 2652 viaagp - ok
18:58:03.0250 2652 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:58:03.0265 2652 ViaIde - ok
18:58:03.0281 2652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:58:03.0281 2652 VolSnap - ok
18:58:03.0312 2652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:58:03.0312 2652 Wanarp - ok
18:58:03.0328 2652 wanatw - ok
18:58:03.0343 2652 WDC_SAM - ok
18:58:03.0390 2652 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:58:03.0406 2652 Wdf01000 - ok
18:58:03.0406 2652 WDICA - ok
18:58:03.0453 2652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:58:03.0453 2652 wdmaud - ok
18:58:03.0515 2652 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:58:03.0546 2652 winachsf - ok
18:58:03.0609 2652 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
18:58:03.0609 2652 winusb - ok
18:58:03.0656 2652 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:58:03.0671 2652 WpdUsb - ok
18:58:03.0703 2652 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:58:03.0718 2652 WS2IFSL - ok
18:58:03.0750 2652 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:58:03.0750 2652 WSTCODEC - ok
18:58:03.0796 2652 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:58:03.0796 2652 WudfPf - ok
18:58:03.0828 2652 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:58:03.0828 2652 WudfRd - ok
18:58:03.0921 2652 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
18:58:03.0921 2652 \Device\Harddisk0\DR0 - ok
18:58:03.0921 2652 Boot (0x1200) (fd3d6c269990163e77e09bf88f132e21) \Device\Harddisk0\DR0\Partition0
18:58:03.0937 2652 \Device\Harddisk0\DR0\Partition0 - ok
18:58:03.0937 2652 ============================================================
18:58:03.0937 2652 Scan finished
18:58:03.0937 2652 ============================================================
18:58:03.0953 2288 Detected object count: 0
18:58:03.0953 2288 Actual detected object count: 0
18:58:19.0703 1156 Deinitialize success

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:01 PM

Posted 03 December 2011 - 10:35 AM

Hi,

Is connection still having issues? Have the ethernet cable plugged in and run the MiniToolBox again.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 jblitz

jblitz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 03 December 2011 - 03:47 PM

The computer is on wireless. It now connects to Internet. Here is MiniToolBox log:

MiniToolBox by Farbar
Ran by John (administrator) on 03-12-2011 at 15:39:24
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Belkin Surf & Share Wireless USB Adapter = Wireless Network Connection (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=static addr=192.168.1.112 mask=255.255.255.0
set address name="Wireless Network Connection" gateway=192.168.1.1 gwmetric=0
set dns name="Wireless Network Connection" source=static addr=68.105.28.11 register=PRIMARY
add dns name="Wireless Network Connection" addr=68.105.29.11 index=2
set wins name="Wireless Network Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : OFFICE

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-87-35-8C



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Belkin Surf & Share Wireless USB Adapter

Physical Address. . . . . . . . . : 94-44-52-16-50-42

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.112

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.105.28.11

68.105.29.11

Server: cdns1.cox.net
Address: 68.105.28.11

Name: google.com
Addresses: 173.194.64.103, 173.194.64.104, 173.194.64.105, 173.194.64.106
173.194.64.147, 173.194.64.99



Pinging google.com [173.194.64.106] with 32 bytes of data:



Reply from 173.194.64.106: bytes=32 time=60ms TTL=45

Reply from 173.194.64.106: bytes=32 time=62ms TTL=45



Ping statistics for 173.194.64.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 60ms, Maximum = 62ms, Average = 61ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=116ms TTL=54

Reply from 98.137.149.56: bytes=32 time=107ms TTL=54



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 107ms, Maximum = 116ms, Average = 111ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 87 35 8c ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
0x20004 ...94 44 52 16 50 42 ...... Belkin Surf & Share Wireless USB Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.112 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.112 192.168.1.112 20
192.168.1.0 255.255.255.0 192.168.1.112 192.168.1.112 25
192.168.1.112 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.112 192.168.1.112 25
224.0.0.0 240.0.0.0 192.168.1.112 192.168.1.112 25
255.255.255.255 255.255.255.255 192.168.1.112 2 1
255.255.255.255 255.255.255.255 192.168.1.112 192.168.1.112 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/02/2011 09:28:38 AM) (Source: Application Error) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.1.9051.0, fault address 0x001d3ff0.
Processing media-specific event for [nmsrvc.exe!ws!]


System errors:
=============
Error: (12/03/2011 10:12:09 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (12/03/2011 10:12:09 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time-nw.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (12/02/2011 09:33:19 AM) (Source: Service Control Manager) (User: )
Description: The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/02/2011 09:30:00 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
abp480n5
adpu160m
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
SASDIFSV
SASKUTIL
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error: (12/02/2011 09:30:00 AM) (Source: Service Control Manager) (User: )
Description: The Pure Networks Platform Service service hung on starting.

Error: (12/02/2011 09:28:48 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (12/02/2011 09:28:24 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Proxy Service service depends on the following nonexistent service: mfefire

Error: (12/02/2011 09:28:24 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Network Agent service depends on the following nonexistent service: mfefire

Error: (12/02/2011 07:04:00 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (12/02/2011 07:03:30 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).


Microsoft Office Sessions:
=========================
Error: (12/02/2011 09:28:38 AM) (Source: Application Error)(User: )
Description: nmsrvc.exe11.0.8268.0nmcore.dll11.1.9051.0001d3ff0


========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 2550.07 MB
Available physical RAM: 1969.21 MB
Total Pagefile: 3152.17 MB
Available Pagefile: 2759.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.61 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:146.21 GB) (Free:23.73 GB) NTFS
2 Drive f: () (Removable) (Total:1.87 GB) (Free:1.65 GB) FAT
3 Drive i: (FreeAgent Drive) (Fixed) (Total:232.88 GB) (Free:142.56 GB) NTFS

========================= Users: ========================================

User accounts for \\OFFICE

Administrator Guest HelpAssistant
John SUPPORT_388945a0


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users