Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect to xa.com and malware Win32/ZAcesss.AC, Win32/Karagany.ZAAE and Win32/Fosniw.ZABA


  • This topic is locked This topic is locked
16 replies to this topic

#1 Hit Elev

Hit Elev

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 25 November 2011 - 12:11 AM

Hi, My laptop is running on Windows XP Home Edition Ver 2002 SP3. I also have CA Anti-virus software and Malwarebytes installed.

Recently, my laptop is infected by the malwares Win32/ZAcesss.AC, Win32/Karagany.ZAAE and Win32/Fosniw.ZABA. The CA Anti-virus software detected and quarantined them but it came back again after reboot. Also, Google search results are also redirected to the website xa.com.

I would be most grateful if you could help to solve this issue. The DDS log is pasted below. For your info, I received the following message when GMER completed scanning: WARNING!!! GMER has found system modification caused by ROOTKIT activity.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by CST at 4:20:34 on 2011-11-25
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.2047.1291 [GMT 8:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
E:\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
E:\Backup4all\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
E:\QvodPlayer\QvodTerminal.exe
E:\Backup4all\B4AOTB.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.asiaone.com/A1Home/A1Home.html
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=c:\documents and settings\cst\local settings\application data\0b29528f\X
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - e:\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - e:\orbitdownloader\GrabPro.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Backup4all OTB Agent] e:\backup4all\B4AOTB.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Google Update] "c:\documents and settings\cst\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Intense Registry Service] IntEdReg.exe /CHECK
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QvodTerminal] "e:\qvodplayer\QvodTerminal.exe" -autorun
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
IE: &Download by Orbit - e:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - e:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\orbitdownloader\orbitmxt.dll/202
IE: Download Using &BitSpirit - e:\bitspirit\bsurl.htm
IE: E&xport to Microsoft Excel - e:\micros~1\office10\EXCEL.EXE/3000
IE: 用比特精灵下载(&B)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\windows\system32\VetRedir.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} - hxxp://www.singnet.com.sg/technical/helptools/media/SpeedCtrl.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/31.41/uploader2.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.can.com.sg/mwf/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184058399968
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FD68625-2346-418A-8899-67CB36B1917F} - hxxp://care.singnet.com.sg/lwp/static/installers/WebflowActiveXInstaller_6-1-2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxp://care.singnet.com.sg/lwp/static/installers/WebflowActiveXInstaller_5-0-0.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C1DBFEC9-F6AC-456C-BCCF-BB054B7C7734} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C4B77AA8-0FC2-4522-B226-BB0F726321F9} : DhcpNameServer = 192.168.1.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
mASetup: Nitro PDF Professional - cscript //B "e:\nitro pdf\professional\RemoveOldAddins.vbs"
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-7-29 164944]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2011-7-29 123984]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [2009-9-30 902592]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-7-29 83536]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2010-10-31 206152]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-5-20 222544]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-5-20 206160]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;e:\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-28 196912]
R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-7-29 331344]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 lyqen;lyqen;c:\windows\system32\drivers\ymdwk.sys --> c:\windows\system32\drivers\ymdwk.sys [?]
S3 25688;25688;c:\windows\system32\drivers\25688 [2011-11-24 9072]
S3 Aegioachrmsr;Aegioachrmsr; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 Rdelicb;Rdelicb; [x]
S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [2008-12-6 90408]
S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [2008-12-6 15016]
S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [2008-12-6 122024]
S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [2008-12-6 115368]
S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [2008-12-6 25768]
S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [2008-12-6 111784]
S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [2008-12-6 117544]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2008-7-22 10240]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 Appdectvitad;Appdectvitad; [x]
.
=============== Created Last 30 ================
.
2011-11-24 20:16:10 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{a6d40064-8014-46c9-8457-f642d0349d9d}\offreg.dll
2011-11-24 07:37:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-24 07:37:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-24 07:01:05 -------- d-----w- c:\program files\common files\PC Tools
2011-11-24 06:52:59 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-11-23 11:51:01 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2011-11-22 15:13:40 -------- d-sh--w- c:\documents and settings\cst\local settings\application data\0b29528f
2011-11-22 14:35:03 -------- d-----w- c:\documents and settings\cst\application data\PC Cleaners
2011-11-22 13:01:04 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{a6d40064-8014-46c9-8457-f642d0349d9d}\mpengine.dll
2011-11-11 08:15:42 -------- d-----w- c:\documents and settings\all users\QvodPlayer
.
==================== Find3M ====================
.
2011-11-24 09:10:17 9072 ----a-w- c:\windows\system32\drivers\25688
2011-11-23 11:57:12 143360 ----a-w- c:\windows\system32\UStorSrv.exe
2011-11-22 15:47:39 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2011-11-22 15:19:05 56832 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2011-11-22 15:19:04 364544 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-22 14:33:23 5359888 ----a-w- c:\windows\uninst.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-27 10:37:24 95568 ----a-w- c:\windows\system32\vetredir.dll
2011-09-27 10:37:24 128336 ----a-w- c:\windows\system32\isafeif.dll
2011-09-26 03:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 03:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 03:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 09:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 4:22:22.09 ===============

Attached Files


Edited by Hit Elev, 25 November 2011 - 12:18 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 AM

Posted 25 November 2011 - 06:16 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Hit Elev

Hit Elev
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 25 November 2011 - 07:57 PM

According to the CA Anti-virus that I am using, the snooze option will disable all realtime scanning. So I check on the snooze, however, ComboFix returned a message "ComboFix cannot run because CA Anti-virus is enabled". I discovered now that I can go to the settings to disable the realtime protection etc. So can I run the ComboFix again after disabling the realtime process?

I am so sorry if I have created a mess. So sorry...

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 AM

Posted 25 November 2011 - 08:00 PM

No problem,

yes, disable your AV then try running ComboFix again

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Hit Elev

Hit Elev
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 25 November 2011 - 08:40 PM

Despite disabling the realtime, heuristic and rootkit scanning in CA anti-virus, I am still getting the message 'ComboFix cannot run because CA Anti-virus is installed' and it suggests that I uninstall it. Should I proceed to uninstall, then run ComboFix again?

I apologize for my ignorance.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 AM

Posted 25 November 2011 - 08:45 PM

no problem,

yes, please uninstall it, you can reinstall it as soon as we are finished cleaning the machine

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Hit Elev

Hit Elev
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 25 November 2011 - 10:04 PM

Here is the ComboFix log

ComboFix 11-11-25.02 - CST 26/11/2011 10:11:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.2047.1622 [GMT 8:00]
Running from: c:\documents and settings\CST\Desktop\ComboFix.exe
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
ADS - WINDOWS: deleted 96 bytes in 2 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\CST\Application Data\360SE
c:\documents and settings\CST\Application Data\360SE\data\360sefav.db
c:\documents and settings\CST\Application Data\360SE\data\history.dat
c:\documents and settings\CST\Application Data\360SE\extensions\SafeCentral\SafeProtect.dat
c:\documents and settings\CST\Application Data\360SE\extensions\SafeCentral\urllib.dat
c:\documents and settings\CST\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\CST\Application Data\inst.exe
c:\documents and settings\CST\Application Data\vso_ts_preview.xml
c:\documents and settings\CST\Local Settings\Application Data\0b29528f\U
c:\documents and settings\CST\Local Settings\Application Data\0b29528f\U\80000000.@
c:\documents and settings\CST\Local Settings\Application Data\0b29528f\U\800000cb.@
c:\documents and settings\CST\Local Settings\Application Data\0b29528f\U\800000cf.@
c:\documents and settings\CST\Local Settings\Application Data\0b29528f\X
c:\documents and settings\CST\System
c:\documents and settings\CST\System\win_qs8.jqx
c:\documents and settings\CST\WINDOWS
c:\program files\StormII
c:\program files\StormII\baofeng.swf
c:\program files\StormII\box\cache\readme.txt
c:\program files\StormII\box\skin\MovieBox.zip
c:\program files\StormII\codec\keys.dat
c:\program files\StormII\codec\Plugins\nppl3260.xpt
c:\program files\StormII\codec\Plugins\nsJSRealPlayerPlugin.xpt
c:\program files\StormII\current.ecs
c:\program files\StormII\keys.dat
c:\program files\StormII\media\def\def.flv
c:\program files\StormII\media\empty.swf
c:\program files\StormII\media\media4in1.swf
c:\program files\StormII\media\mediabp.swf
c:\program files\StormII\media\others.xml
c:\program files\StormII\media\video_material_list.xml
c:\program files\StormII\media\video_style_list.xml
c:\program files\StormII\mee.db
c:\program files\StormII\playlist.smpl
c:\program files\StormII\Skin\暴风1经典.zip
c:\program files\StormII\Skin\暴风2经典.zip
c:\program files\StormII\swf\ku6.swf
c:\program files\StormII\swf\tudou.swf
c:\windows\$NtUninstallKB42585$
c:\windows\$NtUninstallKB42585$\187257487\@
c:\windows\$NtUninstallKB42585$\187257487\L\nfxrzplh
c:\windows\$NtUninstallKB42585$\187257487\loader(2).tlb
c:\windows\$NtUninstallKB42585$\187257487\loader.tlb
c:\windows\$NtUninstallKB42585$\187257487\U\@00000001
c:\windows\$NtUninstallKB42585$\187257487\U\@000000c0
c:\windows\$NtUninstallKB42585$\187257487\U\@000000cb
c:\windows\$NtUninstallKB42585$\187257487\U\@000000cf
c:\windows\$NtUninstallKB42585$\187257487\U\@80000000
c:\windows\$NtUninstallKB42585$\187257487\U\@800000c0
c:\windows\$NtUninstallKB42585$\187257487\U\@800000cb
c:\windows\$NtUninstallKB42585$\187257487\U\@800000cf
c:\windows\$NtUninstallKB42585$\272175527
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\
c:\windows\system32\c_19944.nls
c:\windows\system32\drivers\
E:\install.exe
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 02:08 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-25 13:01 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{890A77FB-F5DF-4EAC-A24D-5DB70E7095F5}\mpengine.dll
2011-11-24 07:37 . 2011-11-24 07:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-24 07:01 . 2011-11-24 07:35 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-24 06:52 . 2011-11-24 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-23 11:51 . 2011-11-23 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2011-11-22 15:13 . 2011-11-26 02:21 -------- d-sh--w- c:\documents and settings\CST\Local Settings\Application Data\0b29528f
2011-11-22 14:35 . 2011-11-22 14:35 -------- d-----w- c:\documents and settings\CST\Application Data\PC Cleaners
2011-11-11 08:15 . 2011-11-11 08:15 -------- d-----w- c:\documents and settings\All Users\QvodPlayer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 09:10 . 2011-11-24 09:10 9072 ----a-w- c:\windows\system32\drivers\25688
2011-11-23 11:57 . 2008-11-05 00:52 143360 ----a-w- c:\windows\system32\UStorSrv.exe
2011-11-22 15:47 . 2009-10-12 17:18 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2011-11-22 15:19 . 2007-07-10 13:56 56832 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2011-11-22 15:19 . 2007-07-10 03:23 364544 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-22 14:33 . 2007-07-11 03:35 5359888 ----a-w- c:\windows\uninst.exe
2011-10-10 14:22 . 2007-07-10 03:11 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2008-07-09 02:00 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-27 10:37 . 2010-05-20 03:24 95568 ----a-w- c:\windows\system32\vetredir.dll
2011-09-27 10:37 . 2010-05-20 03:24 128336 ----a-w- c:\windows\system32\isafeif.dll
2011-09-26 03:41 . 2008-07-29 11:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 03:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 03:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 09:00 . 2010-11-19 07:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Backup4all OTB Agent"="e:\backup4all\B4AOTB.exe" [2006-01-27 161280]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intense Registry Service"="IntEdReg.exe" [2002-10-15 53760]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-15 127037]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"QvodTerminal"="e:\qvodplayer\QvodTerminal.exe" [2011-10-31 1025936]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 08:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CST^Start Menu^Programs^Startup^Funshion.lnk]
path=c:\documents and settings\CST\Start Menu\Programs\Startup\Funshion.lnk
backup=c:\windows\pss\Funshion.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CST^Start Menu^Programs^Startup^Samsung Auto Backup Guage.lnk]
path=c:\documents and settings\CST\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk
backup=c:\windows\pss\Samsung Auto Backup Guage.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CST^Start Menu^Programs^Startup^Samsung Auto Backup Real-Time Daemon.lnk]
path=c:\documents and settings\CST\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk
backup=c:\windows\pss\Samsung Auto Backup Real-Time Daemon.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CST^Start Menu^Programs^Startup^Samsung Auto Backup Scheduler.lnk]
path=c:\documents and settings\CST\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk
backup=c:\windows\pss\Samsung Auto Backup Scheduler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-22 10:57 377248 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-22 11:03 960568 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 19:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 20:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-05-12 13:00 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Backup4all OTB Agent]
2006-01-27 06:23 161280 ----a-w- e:\backup4all\B4AOTB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 08:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-21 12:28 136176 ----atw- c:\documents and settings\CST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 05:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 08:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 08:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 09:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]
2009-01-16 05:09 209216 ----a-w- e:\nitro pdf\Professional\NitroPDFPrinterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-05-09 06:57 3084288 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-11 12:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QvodPlayer]
2011-10-31 14:52 1025936 ----a-w- e:\qvodplayer\QvodTerminal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QvodTerminal]
2011-10-31 14:52 1025936 ----a-w- e:\qvodplayer\QvodTerminal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Crawler]
2004-02-03 01:06 454656 ----a-w- c:\progra~1\RCrawler\rcrawler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 03:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-02-20 05:22 356352 ----a-w- e:\sony ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 05:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-10 05:26 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-22 10:37 4355464 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 11:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AcrSch2Svc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[μ????`=μ??v%S8?>grl>?-Y\?D=??T"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"e:\\Orbitdownloader\\orbitnet.exe"=
"e:\\Orbitdownloader\\orbitdm.exe"=
"e:\\BitSpirit\\BitSpirit.exe"=
"e:\\QvodPlayer\\QvodTerminal.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Funshion Online\\Funshion\\FunshionUpgrade.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\uTorrent\\uTorrent.exe"=
"d:\\Software\\QvodSetup3.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [30/09/2009 5:30 PM 902592]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;e:\nitro pdf\Reader\NitroPDFReaderDriverService.exe [28/01/2011 11:31 AM 196912]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 lyqen;lyqen;c:\windows\system32\drivers\ymdwk.sys --> c:\windows\system32\drivers\ymdwk.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 7:19 PM 13592]
S3 25688;25688;c:\windows\system32\drivers\25688 [24/11/2011 5:10 PM 9072]
S3 Aegioachrmsr;Aegioachrmsr; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04/08/2004 8:00 PM 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24/05/2009 2:15 AM 47360]
S3 Rdelicb;Rdelicb; [x]
S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [06/12/2008 11:14 AM 90408]
S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [06/12/2008 11:14 AM 15016]
S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [06/12/2008 11:14 AM 122024]
S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [06/12/2008 11:14 AM 115368]
S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [06/12/2008 11:14 AM 25768]
S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [06/12/2008 11:14 AM 111784]
S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [06/12/2008 11:14 AM 117544]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [22/07/2008 7:24 AM 10240]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
S4 Appdectvitad;Appdectvitad; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01/10/2009 7:42 AM 721904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-2111687655-725345543-1004Core.job
- c:\documents and settings\CST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-21 12:28]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-2111687655-725345543-1004UA.job
- c:\documents and settings\CST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-21 12:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.asiaone.com/A1Home/A1Home.html
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - e:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - e:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\orbitdownloader\orbitmxt.dll/202
IE: Download Using &BitSpirit - e:\bitspirit\bsurl.htm
IE: E&xport to Microsoft Excel - e:\micros~1\Office10\EXCEL.EXE/3000
IE: 用比特精灵下载(&B)
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Notify-WgaLogon - (no file)
MSConfigStartUp-Funshion - e:\funshion online\Funshion\Funshion.exe
HKLM_ActiveSetup-Nitro PDF Professional - //B
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 10:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden process ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\25688]
"ImagePath"="System32\DRIVERS\25688"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-2111687655-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0C932015-1D87-61FF-3223-99FE40351672}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\H*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\x*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\`*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(3152)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
e:\backup4all\IoctlSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\UStorSrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\conime.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-26 10:31:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-26 02:31
.
Pre-Run: 3,608,285,184 bytes free
Post-Run: 3,931,029,504 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 38136F72031A4BCA691443034EB39051

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 AM

Posted 25 November 2011 - 10:55 PM

Hi

Please do the following:


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic429219.html/page__pid__2486743

Collect::
c:\windows\system32\drivers\25688

SecCenter::
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}

Folder::
c:\documents and settings\CST\Local Settings\Application Data\0b29528f
c:\documents and settings\CST\Application Data\PC Cleaners

Driver::
lyqen
25688
Aegioachrmsr
Rdelicb
Appdectvitad

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Hit Elev

Hit Elev
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 26 November 2011 - 07:38 AM

Below are the reports (ComboFix, MalwareBytes and ESET).



---------- ComboFix ----------
ComboFix 11-11-25.02 - CST 26/11/2011 12:27:17.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.2047.1528 [GMT 8:00]
Running from: c:\documents and settings\CST\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\CST\Desktop\CFScript.txt
.
file zipped: c:\windows\system32\drivers\25688
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\CST\Application Data\PC Cleaners
c:\documents and settings\CST\Application Data\PC Cleaners\app.log
c:\documents and settings\CST\Local Settings\Application Data\0b29528f
c:\documents and settings\CST\Local Settings\Application Data\0b29528f\@
c:\documents and settings\CST\Local Settings\Application Data\0b29528f\loader.tlb
c:\windows\system32\drivers\25688
.
.
((((((((((((((((((((((((((((((((((((((( 驱动/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_25688
-------\Legacy_RDELICB
-------\Service_25688
-------\Service_Aegioachrmsr
-------\Service_Appdectvitad
-------\Service_lyqen
-------\Service_Rdelicb
.
.
((((((((((((((((((((((((( Files created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 02:08 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-25 13:01 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{890A77FB-F5DF-4EAC-A24D-5DB70E7095F5}\mpengine.dll
2011-11-24 07:37 . 2011-11-24 07:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-24 07:01 . 2011-11-24 07:35 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-24 06:52 . 2011-11-24 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-23 11:51 . 2011-11-23 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2011-11-11 08:15 . 2011-11-11 08:15 -------- d-----w- c:\documents and settings\All Users\QvodPlayer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 11:57 . 2008-11-05 00:52 143360 ----a-w- c:\windows\system32\UStorSrv.exe
2011-11-22 15:47 . 2009-10-12 17:18 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2011-11-22 15:19 . 2007-07-10 13:56 56832 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2011-11-22 15:19 . 2007-07-10 03:23 364544 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-22 14:33 . 2007-07-11 03:35 5359888 ----a-w- c:\windows\uninst.exe
2011-10-10 14:22 . 2007-07-10 03:11 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2008-07-09 02:00 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-27 10:37 . 2010-05-20 03:24 95568 ----a-w- c:\windows\system32\vetredir.dll
2011-09-27 10:37 . 2010-05-20 03:24 128336 ----a-w- c:\windows\system32\isafeif.dll
2011-09-26 03:41 . 2008-07-29 11:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 03:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 03:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 09:00 . 2010-11-19 07:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Backup4all OTB Agent"="e:\backup4all\B4AOTB.exe" [2006-01-27 161280]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intense Registry Service"="IntEdReg.exe" [2002-10-15 53760]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-15 127037]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"QvodTerminal"="e:\qvodplayer\QvodTerminal.exe" [2011-10-31 1025936]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 08:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CST^Start Menu^Programs^Startup^Funshion.lnk]
path=c:\documents and settings\CST\Start Menu\Programs\Startup\Funshion.lnk
backup=c:\windows\pss\Funshion.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CST^Start Menu^Programs^Startup^Samsung Auto Backup Guage.lnk]
path=c:\documents and settings\CST\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk
backup=c:\windows\pss\Samsung Auto Backup Guage.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CST^Start Menu^Programs^Startup^Samsung Auto Backup Real-Time Daemon.lnk]
path=c:\documents and settings\CST\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk
backup=c:\windows\pss\Samsung Auto Backup Real-Time Daemon.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CST^Start Menu^Programs^Startup^Samsung Auto Backup Scheduler.lnk]
path=c:\documents and settings\CST\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk
backup=c:\windows\pss\Samsung Auto Backup Scheduler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-22 10:57 377248 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-22 11:03 960568 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 19:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 20:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-05-12 13:00 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Backup4all OTB Agent]
2006-01-27 06:23 161280 ----a-w- e:\backup4all\B4AOTB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 08:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-21 12:28 136176 ----atw- c:\documents and settings\CST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 05:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 08:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 08:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 09:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]
2009-01-16 05:09 209216 ----a-w- e:\nitro pdf\Professional\NitroPDFPrinterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-05-09 06:57 3084288 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-11 12:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QvodPlayer]
2011-10-31 14:52 1025936 ----a-w- e:\qvodplayer\QvodTerminal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QvodTerminal]
2011-10-31 14:52 1025936 ----a-w- e:\qvodplayer\QvodTerminal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Crawler]
2004-02-03 01:06 454656 ----a-w- c:\progra~1\RCrawler\rcrawler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 03:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-02-20 05:22 356352 ----a-w- e:\sony ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 05:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-10 05:26 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-22 10:37 4355464 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 11:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AcrSch2Svc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[μ????`=μ??v%S8?>grl>?-Y\?D=??T"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"e:\\Orbitdownloader\\orbitnet.exe"=
"e:\\Orbitdownloader\\orbitdm.exe"=
"e:\\BitSpirit\\BitSpirit.exe"=
"e:\\QvodPlayer\\QvodTerminal.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Funshion Online\\Funshion\\FunshionUpgrade.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\uTorrent\\uTorrent.exe"=
"d:\\Software\\QvodSetup3.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [30/09/2009 5:30 PM 902592]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;e:\nitro pdf\Reader\NitroPDFReaderDriverService.exe [28/01/2011 11:31 AM 196912]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 7:19 PM 13592]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04/08/2004 8:00 PM 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24/05/2009 2:15 AM 47360]
S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [06/12/2008 11:14 AM 90408]
S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [06/12/2008 11:14 AM 15016]
S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [06/12/2008 11:14 AM 122024]
S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [06/12/2008 11:14 AM 115368]
S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [06/12/2008 11:14 AM 25768]
S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [06/12/2008 11:14 AM 111784]
S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [06/12/2008 11:14 AM 117544]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [22/07/2008 7:24 AM 10240]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01/10/2009 7:42 AM 721904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled tasks' folder
.
2011-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-2111687655-725345543-1004Core.job
- c:\documents and settings\CST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-21 12:28]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-2111687655-725345543-1004UA.job
- c:\documents and settings\CST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-21 12:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.asiaone.com/A1Home/A1Home.html
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - e:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - e:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\orbitdownloader\orbitmxt.dll/202
IE: Download Using &BitSpirit - e:\bitspirit\bsurl.htm
IE: E&xport to Microsoft Excel - e:\micros~1\Office10\EXCEL.EXE/3000
IE: 用比特精灵下载(&B)
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 12:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden process ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-2111687655-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0C932015-1D87-61FF-3223-99FE40351672}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\H*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\x*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\`*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
e:\backup4all\IoctlSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\UStorSrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\conime.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-26 12:41:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-26 04:41
ComboFix2.txt 2011-11-26 03:00
.
Pre-Run: 4,036,894,720 bytes free
Post-Run: 4,022,624,256 bytes free
.
- - End Of File - - D187574569AFEA69A2D4546AE17A5333
Files uploaded successfully



---------- Malwarebytes ----------
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8244

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

26/11/2011 12:51:33 PM
mbam-log-2011-11-26 (12-51-33).txt

Scan type: Quick scan
Objects scanned: 164510
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



---------- ESET ----------
C:\Qoobox\Quarantine\C\Documents and Settings\CST\Local Settings\Application Data\0b29528f\X.vir Win32/Sirefef.DD trojan
C:\Qoobox\Quarantine\C\Documents and Settings\CST\Local Settings\Application Data\0b29528f\U\800000cb.@.vir a variant of Win32/Agent.TEO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\CST\Local Settings\Application Data\0b29528f\U\800000cf.@.vir probably a variant of Win32/Kryptik.JDI trojan
C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\afd.sys.vir Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1746\A0280923.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1746\A0280924.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1747\A0280984.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1752\A0282595.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1752\A0282596.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1752\A0282638.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1752\A0282639.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1752\A0283637.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1752\A0283638.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1752\A0283655.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1752\A0283656.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1752\A0284655.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1752\A0284656.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1753\A0284923.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1753\A0284924.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1753\A0284951.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1753\A0284952.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1755\A0285252.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1755\A0285253.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1755\A0286252.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1755\A0286253.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1755\A0286279.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1755\A0286280.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1755\A0286299.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1755\A0286300.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1756\A0286574.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1756\A0286575.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1756\A0287574.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1756\A0287575.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1756\A0288578.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1756\A0288579.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1757\A0289586.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1757\A0289587.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1757\A0289601.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1757\A0289602.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1757\A0290601.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1757\A0290602.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1757\A0291601.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1757\A0291602.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1758\A0291639.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1758\A0291640.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1759\A0292639.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1759\A0292640.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1760\A0292898.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1760\A0292899.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1760\A0292923.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1760\A0292924.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1760\A0292930.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1761\A0293038.sys Win32/Sirefef.DM trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1761\A0293039.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1762\A0293131.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{985E3E74-CC15-485A-9C12-AE35AEEB7E27}\RP1762\A0293138.sys Win32/Sirefef.DM trojan
D:\Software\QvodSetup5.0.80.exe multiple threats
D:\Software\InUse\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application
D:\Software\InUse\ACDSee Pro 2.0.258 +Keymaker\acdseepro-2-0-238-en.exe probably a variant of Win32/TrojanDownloader.Agent.KJXGWJY trojan
D:\Software\InUse\ACDSee Pro 2.0.258 +Keymaker\acdseepro-2-0-keygen.exe a variant of Win32/Keygen.AG application
D:\Software\InUse\Riverpast\RiverpastAudioConvPro7.7.2Keygen.exe a variant of Win32/Keygen.AW application
D:\Software\InUse\SmartDraw\SmartDraw.Legal.Edition.2009.07.loader-SND\SmartDraw.exe probably a variant of Win32/Agent.LGMQQUN trojan
D:\Software\InUse\VSOConvertXtoDVD\VSO ConvertXtoDVD 3.5.2.137+keygen\vsoConvertXtoDVD3_setup_3.5.2.137 Keygen.exe a variant of Win32/Keygen.AS application
D:\Software\InUse\WinAVI_Video_Converter\WinAVI_Video_Converter_All_Versions_by_CORE.zip probably a variant of Win32/Agent.TRAZJK trojan
D:\Software\InUse\ZC Video\ZC_DVD_Creator_Platinum_v6.1.7_Keygen.exe a variant of Win32/Keygen.AT application
D:\Software\InUse\ZC Video\ZC_RM_RMVB_to_DVD_Creator_v2.0.3_Keygen.exe a variant of Win32/Keygen.AT application
D:\Software\InUse\ZC Video\ZC_Video_Converter_v1.8.4_Keygen.exe a variant of Win32/Keygen.AT application
E:\PDF Password Remover v3.0\winDecrypt.exe probably a variant of Win32/PSWTool.PdfCracker.A application
E:\SmartDraw 2009\SmartDraw.exe probably a variant of Win32/Agent.LGMQQUN trojan

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 AM

Posted 26 November 2011 - 11:42 AM

Hi

Using cracks and keygens is a certain way of getting infected as well as being illegal, it really is not worth it, uninstall all the cracked programs you have and then uninstall the torrent or peer2peer programs you use to get them.
Bleeping Computer does not condone the use of illegally obtained software.


Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
D:\Software\InUse\ACDSee Pro 2.0.258 +Keymaker\acdseepro-2-0-238-en.exe 
D:\Software\InUse\ACDSee Pro 2.0.258 +Keymaker\acdseepro-2-0-keygen.exe 
D:\Software\InUse\Riverpast\RiverpastAudioConvPro7.7.2Keygen.exe 
D:\Software\InUse\SmartDraw\SmartDraw.Legal.Edition.2009.07.loader-SND\SmartDraw.exe 
D:\Software\InUse\VSOConvertXtoDVD\VSO ConvertXtoDVD 3.5.2.137+keygen\vsoConvertXtoDVD3_setup_3.5.2.137 Keygen.exe 
D:\Software\InUse\WinAVI_Video_Converter\WinAVI_Video_Converter_All_Versions_by_CORE.zip 
D:\Software\InUse\ZC Video\ZC_DVD_Creator_Platinum_v6.1.7_Keygen.exe 
D:\Software\InUse\ZC Video\ZC_RM_RMVB_to_DVD_Creator_v2.0.3_Keygen.exe 
D:\Software\InUse\ZC Video\ZC_Video_Converter_v1.8.4_Keygen.exe 
E:\PDF Password Remover v3.0\winDecrypt.exe
E:\SmartDraw 2009\SmartDraw.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Hit Elev

Hit Elev
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 26 November 2011 - 07:26 PM

Hi, I apologised for this problem due to the downloaded files. This is a pass down laptop and I've run thru the files in the system. Most of the programs listed were downloaded 3 years ago and were no longer in use. However, the downloaded files were not deleted and left in the drives. I understand the severity of viruses caused by illegal downloads and please be assured that this will not happen in the future. Thanks for your advice.


ComboFix 11-11-25.02 - CST 27/11/2011 7:46.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.2047.1483 [GMT 8:00]
Running from: c:\documents and settings\CST\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\CST\Desktop\CFScript.txt
.
FILE ::
"d:\software\InUse\ACDSee Pro 2.0.258 +Keymaker\acdseepro-2-0-238-en.exe"
"d:\software\InUse\ACDSee Pro 2.0.258 +Keymaker\acdseepro-2-0-keygen.exe"
"d:\software\InUse\Riverpast\RiverpastAudioConvPro7.7.2Keygen.exe"
"d:\software\InUse\SmartDraw\SmartDraw.Legal.Edition.2009.07.loader-SND\SmartDraw.exe"
"d:\software\InUse\VSOConvertXtoDVD\VSO ConvertXtoDVD 3.5.2.137+keygen\vsoConvertXtoDVD3_setup_3.5.2.137 Keygen.exe"
"d:\software\InUse\WinAVI_Video_Converter\WinAVI_Video_Converter_All_Versions_by_CORE.zip"
"d:\software\InUse\ZC Video\ZC_DVD_Creator_Platinum_v6.1.7_Keygen.exe"
"d:\software\InUse\ZC Video\ZC_RM_RMVB_to_DVD_Creator_v2.0.3_Keygen.exe"
"d:\software\InUse\ZC Video\ZC_Video_Converter_v1.8.4_Keygen.exe"
"e:\pdf password remover v3.0\winDecrypt.exe"
"e:\smartdraw 2009\SmartDraw.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\software\InUse\ACDSee Pro 2.0.258 +Keymaker\acdseepro-2-0-238-en.exe
d:\software\InUse\ACDSee Pro 2.0.258 +Keymaker\acdseepro-2-0-keygen.exe
d:\software\InUse\Riverpast\RiverpastAudioConvPro7.7.2Keygen.exe
d:\software\InUse\SmartDraw\SmartDraw.Legal.Edition.2009.07.loader-SND\SmartDraw.exe
d:\software\InUse\VSOConvertXtoDVD\VSO ConvertXtoDVD 3.5.2.137+keygen\vsoConvertXtoDVD3_setup_3.5.2.137 Keygen.exe
d:\software\InUse\WinAVI_Video_Converter\WinAVI_Video_Converter_All_Versions_by_CORE.zip
d:\software\InUse\ZC Video\ZC_DVD_Creator_Platinum_v6.1.7_Keygen.exe
d:\software\InUse\ZC Video\ZC_RM_RMVB_to_DVD_Creator_v2.0.3_Keygen.exe
d:\software\InUse\ZC Video\ZC_Video_Converter_v1.8.4_Keygen.exe
e:\pdf password remover v3.0\winDecrypt.exe
e:\smartdraw 2009\SmartDraw.exe
.
.
((((((((((((((((((((((((( Files created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 04:58 . 2011-11-26 04:58 -------- d-----w- c:\program files\ESET
2011-11-26 02:08 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-25 13:01 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{890A77FB-F5DF-4EAC-A24D-5DB70E7095F5}\mpengine.dll
2011-11-24 07:37 . 2011-11-24 07:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-24 07:01 . 2011-11-24 07:35 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-24 06:52 . 2011-11-24 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-23 11:51 . 2011-11-23 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2011-11-11 08:15 . 2011-11-11 08:15 -------- d-----w- c:\documents and settings\All Users\QvodPlayer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 11:57 . 2008-11-05 00:52 143360 ----a-w- c:\windows\system32\UStorSrv.exe
2011-11-22 15:47 . 2009-10-12 17:18 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2011-11-22 15:19 . 2007-07-10 13:56 56832 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2011-11-22 15:19 . 2007-07-10 03:23 364544 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-22 14:33 . 2007-07-11 03:35 5359888 ----a-w- c:\windows\uninst.exe
2011-10-10 14:22 . 2007-07-10 03:11 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2008-07-09 02:00 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-27 10:37 . 2010-05-20 03:24 95568 ----a-w- c:\windows\system32\vetredir.dll
2011-09-27 10:37 . 2010-05-20 03:24 128336 ----a-w- c:\windows\system32\isafeif.dll
2011-09-26 03:41 . 2008-07-29 11:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 03:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 03:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 09:00 . 2010-11-19 07:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-26_02.25.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-11-25 23:55 . 2011-11-25 23:55 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-11-25 23:56 . 2011-11-25 23:56 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-04 12:00 . 2011-11-25 23:56 816280 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-11-26 23:42 816280 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2011-11-25 23:56 198426 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-11-26 23:42 198426 c:\windows\system32\perfc009.dat
+ 2011-11-26 23:41 . 2011-11-26 23:41 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-11-26 23:41 . 2011-11-26 23:41 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-11-25 23:55 . 2011-11-25 23:55 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-11-25 23:56 . 2011-11-25 23:56 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-11-26 23:42 . 2011-11-26 23:42 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
.
-- 快照技术重新设置 --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Backup4all OTB Agent"="e:\backup4all\B4AOTB.exe" [2006-01-27 161280]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intense Registry Service"="IntEdReg.exe" [2002-10-15 53760]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-15 127037]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"QvodTerminal"="e:\qvodplayer\QvodTerminal.exe" [2011-10-31 1025936]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 08:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CST^Start Menu^Programs^Startup^Funshion.lnk]
path=c:\documents and settings\CST\Start Menu\Programs\Startup\Funshion.lnk
backup=c:\windows\pss\Funshion.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CST^Start Menu^Programs^Startup^Samsung Auto Backup Guage.lnk]
path=c:\documents and settings\CST\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk
backup=c:\windows\pss\Samsung Auto Backup Guage.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CST^Start Menu^Programs^Startup^Samsung Auto Backup Real-Time Daemon.lnk]
path=c:\documents and settings\CST\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk
backup=c:\windows\pss\Samsung Auto Backup Real-Time Daemon.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CST^Start Menu^Programs^Startup^Samsung Auto Backup Scheduler.lnk]
path=c:\documents and settings\CST\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk
backup=c:\windows\pss\Samsung Auto Backup Scheduler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-22 10:57 377248 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-22 11:03 960568 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 19:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 20:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-05-12 13:00 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Backup4all OTB Agent]
2006-01-27 06:23 161280 ----a-w- e:\backup4all\B4AOTB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 08:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-21 12:28 136176 ----atw- c:\documents and settings\CST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 05:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 08:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 08:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 09:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]
2009-01-16 05:09 209216 ----a-w- e:\nitro pdf\Professional\NitroPDFPrinterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-05-09 06:57 3084288 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-11 12:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QvodPlayer]
2011-10-31 14:52 1025936 ----a-w- e:\qvodplayer\QvodTerminal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QvodTerminal]
2011-10-31 14:52 1025936 ----a-w- e:\qvodplayer\QvodTerminal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Crawler]
2004-02-03 01:06 454656 ----a-w- c:\progra~1\RCrawler\rcrawler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 03:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-02-20 05:22 356352 ----a-w- e:\sony ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 05:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-10 05:26 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-22 10:37 4355464 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 11:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AcrSch2Svc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[μ????`=μ??v%S8?>grl>?-Y\?D=??T"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"e:\\Orbitdownloader\\orbitnet.exe"=
"e:\\Orbitdownloader\\orbitdm.exe"=
"e:\\BitSpirit\\BitSpirit.exe"=
"e:\\QvodPlayer\\QvodTerminal.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Funshion Online\\Funshion\\FunshionUpgrade.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\uTorrent\\uTorrent.exe"=
"d:\\Software\\QvodSetup3.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [30/09/2009 5:30 PM 902592]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;e:\nitro pdf\Reader\NitroPDFReaderDriverService.exe [28/01/2011 11:31 AM 196912]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 7:19 PM 13592]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04/08/2004 8:00 PM 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24/05/2009 2:15 AM 47360]
S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [06/12/2008 11:14 AM 90408]
S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [06/12/2008 11:14 AM 15016]
S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [06/12/2008 11:14 AM 122024]
S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [06/12/2008 11:14 AM 115368]
S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [06/12/2008 11:14 AM 25768]
S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [06/12/2008 11:14 AM 111784]
S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [06/12/2008 11:14 AM 117544]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [22/07/2008 7:24 AM 10240]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01/10/2009 7:42 AM 721904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled tasks' folder
.
2011-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-2111687655-725345543-1004Core.job
- c:\documents and settings\CST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-21 12:28]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-2111687655-725345543-1004UA.job
- c:\documents and settings\CST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-21 12:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.asiaone.com/A1Home/A1Home.html
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - e:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - e:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\orbitdownloader\orbitmxt.dll/202
IE: Download Using &BitSpirit - e:\bitspirit\bsurl.htm
IE: E&xport to Microsoft Excel - e:\micros~1\Office10\EXCEL.EXE/3000
IE: 用比特精灵下载(&B)
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-27 07:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden process ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scanning completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-2111687655-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0C932015-1D87-61FF-3223-99FE40351672}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\H*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\x*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\`*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1108)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-11-27 07:58:03
ComboFix-quarantined-files.txt 2011-11-26 23:57
ComboFix2.txt 2011-11-26 07:24
ComboFix3.txt 2011-11-26 03:00
.
Pre-Run: 3,755,966,464 bytes free
Post-Run: 3,716,837,376 bytes free
.
- - End Of File - - 167FCD33F0339D40DF8212BD5384BCF4

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 AM

Posted 26 November 2011 - 07:37 PM

no problem,

please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT


Please post a fresh DDS Log and Attach.txt and advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Hit Elev

Hit Elev
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 26 November 2011 - 08:25 PM

Google search no longer redirects to xa.com! Thank you very much for your help. Can I reinstall CA anti-virus and turn on Windows Defender and firewall?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by CST at 9:07:33 on 2011-11-27
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.2047.1511 [GMT 8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
E:\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
E:\Backup4all\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
E:\QvodPlayer\QvodTerminal.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.asiaone.com/A1Home/A1Home.html
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - e:\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - e:\orbitdownloader\GrabPro.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Backup4all OTB Agent] e:\backup4all\B4AOTB.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [Intense Registry Service] IntEdReg.exe /CHECK
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QvodTerminal] "e:\qvodplayer\QvodTerminal.exe" -autorun
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
IE: &Download by Orbit - e:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - e:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\orbitdownloader\orbitmxt.dll/202
IE: Download Using &BitSpirit - e:\bitspirit\bsurl.htm
IE: E&xport to Microsoft Excel - e:\micros~1\office10\EXCEL.EXE/3000
IE: 用比特精灵下载(&B)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} - hxxp://www.singnet.com.sg/technical/helptools/media/SpeedCtrl.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/31.41/uploader2.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.can.com.sg/mwf/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184058399968
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FD68625-2346-418A-8899-67CB36B1917F} - hxxp://care.singnet.com.sg/lwp/static/installers/WebflowActiveXInstaller_6-1-2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxp://care.singnet.com.sg/lwp/static/installers/WebflowActiveXInstaller_5-0-0.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C1DBFEC9-F6AC-456C-BCCF-BB054B7C7734} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C4B77AA8-0FC2-4522-B226-BB0F726321F9} : DhcpNameServer = 192.168.1.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [2009-9-30 902592]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;e:\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-28 196912]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [2008-12-6 90408]
S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [2008-12-6 15016]
S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [2008-12-6 122024]
S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [2008-12-6 115368]
S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [2008-12-6 25768]
S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [2008-12-6 111784]
S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [2008-12-6 117544]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2008-7-22 10240]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-11-26 04:58:36 -------- d-----w- c:\program files\ESET
2011-11-26 02:08:20 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-26 02:05:38 -------- d-sha-r- C:\cmdcons
2011-11-26 02:02:48 98816 ----a-w- c:\windows\sed.exe
2011-11-26 02:02:48 518144 ----a-w- c:\windows\SWREG.exe
2011-11-26 02:02:48 256000 ----a-w- c:\windows\PEV.exe
2011-11-26 02:02:48 208896 ----a-w- c:\windows\MBR.exe
2011-11-25 13:01:16 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{890a77fb-f5df-4eac-a24d-5db70e7095f5}\mpengine.dll
2011-11-24 07:37:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-24 07:37:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-24 07:01:05 -------- d-----w- c:\program files\common files\PC Tools
2011-11-24 06:52:59 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-11-23 11:51:01 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2011-11-11 08:15:42 -------- d-----w- c:\documents and settings\all users\QvodPlayer
.
==================== Find3M ====================
.
2011-11-23 11:57:12 143360 ----a-w- c:\windows\system32\UStorSrv.exe
2011-11-22 15:47:39 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2011-11-22 15:19:05 56832 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2011-11-22 15:19:04 364544 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-22 14:33:23 5359888 ----a-w- c:\windows\uninst.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-27 10:37:24 95568 ----a-w- c:\windows\system32\vetredir.dll
2011-09-27 10:37:24 128336 ----a-w- c:\windows\system32\isafeif.dll
2011-09-26 03:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 03:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 03:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 09:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 9:07:52.20 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/07/2007 11:16:51 AM
System Uptime: 27/11/2011 7:36:02 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0X9238
Processor: Intel® Pentium® M processor 1.86GHz | Microprocessor | 1061/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 3.481 GiB free.
D: is FIXED (NTFS) - 44 GiB total, 1.625 GiB free.
E: is FIXED (NTFS) - 34 GiB total, 15.748 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Alps Touch Pad
Device ID: ACPI\PNP0F13\4&15F2F7D1&0
Manufacturer: Alps Electric
Name: Alps Touch Pad
PNP Device ID: ACPI\PNP0F13\4&15F2F7D1&0
Service: i8042prt
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N81
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N81
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1726: 10/11/2011 6:57:16 PM - Software Distribution Service 3.0
RP1727: 11/11/2011 3:00:20 AM - Software Distribution Service 3.0
RP1728: 11/11/2011 3:29:42 PM - Software Distribution Service 3.0
RP1729: 11/11/2011 3:44:57 PM - QVOD
RP1730: 11/11/2011 3:56:10 PM - Restore Operation
RP1731: 11/11/2011 4:15:00 PM - QVOD
RP1732: 11/11/2011 4:28:13 PM - Funshion
RP1733: 11/11/2011 4:34:34 PM - Restore Operation
RP1734: 11/11/2011 4:47:53 PM - Funshion
RP1735: 11/11/2011 9:00:35 PM - Software Distribution Service 3.0
RP1736: 12/11/2011 9:20:24 AM - Software Distribution Service 3.0
RP1737: 13/11/2011 11:05:00 AM - Software Distribution Service 3.0
RP1738: 14/11/2011 7:16:41 PM - Software Distribution Service 3.0
RP1739: 16/11/2011 6:12:08 PM - Software Distribution Service 3.0
RP1740: 16/11/2011 6:35:15 PM - Software Distribution Service 3.0
RP1741: 17/11/2011 9:48:54 AM - Software Distribution Service 3.0
RP1742: 18/11/2011 12:14:49 PM - Software Distribution Service 3.0
RP1743: 18/11/2011 9:01:09 PM - Software Distribution Service 3.0
RP1744: 21/11/2011 4:34:48 PM - Software Distribution Service 3.0
RP1745: 22/11/2011 7:20:54 AM - Software Distribution Service 3.0
RP1746: 22/11/2011 9:01:00 PM - Software Distribution Service 3.0
RP1747: 23/11/2011 2:12:24 AM - Restore Operation
RP1748: 23/11/2011 2:45:46 AM - Restore Operation
RP1749: 23/11/2011 2:54:09 AM - Restore Operation
RP1750: 23/11/2011 3:52:36 AM - Restore Operation
RP1751: 23/11/2011 4:35:40 AM - Software Distribution Service 3.0
RP1752: 23/11/2011 7:49:14 PM - Restore Operation
RP1753: 24/11/2011 12:54:50 AM - Software Distribution Service 3.0
RP1754: 24/11/2011 2:59:43 PM - Spyware Doctore
RP1755: 24/11/2011 3:34:58 PM - Restore Operation
RP1756: 25/11/2011 3:02:03 AM - Software Distribution Service 3.0
RP1757: 25/11/2011 4:02:30 AM - Restore Operation
RP1758: 25/11/2011 9:01:12 PM - Software Distribution Service 3.0
RP1759: 26/11/2011 7:29:16 AM - Software Distribution Service 3.0
RP1760: 26/11/2011 7:36:00 AM - Software Distribution Service 3.0
RP1761: 26/11/2011 9:58:17 AM - CA Internet Security Suite
RP1762: 26/11/2011 10:00:19 AM - CA Internet Security Suite
RP1763: 27/11/2011 7:38:25 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
ACDSee Pro 4
Acrobat.com
Acronis?True?Image?Home
Adobe Acrobat 4.0
Adobe AIR
Adobe Community Help
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop 7.0
Adobe Photoshop CS5
Adobe Reader 9.4.6
Adobe Shockwave Player
ALPS Touch Pad Driver
APlayer Codec Lite version 2.0.1.230
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avanquest update
AviSynth 2.5
Backup4all OTB Edition 2.3.4 OEM
BitSpirit v3.3.2.365 Stable
BlackBerry Desktop Software 6.1
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom 440x 10/100 Integrated Controller
C-Major Audio
Caere Scan Manager 5.1
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon Easy-WebPrint EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon ScanGear Toolbox CS 2.2
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities SELPHY CP730_720 Guide
Canon Utilities ZoomBrowser EX
CCleaner
Chinese Simplified Fonts Support For Adobe Reader 9
Chinese Traditional Fonts Support For Adobe Reader 9
Conexant D110 MDC V.9x Modem
ConvertXtoDVD 4.1.2.336
Creative Jukebox Driver
Critical Update for Windows Media Player 11 (KB959772)
Dell Media Experience
Dell ResourceCD
DellConnect
DivX Converter
DivX Setup
DivXLand Media Subtitler
EPSON Copy Utility
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
ESET Online Scanner v3
ExamDiff Pro 3.5
Free MKV Video2Dvd 3.12
Google Chrome
GPL Ghostscript 8.63
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® PROSet/Wireless Software
Intense Language Office
Internal Network Card Power Management
iPhone Configuration Utility
IsoBuster 1.9
iTunes
Japanese Fonts Support For Adobe Reader 8
Java™ 6 Update 7
Java™ SE Development Kit 6
K-Lite Codec Pack 6.1.0 (Full)
LG PC Suite III
LG USB Modem Drivers
Malwarebytes' Anti-Malware version 1.51.2.1300
mCore
mDriver
mDrWiFi
MediaMonkey 3.0
Messenger Plus! Live
mHlpDell
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Application Compatibility Database
Microsoft Windows Journal Viewer
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIWA
mIWCA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
mWlsSafe
mXML
MyPhoneExplorer
mZConfig
Nitro PDF Professional
Nitro PDF Reader
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.5
Nokia NSeries Application Installer
Nokia NSeries Content Copier
Nokia NSeries Multimedia Player
Nokia NSeries System Utilities
Nokia Software Launcher
Nokia Software Updater
OmniPage Pro 9.0
Orbit Downloader
Passware Kit Enterprise 10.3
PC Connectivity Solution
PDF Password Remover v3.0
PDF Settings CS5
PF 1260 1660 2400 Guide
PowerDVD 5.5
PowerQuest PartitionMagic 7.0
Quick Recovery for Pen Drives
QuickSet
QuickTime
QuickTime Alternative 1.47
Real Alternative 1.51
RealPlayer
Registry Crawler
Safari
SafeCast Shared Components
ScanToWeb
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype? 4.2
SmartDraw 2009
SmartDraw PDF Filter
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony Ericsson Media Manager 1.1
Sony Ericsson PC Suite
Sony Ericsson PC Suite 3.209.00
Sothink Movie DVD Maker
Spelling Dictionaries Support For Adobe Reader 9
TMPGEnc 4.0 XPress
TMPGEnc Authoring Works 4
Ulead iPhoto Express 1.1
Ultralingua
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
WebFldrs XP
Win AVI HelixSDK
WinAVI Video Converter
Windows Defender
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile? Device Handbook
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger
μTorrent
快播 5.0.80
.
==== Event Viewer Messages From Past Week ========
.
27/11/2011 7:47:13 AM, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort0.
27/11/2011 7:45:39 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168).
27/11/2011 7:45:39 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2572073).
27/11/2011 7:45:39 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2539631).
27/11/2011 7:45:39 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241).
27/11/2011 7:45:39 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864).
26/11/2011 7:38:29 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
26/11/2011 12:33:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_25688\0000 disappeared from the system without first being prepared for removal.
26/11/2011 10:04:09 AM, error: Service Control Manager [7034] - The C-DillaCdaC11BA service terminated unexpectedly. It has done this 1 time(s).
25/11/2011 4:42:13 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
25/11/2011 4:40:26 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
25/11/2011 4:30:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
25/11/2011 4:29:49 AM, error: Service Control Manager [7000] - The Rdelicb service failed to start due to the following error: The system cannot find the file specified.
25/11/2011 3:59:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
25/11/2011 3:58:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
25/11/2011 3:58:33 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec KmxAgent KmxStart Lbd MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip Tosrfcom
25/11/2011 3:58:33 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
25/11/2011 3:58:33 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/11/2011 3:58:33 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/11/2011 3:58:33 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
25/11/2011 3:58:33 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/11/2011 3:58:33 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/11/2011 3:58:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
24/11/2011 5:15:09 PM, error: Service Control Manager [7034] - The CAAMSvc service terminated unexpectedly. It has done this 1 time(s).
24/11/2011 3:33:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec KmxAgent KmxStart Lbd MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip Tosrfcom WS2IFSL
24/11/2011 3:26:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
24/11/2011 10:34:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde Lbd
.
==== End Of File ===========================

Oops, I've missed out the TDSKiller log. Sorry.

09:02:28.0109 3664 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
09:02:29.0031 3664 ============================================================
09:02:29.0031 3664 Current date / time: 2011/11/27 09:02:29.0031
09:02:29.0031 3664 SystemInfo:
09:02:29.0031 3664
09:02:29.0031 3664 OS Version: 5.1.2600 ServicePack: 3.0
09:02:29.0031 3664 Product type: Workstation
09:02:29.0031 3664 ComputerName: NOTEBOOK
09:02:29.0031 3664 UserName: CST
09:02:29.0031 3664 Windows directory: C:\WINDOWS
09:02:29.0031 3664 System windows directory: C:\WINDOWS
09:02:29.0031 3664 Processor architecture: Intel x86
09:02:29.0031 3664 Number of processors: 1
09:02:29.0031 3664 Page size: 0x1000
09:02:29.0031 3664 Boot type: Normal boot
09:02:29.0031 3664 ============================================================
09:02:30.0828 3664 Initialize success
09:02:43.0796 2300 ============================================================
09:02:43.0796 2300 Scan started
09:02:43.0796 2300 Mode: Manual;
09:02:43.0796 2300 ============================================================
09:02:44.0328 2300 Abiosdsk - ok
09:02:44.0343 2300 abp480n5 - ok
09:02:44.0406 2300 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:02:44.0406 2300 ACPI - ok
09:02:44.0453 2300 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:02:44.0453 2300 ACPIEC - ok
09:02:44.0468 2300 adpu160m - ok
09:02:44.0515 2300 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:02:44.0515 2300 aec - ok
09:02:44.0562 2300 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:02:44.0562 2300 AegisP - ok
09:02:44.0671 2300 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:02:44.0671 2300 AFD - ok
09:02:44.0687 2300 Aha154x - ok
09:02:44.0718 2300 aic78u2 - ok
09:02:44.0734 2300 aic78xx - ok
09:02:44.0781 2300 AliIde - ok
09:02:44.0796 2300 amsint - ok
09:02:44.0875 2300 ApfiltrService (85e8ca52aa187cf24f91d20b5e86238f) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
09:02:44.0875 2300 ApfiltrService - ok
09:02:44.0921 2300 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
09:02:44.0921 2300 APPDRV - ok
09:02:44.0968 2300 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:02:44.0968 2300 Arp1394 - ok
09:02:45.0000 2300 asc - ok
09:02:45.0031 2300 asc3350p - ok
09:02:45.0062 2300 asc3550 - ok
09:02:45.0109 2300 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:02:45.0125 2300 AsyncMac - ok
09:02:45.0203 2300 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:02:45.0203 2300 atapi - ok
09:02:45.0234 2300 Atdisk - ok
09:02:45.0343 2300 ati2mtag (0d305a9470d11d828c73ff0c0548635b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:02:45.0359 2300 ati2mtag - ok
09:02:45.0468 2300 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:02:45.0468 2300 Atmarpc - ok
09:02:45.0531 2300 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:02:45.0531 2300 audstub - ok
09:02:45.0593 2300 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
09:02:45.0593 2300 bcm4sbxp - ok
09:02:45.0640 2300 BCOREUSB (40f8c4c10ed67b1de44abf82582bac37) C:\WINDOWS\system32\Drivers\BCOREUSB.sys
09:02:45.0656 2300 BCOREUSB - ok
09:02:45.0703 2300 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:02:45.0703 2300 Beep - ok
09:02:45.0765 2300 BOCDRIVE - ok
09:02:45.0906 2300 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
09:02:45.0906 2300 BthEnum - ok
09:02:45.0953 2300 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
09:02:45.0953 2300 BthPan - ok
09:02:46.0015 2300 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
09:02:46.0015 2300 BTHPORT - ok
09:02:46.0062 2300 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
09:02:46.0078 2300 BTHUSB - ok
09:02:46.0093 2300 BTWUSB - ok
09:02:46.0187 2300 catchme - ok
09:02:46.0296 2300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:02:46.0296 2300 cbidf2k - ok
09:02:46.0328 2300 cd20xrnt - ok
09:02:46.0406 2300 CdaC15BA (08f60f40d1a2a95a1f12eddbd9f25c1c) C:\WINDOWS\system32\drivers\CdaC15BA.SYS
09:02:46.0406 2300 CdaC15BA - ok
09:02:46.0468 2300 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:02:46.0468 2300 Cdaudio - ok
09:02:46.0531 2300 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:02:46.0531 2300 Cdfs - ok
09:02:46.0640 2300 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
09:02:46.0640 2300 cdrbsdrv - ok
09:02:46.0687 2300 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:02:46.0687 2300 Cdrom - ok
09:02:46.0750 2300 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
09:02:46.0750 2300 cercsr6 - ok
09:02:46.0781 2300 Changer - ok
09:02:46.0828 2300 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:02:46.0828 2300 CmBatt - ok
09:02:46.0843 2300 CmdIde - ok
09:02:46.0875 2300 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:02:46.0875 2300 Compbatt - ok
09:02:46.0921 2300 Cpqarray - ok
09:02:46.0953 2300 dac2w2k - ok
09:02:46.0984 2300 dac960nt - ok
09:02:47.0015 2300 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:02:47.0015 2300 Disk - ok
09:02:47.0109 2300 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:02:47.0125 2300 dmboot - ok
09:02:47.0234 2300 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:02:47.0234 2300 dmio - ok
09:02:47.0296 2300 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:02:47.0296 2300 dmload - ok
09:02:47.0375 2300 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:02:47.0375 2300 DMusic - ok
09:02:47.0421 2300 dpti2o - ok
09:02:47.0468 2300 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:02:47.0468 2300 drmkaud - ok
09:02:47.0531 2300 drvmcdb (24646242310499d75c6db4b32768a3b3) C:\WINDOWS\system32\drivers\drvmcdb.sys
09:02:47.0531 2300 drvmcdb - ok
09:02:47.0609 2300 drvnddm (2ff629c1c443e25d0149b9dfb77e43a8) C:\WINDOWS\system32\drivers\drvnddm.sys
09:02:47.0609 2300 drvnddm - ok
09:02:47.0703 2300 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:02:47.0703 2300 Fastfat - ok
09:02:47.0750 2300 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:02:47.0750 2300 Fdc - ok
09:02:47.0796 2300 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:02:47.0796 2300 Fips - ok
09:02:47.0828 2300 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:02:47.0828 2300 Flpydisk - ok
09:02:47.0906 2300 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:02:47.0906 2300 FltMgr - ok
09:02:48.0015 2300 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
09:02:48.0015 2300 FsVga - ok
09:02:48.0046 2300 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:02:48.0046 2300 Fs_Rec - ok
09:02:48.0078 2300 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:02:48.0078 2300 Ftdisk - ok
09:02:48.0140 2300 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:02:48.0140 2300 GEARAspiWDM - ok
09:02:48.0187 2300 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:02:48.0187 2300 Gpc - ok
09:02:48.0265 2300 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:02:48.0265 2300 HidUsb - ok
09:02:48.0328 2300 hpn - ok
09:02:48.0406 2300 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
09:02:48.0406 2300 HSFHWICH - ok
09:02:48.0500 2300 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:02:48.0515 2300 HSF_DP - ok
09:02:48.0625 2300 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:02:48.0625 2300 HTTP - ok
09:02:48.0656 2300 i2omgmt - ok
09:02:48.0671 2300 i2omp - ok
09:02:48.0734 2300 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:02:48.0734 2300 i8042prt - ok
09:02:48.0781 2300 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:02:48.0781 2300 Imapi - ok
09:02:48.0828 2300 ini910u - ok
09:02:48.0859 2300 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:02:48.0875 2300 IntelIde - ok
09:02:48.0921 2300 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:02:48.0921 2300 intelppm - ok
09:02:49.0015 2300 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:02:49.0015 2300 Ip6Fw - ok
09:02:49.0093 2300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:02:49.0093 2300 IpFilterDriver - ok
09:02:49.0140 2300 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:02:49.0140 2300 IpInIp - ok
09:02:49.0187 2300 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:02:49.0187 2300 IpNat - ok
09:02:49.0234 2300 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:02:49.0234 2300 IPSec - ok
09:02:49.0328 2300 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:02:49.0343 2300 IRENUM - ok
09:02:49.0406 2300 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:02:49.0406 2300 isapnp - ok
09:02:49.0468 2300 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
09:02:49.0468 2300 IWCA - ok
09:02:49.0531 2300 Jukebox3 (c08c6dcbcffea9a92b25622b5ea153ac) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
09:02:49.0531 2300 Jukebox3 - ok
09:02:49.0593 2300 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
09:02:49.0593 2300 k750bus - ok
09:02:49.0687 2300 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
09:02:49.0687 2300 k750mdfl - ok
09:02:49.0750 2300 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\WINDOWS\system32\DRIVERS\k750mdm.sys
09:02:49.0750 2300 k750mdm - ok
09:02:49.0796 2300 k750mgmt (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
09:02:49.0796 2300 k750mgmt - ok
09:02:49.0843 2300 k750obex (81ca2d57b2c14f76f4ba80846784bb3d) C:\WINDOWS\system32\DRIVERS\k750obex.sys
09:02:49.0843 2300 k750obex - ok
09:02:49.0906 2300 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:02:49.0906 2300 Kbdclass - ok
09:02:49.0968 2300 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:02:49.0968 2300 kmixer - ok
09:02:50.0078 2300 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:02:50.0078 2300 KSecDD - ok
09:02:50.0109 2300 Lbd - ok
09:02:50.0140 2300 lbrtfdc - ok
09:02:50.0234 2300 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:02:50.0234 2300 mdmxsdk - ok
09:02:50.0281 2300 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:02:50.0281 2300 mnmdd - ok
09:02:50.0343 2300 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:02:50.0343 2300 Modem - ok
09:02:50.0406 2300 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:02:50.0406 2300 Mouclass - ok
09:02:50.0500 2300 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:02:50.0500 2300 mouhid - ok
09:02:50.0562 2300 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:02:50.0562 2300 MountMgr - ok
09:02:50.0593 2300 mraid35x - ok
09:02:50.0671 2300 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
09:02:50.0671 2300 MREMP50 - ok
09:02:50.0687 2300 MREMP50a64 - ok
09:02:50.0734 2300 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
09:02:50.0734 2300 MREMPR5 - ok
09:02:50.0750 2300 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
09:02:50.0750 2300 MRENDIS5 - ok
09:02:50.0781 2300 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
09:02:50.0781 2300 MRESP50 - ok
09:02:50.0796 2300 MRESP50a64 - ok
09:02:50.0906 2300 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:02:50.0906 2300 MRxDAV - ok
09:02:50.0968 2300 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:02:50.0984 2300 MRxSmb - ok
09:02:51.0093 2300 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:02:51.0093 2300 Msfs - ok
09:02:51.0140 2300 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:02:51.0140 2300 MSKSSRV - ok
09:02:51.0187 2300 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:02:51.0187 2300 MSPCLOCK - ok
09:02:51.0218 2300 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:02:51.0218 2300 MSPQM - ok
09:02:51.0281 2300 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:02:51.0281 2300 mssmbios - ok
09:02:51.0343 2300 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:02:51.0343 2300 Mup - ok
09:02:51.0500 2300 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:02:51.0515 2300 NDIS - ok
09:02:51.0562 2300 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:02:51.0562 2300 NdisTapi - ok
09:02:51.0593 2300 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:02:51.0593 2300 Ndisuio - ok
09:02:51.0640 2300 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:02:51.0640 2300 NdisWan - ok
09:02:51.0687 2300 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:02:51.0687 2300 NDProxy - ok
09:02:51.0796 2300 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:02:51.0796 2300 NetBIOS - ok
09:02:51.0843 2300 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:02:51.0843 2300 NetBT - ok
09:02:51.0921 2300 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:02:51.0921 2300 NIC1394 - ok
09:02:52.0015 2300 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys
09:02:52.0015 2300 nmwcd - ok
09:02:52.0062 2300 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys
09:02:52.0062 2300 nmwcdc - ok
09:02:52.0156 2300 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys
09:02:52.0156 2300 nmwcdcj - ok
09:02:52.0187 2300 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys
09:02:52.0187 2300 nmwcdcm - ok
09:02:52.0234 2300 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:02:52.0234 2300 Npfs - ok
09:02:52.0312 2300 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:02:52.0328 2300 Ntfs - ok
09:02:52.0421 2300 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:02:52.0421 2300 Null - ok
09:02:52.0484 2300 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:02:52.0484 2300 NwlnkFlt - ok
09:02:52.0531 2300 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:02:52.0531 2300 NwlnkFwd - ok
09:02:52.0578 2300 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:02:52.0593 2300 ohci1394 - ok
09:02:52.0656 2300 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
09:02:52.0656 2300 OMCI - ok
09:02:52.0765 2300 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:02:52.0765 2300 Parport - ok
09:02:52.0828 2300 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:02:52.0828 2300 PartMgr - ok
09:02:52.0890 2300 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:02:52.0890 2300 ParVdm - ok
09:02:52.0937 2300 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:02:52.0937 2300 PCI - ok
09:02:52.0968 2300 PCIDump - ok
09:02:53.0015 2300 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:02:53.0015 2300 PCIIde - ok
09:02:53.0109 2300 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:02:53.0109 2300 Pcmcia - ok
09:02:53.0171 2300 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
09:02:53.0171 2300 pcouffin - ok
09:02:53.0203 2300 PDCOMP - ok
09:02:53.0218 2300 PDFRAME - ok
09:02:53.0250 2300 PDRELI - ok
09:02:53.0281 2300 PDRFRAME - ok
09:02:53.0296 2300 perc2 - ok
09:02:53.0328 2300 perc2hib - ok
09:02:53.0437 2300 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:02:53.0437 2300 PptpMiniport - ok
09:02:53.0468 2300 PQNTDrv (474543751522111dd7c0cf09e17f6d9f) C:\WINDOWS\system32\drivers\PQNTDrv.sys
09:02:53.0468 2300 PQNTDrv - ok
09:02:53.0531 2300 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:02:53.0531 2300 PSched - ok
09:02:53.0625 2300 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:02:53.0625 2300 Ptilink - ok
09:02:53.0687 2300 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:02:53.0687 2300 PxHelp20 - ok
09:02:53.0765 2300 ql1080 - ok
09:02:53.0781 2300 Ql10wnt - ok
09:02:53.0812 2300 ql12160 - ok
09:02:53.0843 2300 ql1240 - ok
09:02:53.0859 2300 ql1280 - ok
09:02:53.0906 2300 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:02:53.0906 2300 RasAcd - ok
09:02:53.0984 2300 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:02:53.0984 2300 Rasl2tp - ok
09:02:54.0093 2300 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:02:54.0093 2300 RasPppoe - ok
09:02:54.0125 2300 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:02:54.0125 2300 Raspti - ok
09:02:54.0187 2300 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:02:54.0187 2300 Rdbss - ok
09:02:54.0218 2300 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:02:54.0218 2300 RDPCDD - ok
09:02:54.0296 2300 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:02:54.0296 2300 RDPWD - ok
09:02:54.0406 2300 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:02:54.0406 2300 redbook - ok
09:02:54.0500 2300 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
09:02:54.0500 2300 RFCOMM - ok
09:02:54.0562 2300 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:02:54.0562 2300 RimVSerPort - ok
09:02:54.0625 2300 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:02:54.0625 2300 ROOTMODEM - ok
09:02:54.0765 2300 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
09:02:54.0765 2300 s116bus - ok
09:02:54.0812 2300 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
09:02:54.0828 2300 s116mdfl - ok
09:02:54.0843 2300 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
09:02:54.0859 2300 s116mdm - ok
09:02:54.0921 2300 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
09:02:54.0921 2300 s116mgmt - ok
09:02:54.0984 2300 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
09:02:54.0984 2300 s116nd5 - ok
09:02:55.0078 2300 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
09:02:55.0078 2300 s116obex - ok
09:02:55.0140 2300 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
09:02:55.0140 2300 s116unic - ok
09:02:55.0218 2300 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:02:55.0218 2300 s24trans - ok
09:02:55.0265 2300 s3117bus (a2f73fdbc3ed0cc645b964f9541a174c) C:\WINDOWS\system32\DRIVERS\s3117bus.sys
09:02:55.0281 2300 s3117bus - ok
09:02:55.0312 2300 s3117mdfl (661d01f7ad3f4d57a0324f89c47ebe45) C:\WINDOWS\system32\DRIVERS\s3117mdfl.sys
09:02:55.0312 2300 s3117mdfl - ok
09:02:55.0406 2300 s3117mdm (79117d96bb6640b2beed8b5275eb3c7d) C:\WINDOWS\system32\DRIVERS\s3117mdm.sys
09:02:55.0406 2300 s3117mdm - ok
09:02:55.0453 2300 s3117mgmt (b3f56a96aa1402bc0122730837b13c1b) C:\WINDOWS\system32\DRIVERS\s3117mgmt.sys
09:02:55.0453 2300 s3117mgmt - ok
09:02:55.0500 2300 s3117nd5 (bd42d3273c57a2fc1da68a65d6320421) C:\WINDOWS\system32\DRIVERS\s3117nd5.sys
09:02:55.0500 2300 s3117nd5 - ok
09:02:55.0562 2300 s3117obex (9b3ea7bcc04851182f056cf42187caf6) C:\WINDOWS\system32\DRIVERS\s3117obex.sys
09:02:55.0562 2300 s3117obex - ok
09:02:55.0609 2300 s3117unic (0f7eaffd62e48e0d281562e481c0d71f) C:\WINDOWS\system32\DRIVERS\s3117unic.sys
09:02:55.0625 2300 s3117unic - ok
09:02:55.0765 2300 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:02:55.0765 2300 sdbus - ok
09:02:55.0828 2300 SE27bus (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys
09:02:55.0828 2300 SE27bus - ok
09:02:55.0875 2300 SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
09:02:55.0875 2300 SE27mdfl - ok
09:02:55.0921 2300 SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
09:02:55.0921 2300 SE27mdm - ok
09:02:55.0968 2300 SE27mgmt (5a33a8d7b44c7bd8abe248b4dcd1ff3c) C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
09:02:55.0968 2300 SE27mgmt - ok
09:02:56.0015 2300 se27nd5 (bb30139683bbf3ee89ec931393d9335c) C:\WINDOWS\system32\DRIVERS\se27nd5.sys
09:02:56.0015 2300 se27nd5 - ok
09:02:56.0046 2300 SE27obex (5da6ff71e94b9134ddd094ebb09f05e6) C:\WINDOWS\system32\DRIVERS\SE27obex.sys
09:02:56.0062 2300 SE27obex - ok
09:02:56.0109 2300 se27unic (4d54a9d7c22157ab3d2442e8bcf5ecd2) C:\WINDOWS\system32\DRIVERS\se27unic.sys
09:02:56.0109 2300 se27unic - ok
09:02:56.0156 2300 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:02:56.0156 2300 Secdrv - ok
09:02:56.0281 2300 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:02:56.0281 2300 Serial - ok
09:02:56.0390 2300 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
09:02:56.0390 2300 sffdisk - ok
09:02:56.0453 2300 sffp_mmc (d66d22d76878bf3483a6be30183fb648) C:\WINDOWS\system32\DRIVERS\sffp_mmc.sys
09:02:56.0453 2300 sffp_mmc - ok
09:02:56.0500 2300 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
09:02:56.0500 2300 sffp_sd - ok
09:02:56.0546 2300 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:02:56.0562 2300 Sfloppy - ok
09:02:56.0640 2300 Simbad - ok
09:02:56.0718 2300 snapman (e60646143eb6b746eb3ab58ef7d5cff7) C:\WINDOWS\system32\DRIVERS\snapman.sys
09:02:56.0718 2300 snapman - ok
09:02:56.0750 2300 Sparrow - ok
09:02:56.0781 2300 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:02:56.0781 2300 splitter - ok
09:02:56.0859 2300 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\System32\Drivers\sptd.sys
09:02:56.0875 2300 sptd - ok
09:02:56.0984 2300 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:02:56.0984 2300 sr - ok
09:02:57.0046 2300 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:02:57.0062 2300 Srv - ok
09:02:57.0109 2300 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys
09:02:57.0109 2300 sscdbhk5 - ok
09:02:57.0156 2300 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys
09:02:57.0156 2300 ssrtln - ok
09:02:57.0203 2300 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
09:02:57.0218 2300 STAC97 - ok
09:02:57.0312 2300 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:02:57.0312 2300 swenum - ok
09:02:57.0390 2300 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:02:57.0390 2300 swmidi - ok
09:02:57.0437 2300 symc810 - ok
09:02:57.0468 2300 symc8xx - ok
09:02:57.0484 2300 sym_hi - ok
09:02:57.0515 2300 sym_u3 - ok
09:02:57.0562 2300 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:02:57.0562 2300 sysaudio - ok
09:02:57.0656 2300 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:02:57.0671 2300 Tcpip - ok
09:02:57.0781 2300 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:02:57.0781 2300 TDPIPE - ok
09:02:57.0875 2300 tdrpman228 (664469f03c955e851c5de58eea233f5a) C:\WINDOWS\system32\DRIVERS\tdrpm228.sys
09:02:57.0890 2300 tdrpman228 - ok
09:02:58.0031 2300 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:02:58.0031 2300 TDTCP - ok
09:02:58.0093 2300 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:02:58.0093 2300 TermDD - ok
09:02:58.0156 2300 tfsnboio (c89daabdff5bd984181f45adf6ddb24a) C:\WINDOWS\system32\dla\tfsnboio.sys
09:02:58.0156 2300 tfsnboio - ok
09:02:58.0187 2300 tfsncofs (f093906c27fc9c59bd03d84807266107) C:\WINDOWS\system32\dla\tfsncofs.sys
09:02:58.0187 2300 tfsncofs - ok
09:02:58.0234 2300 tfsndrct (9294575cdad17d1dadfcd98a2ca26e7a) C:\WINDOWS\system32\dla\tfsndrct.sys
09:02:58.0234 2300 tfsndrct - ok
09:02:58.0343 2300 tfsndres (cdcc394cbaac183f9bdebf6d2f97c5c6) C:\WINDOWS\system32\dla\tfsndres.sys
09:02:58.0343 2300 tfsndres - ok
09:02:58.0453 2300 tfsnifs (0a6c7c989dd76bb8989fd958ac5601d0) C:\WINDOWS\system32\dla\tfsnifs.sys
09:02:58.0453 2300 tfsnifs - ok
09:02:58.0484 2300 tfsnopio (92a17c0d73500f9b9c3028da9e4cdba6) C:\WINDOWS\system32\dla\tfsnopio.sys
09:02:58.0484 2300 tfsnopio - ok
09:02:58.0531 2300 tfsnpool (15ab1a2bb2b35eb1dcda39405114afc6) C:\WINDOWS\system32\dla\tfsnpool.sys
09:02:58.0531 2300 tfsnpool - ok
09:02:58.0578 2300 tfsnudf (370d2779668bf3b8d14f34356c41ab9c) C:\WINDOWS\system32\dla\tfsnudf.sys
09:02:58.0578 2300 tfsnudf - ok
09:02:58.0625 2300 tfsnudfa (4564799868c4bcdf28c8efc6d4c48c4b) C:\WINDOWS\system32\dla\tfsnudfa.sys
09:02:58.0640 2300 tfsnudfa - ok
09:02:58.0687 2300 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
09:02:58.0687 2300 tifsfilter - ok
09:02:58.0781 2300 timounter (394fc70b88b7958fa85798bbc76d140a) C:\WINDOWS\system32\DRIVERS\timntr.sys
09:02:58.0796 2300 timounter - ok
09:02:58.0875 2300 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
09:02:58.0875 2300 toshidpt - ok
09:02:58.0906 2300 TosIde - ok
09:02:58.0968 2300 tosporte (0f89321a4bc43cd2641153b262c9338c) C:\WINDOWS\system32\DRIVERS\tosporte.sys
09:02:58.0968 2300 tosporte - ok
09:02:59.0031 2300 Tosrfbd (6a2ae5b15152417de42bbec5ecf92927) C:\WINDOWS\system32\Drivers\tosrfbd.sys
09:02:59.0031 2300 Tosrfbd - ok
09:02:59.0078 2300 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
09:02:59.0078 2300 Tosrfbnp - ok
09:02:59.0109 2300 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
09:02:59.0109 2300 Tosrfcom - ok
09:02:59.0218 2300 Tosrfhid (bb05b5e69fb7cd958a043906947e2984) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
09:02:59.0218 2300 Tosrfhid - ok
09:02:59.0265 2300 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
09:02:59.0265 2300 tosrfnds - ok
09:02:59.0296 2300 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys
09:02:59.0312 2300 TosRfSnd - ok
09:02:59.0343 2300 Tosrfusb (29a072560159f3e758122e49c13bd2b3) C:\WINDOWS\system32\Drivers\tosrfusb.sys
09:02:59.0343 2300 Tosrfusb - ok
09:02:59.0406 2300 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:02:59.0406 2300 Udfs - ok
09:02:59.0437 2300 UIUSys - ok
09:02:59.0468 2300 ultra - ok
09:02:59.0531 2300 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:02:59.0546 2300 Update - ok
09:02:59.0656 2300 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:02:59.0656 2300 USBAAPL - ok
09:02:59.0718 2300 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
09:02:59.0718 2300 usbbus - ok
09:02:59.0796 2300 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:02:59.0796 2300 usbccgp - ok
09:02:59.0843 2300 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
09:02:59.0843 2300 UsbDiag - ok
09:02:59.0890 2300 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:02:59.0890 2300 usbehci - ok
09:02:59.0984 2300 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:02:59.0984 2300 usbhub - ok
09:03:00.0031 2300 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
09:03:00.0031 2300 USBModem - ok
09:03:00.0078 2300 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:03:00.0078 2300 usbprint - ok
09:03:00.0156 2300 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:03:00.0156 2300 usbscan - ok
09:03:00.0187 2300 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:03:00.0187 2300 USBSTOR - ok
09:03:00.0218 2300 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:03:00.0218 2300 usbuhci - ok
09:03:00.0328 2300 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
09:03:00.0328 2300 usb_rndisx - ok
09:03:00.0406 2300 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:03:00.0406 2300 VgaSave - ok
09:03:00.0421 2300 ViaIde - ok
09:03:00.0500 2300 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:03:00.0500 2300 VolSnap - ok
09:03:00.0687 2300 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
09:03:00.0750 2300 w29n51 - ok
09:03:00.0875 2300 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:03:00.0875 2300 Wanarp - ok
09:03:00.0906 2300 WDICA - ok
09:03:00.0984 2300 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:03:00.0984 2300 wdmaud - ok
09:03:01.0078 2300 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:03:01.0078 2300 winachsf - ok
09:03:01.0265 2300 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
09:03:01.0265 2300 WpdUsb - ok
09:03:01.0343 2300 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:03:01.0343 2300 WudfPf - ok
09:03:01.0406 2300 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:03:01.0406 2300 WudfRd - ok
09:03:01.0562 2300 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:03:01.0765 2300 \Device\Harddisk0\DR0 - ok
09:03:01.0781 2300 Boot (0x1200) (5dece9d7165716e47129aad18a56455b) \Device\Harddisk0\DR0\Partition0
09:03:01.0781 2300 \Device\Harddisk0\DR0\Partition0 - ok
09:03:01.0796 2300 Boot (0x1200) (422a981f9aab061208399da7fe9a438d) \Device\Harddisk0\DR0\Partition1
09:03:01.0812 2300 \Device\Harddisk0\DR0\Partition1 - ok
09:03:01.0843 2300 Boot (0x1200) (b6e2cd18ffcb16af77e9a1befe797632) \Device\Harddisk0\DR0\Partition2
09:03:01.0843 2300 \Device\Harddisk0\DR0\Partition2 - ok
09:03:01.0843 2300 ============================================================
09:03:01.0843 2300 Scan finished
09:03:01.0843 2300 ============================================================
09:03:01.0875 1564 Detected object count: 0
09:03:01.0875 1564 Actual detected object count: 0
09:04:50.0968 3432 Deinitialize success

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 AM

Posted 26 November 2011 - 08:30 PM

Can I reinstall CA anti-virus and turn on Windows Defender and firewall?


Yes, go ahead and reinstall and turn on your security program and firewall


Please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 29
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT



You can delete the TDSSKiller,DDS and GMER logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Hit Elev

Hit Elev
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 27 November 2011 - 01:35 AM

Hi, I have performed all the steps listed except that I could not download WOT (Internet Explorer cannot display the webpage). I'll try again later. I have turned on the Windows Defender and Firewall and installed CA anti-virus program. The computer is running fine now.

Thank you very much for all your help and advices. Truly appreciate it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users