Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check Virus help


  • This topic is locked This topic is locked
22 replies to this topic

#1 Brootforce

Brootforce

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 11 January 2012 - 09:06 PM

Your help will greatly appreciated. No icons, no IE, No run command, even in Safe Mode. Even after saving to desktop,no icons appear. attached attach.txt but cannot attach ark.txt log from GMER. Thank you so much!

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Administrator at 20:44:50 on 2012-01-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2376 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\iExplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\h\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.live.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\b\application data\flashgetbho\FlashGetBHO3.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [ldyfAYGXKBe.exe] c:\documents and settings\all users\application data\ldyfAYGXKBe.exe
mRun: [oQwOvpJJoPhcmLJ.exe] c:\documents and settings\all users\application data\oQwOvpJJoPhcmLJ.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://vexcast.com/download/vexcast.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D0CBD61C-146B-4BAD-B0AC-6B3F035356E3} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-5-23 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-5-23 41760]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-4 165456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-4 17744]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-25 40384]
S2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
S2 gupdate1c9e0855b9f74be;Google Update Service (gupdate1c9e0855b9f74be);c:\program files\google\update\GoogleUpdate.exe [2009-5-29 133104]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 286736]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe [2010-3-3 17920]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-5-23 112512]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-25 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-25 40384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-11-30 245760]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-29 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090402.007\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090402.007\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090402.007\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090402.007\NAVEX15.SYS [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2012-01-12 01:25:06 -------- d-----w- c:\documents and settings\administrator\application data\Windows Search
2012-01-12 00:57:53 450412 ----a-w- c:\documents and settings\all users\application data\oQwOvpJJoPhcmLJ.exe
2012-01-12 00:52:32 709968 ----a-w- c:\windows\isRS-000.tmp
2012-01-12 00:52:24 -------- d--h--w- c:\documents and settings\administrator\application data\Malwarebytes
2012-01-12 00:47:53 555436 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-01-12 00:44:18 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2012-01-12 00:44:01 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2012-01-11 18:27:27 362348 ---ha-w- c:\documents and settings\all users\application data\y3RJBxDUETe1i4.exe
2012-01-11 18:17:40 447340 ---ha-w- c:\documents and settings\all users\application data\ldyfAYGXKBe.exe
2012-01-10 14:32:58 548864 ---ha-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-10 14:32:58 479232 ---ha-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-10 14:32:58 43992 ---ha-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-10 14:32:57 626688 ---ha-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-27 14:25:52 -------- d--h--w- c:\program files\Eye-Fi
.
==================== Find3M ====================
.
2012-01-12 00:39:48 17920 ---ha-w- c:\windows\system32\rpcnetp.dll
2012-01-11 23:56:28 58288 ---ha-w- c:\windows\system32\rpcnet.dll
2012-01-11 23:54:55 17920 ---ha-w- c:\windows\system32\rpcnetp.exe
2012-01-06 14:02:29 58288 ------w- c:\windows\system32\rpcnet.exe
2011-11-23 13:29:56 1868544 ---ha-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ---ha-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ---ha-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ---ha-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ---ha-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ---ha-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ---ha-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ---ha-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ---ha-w- c:\windows\system32\encdec.dll
2010-11-06 20:40:24 9163464 ---ha-w- c:\program files\common files\lpuninstall.exe
.
============= FINISH: 20:52:55.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 AM

Posted 18 January 2012 - 11:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/437613 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Brootforce

Brootforce
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 18 January 2012 - 09:44 PM

Still infected. Some icons and files are back on desktop, so it looks better than before. Not having as many system check fake virus notifications, but it is still a total mess.
Running XP. No Windows CD.
Could only run GMER on services, registry and files.

New DDS log below:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by B at 21:00:40 on 2012-01-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.1948 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r211990\stacsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\update\update.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=0&l=dir
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\b\application data\flashgetbho\FlashGetBHO3.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Eye-Fi] "c:\program files\eye-fi\helper\EyeFiHelper.exe"
uRun: [Google Update] "c:\documents and settings\b\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [ldyfAYGXKBe.exe] c:\documents and settings\all users\application data\ldyfAYGXKBe.exe
mRun: [oQwOvpJJoPhcmLJ.exe] c:\documents and settings\all users\application data\oQwOvpJJoPhcmLJ.exe
StartupFolder: c:\docume~1\b\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\b\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download All By FlashGet3 - c:\documents and settings\b\application data\flashgetbho\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\b\application data\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: kuaiche.com\software
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://vexcast.com/download/vexcast.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D0CBD61C-146B-4BAD-B0AC-6B3F035356E3} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\b\application data\mozilla\firefox\profiles\bdzljy38.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\b\application data\mozilla\firefox\profiles\bdzljy38.default\extensions\{394dcba4-1f92-4f8e-8ec9-8d2cb90cb69b}\components\ScreenshotXPCOM.dll
FF - component: c:\documents and settings\b\application data\mozilla\firefox\profiles\bdzljy38.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll
FF - component: c:\documents and settings\b\application data\mozilla\firefox\profiles\bdzljy38.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\b\application data\mozilla\firefox\profiles\bdzljy38.default\extensions\{394dcba4-1f92-4f8e-8ec9-8d2cb90cb69b}\plugins\npLightshot.dll
FF - plugin: c:\documents and settings\b\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\b\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\b\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-4 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-4 17744]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-5-23 112512]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-5-23 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-5-23 41760]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090402.007\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090402.007\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090402.007\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090402.007\NAVEX15.SYS [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2012-01-12 00:47:53 555436 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-01-11 18:27:27 362348 ---ha-w- c:\documents and settings\all users\application data\y3RJBxDUETe1i4.exe
2012-01-10 14:32:58 548864 ---ha-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-10 14:32:58 479232 ---ha-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-10 14:32:58 43992 ---ha-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-10 14:32:57 626688 ---ha-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-27 14:25:52 -------- d--h--w- c:\program files\Eye-Fi
.
==================== Find3M ====================
.
2012-01-19 01:53:45 17920 ---ha-w- c:\windows\system32\rpcnetp.dll
2012-01-11 23:56:28 58288 ---ha-w- c:\windows\system32\rpcnet.dll
2012-01-11 23:54:55 17920 ---ha-w- c:\windows\system32\rpcnetp.exe
2012-01-06 14:02:29 58288 ------w- c:\windows\system32\rpcnet.exe
2011-11-23 13:29:56 1868544 ---ha-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ---ha-w- c:\windows\system32\packager.exe
2011-11-04 19:20:51 916992 ---ha-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ---ha-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ---ha-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ---ha-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ---ha-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ---ha-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ---ha-w- c:\windows\system32\ntkrnlpa.exe
2010-11-06 20:40:24 9163464 ---ha-w- c:\program files\common files\lpuninstall.exe
.
============= FINISH: 21:17:05.46 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 AM

Posted 19 January 2012 - 02:10 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Brootforce

Brootforce
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 19 January 2012 - 12:14 PM

Ran ComboFix, but disabled Avast after fix had started. Do you want me to rerun it?
Things are looking much better. Neither IE nor Firefox will run though - both "encounter problems" and close. Also receiving Server Busy, Switch to or retry Pop-up.

Here is ComboFix log:


ComboFix 12-01-19.01 - B 01/19/2012 10:56:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2056 [GMT -5:00]
Running from: c:\documents and settings\B\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~y3RJBxDUETe1i4
c:\documents and settings\All Users\Application Data\~y3RJBxDUETe1i4r
c:\documents and settings\All Users\Application Data\y3RJBxDUETe1i4
c:\documents and settings\All Users\Application Data\y3RJBxDUETe1i4.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\documents and settings\B\Application Data\inst.exe
c:\documents and settings\B\Application Data\Microsoft\~DFK293b0d.tmp
c:\documents and settings\B\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\B\Application Data\Microsoft\bass.dll
c:\documents and settings\B\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\B\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\B\Application Data\Microsoft\peaadje.dll
c:\documents and settings\B\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\B\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\B\Desktop\System Check.lnk
c:\documents and settings\B\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\B\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\program files\Mozilla Firefox\components\AskHPRFF.js
c:\windows\EventSystem.log
c:\windows\iun6002.exe
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\vjocx.dll
.
Infected copy of c:\windows\system32\autochk.exe was found and disinfected
Restored copy from - c:\i386\AUTOCHK.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_vvdsvc
-------\Legacy_vvdsvc
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-12 01:25 . 2012-01-12 01:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2012-01-12 00:52 . 2012-01-12 00:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-01-12 00:44 . 2012-01-12 00:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-01-12 00:44 . 2012-01-12 00:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-01-10 14:32 . 2012-01-10 14:32 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-10 14:32 . 2012-01-10 14:32 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-10 14:32 . 2012-01-10 14:32 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-10 14:32 . 2012-01-10 14:32 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-27 14:25 . 2011-12-27 14:25 -------- d-----w- c:\program files\Eye-Fi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 16:34 . 2010-03-03 17:14 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-01-19 16:34 . 2010-02-05 16:56 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-19 16:32 . 2010-03-03 17:13 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-06 14:02 . 2010-02-05 16:56 58288 ------w- c:\windows\system32\rpcnet.exe
2011-11-25 21:57 . 2008-04-25 16:16 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29 . 2008-04-25 16:16 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-25 16:16 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-25 16:16 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-25 16:16 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-25 16:16 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-25 16:16 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-25 16:16 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-06 20:40 . 2010-11-06 20:40 9163464 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-01-10 14:32 . 2011-03-22 20:11 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-29 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-05 2938552]
"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-22 729088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-18 150040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-12 2220032]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-02-22 483420]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-01-02 1670656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-11-6 9163464]
.
c:\documents and settings\B\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\B\Application Data\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-6-1 25214]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2011-6-3 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Documents and Settings\\B\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TVTrigger\\TVTrigger.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\Eye-Fi\\Helper\\EyeFiHelper.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\B\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\B\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20262:TCP"= 20262:TCP:BitComet 20262 TCP
"20262:UDP"= 20262:UDP:BitComet 20262 UDP
"6000:TCP"= 6000:TCP:BitComet 6000 TCP
"6000:UDP"= 6000:UDP:BitComet 6000 UDP
"56604:TCP"= 56604:TCP:Pando Media Booster
"56604:UDP"= 56604:UDP:Pando Media Booster
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/4/2009 3:55 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/4/2009 3:55 PM 17744]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 290832]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/23/2009 4:00 PM 112512]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [11/30/2011 12:04 PM 245760]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [5/23/2009 4:00 PM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [5/23/2009 4:00 PM 41760]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/4/2009 2:22 PM 47360]
S2 gupdate1c9e0855b9f74be;Google Update Service (gupdate1c9e0855b9f74be);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2009 12:46 PM 133104]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2009 12:46 PM 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 10:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-01-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-29 13:47]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 17:46]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 17:46]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541550411-28408551-317687305-1005Core.job
- c:\documents and settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 14:12]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541550411-28408551-317687305-1005UA.job
- c:\documents and settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 14:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=0&l=dir
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download All By FlashGet3 - c:\documents and settings\B\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\B\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
LSP: mswsock.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\B\Application Data\Mozilla\Firefox\Profiles\bdzljy38.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ldyfAYGXKBe.exe - c:\documents and settings\All Users\Application Data\ldyfAYGXKBe.exe
HKLM-Run-oQwOvpJJoPhcmLJ.exe - c:\documents and settings\All Users\Application Data\oQwOvpJJoPhcmLJ.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 11:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203658.torrent.filelist 142 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203659.torrent 14524 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203659.torrent.filelist 188 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203700.torrent 7632 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203700.torrent.filelist 194 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203701.torrent 14680 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203701.torrent.filelist 168 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203702.torrent 14680 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203702.torrent.filelist 168 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203703.torrent 14275 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203703.torrent.filelist 176 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203704.torrent 14279 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203704.torrent.filelist 184 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203705.torrent 28798 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203712.torrent.filelist 188 bytes
c:\documents and settings\B\Application Data\BITS\Torrent\20110207203720.torrent 14138 bytes
.
scan completed successfully
hidden files: 16
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(636)
c:\windows\system32\WININET.dll
c:\windows\system32\mswsock.dll
mswsock.dll 71a50000 258048 \\.\globalroot\systemroot\system32\mswsock.dll
c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\jscript.dll
c:\windows\system32\Macromed\Flash\Flash10a.ocx
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\drivers\audio\r211990\stacsv.exe
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\system32\rpcnet.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-01-19 11:55:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-19 16:55
.
Pre-Run: 74,432,155,648 bytes free
Post-Run: 75,149,594,624 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C5DE19EAA1B539563D5E41075126B48C

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 AM

Posted 19 January 2012 - 12:51 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Brootforce

Brootforce
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 19 January 2012 - 01:16 PM

Seems to be running much better. Still receiving Server Busy pop-up. But Firefox now seems to be functioning correctly.
Is there anything else I should run?


Here is TDSSKiller log:

13:03:25.0906 5364 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
13:03:26.0156 5364 ============================================================
13:03:26.0156 5364 Current date / time: 2012/01/19 13:03:26.0156
13:03:26.0156 5364 SystemInfo:
13:03:26.0156 5364
13:03:26.0156 5364 OS Version: 5.1.2600 ServicePack: 3.0
13:03:26.0156 5364 Product type: Workstation
13:03:26.0156 5364 ComputerName: PC
13:03:26.0156 5364 UserName: B
13:03:26.0156 5364 Windows directory: C:\WINDOWS
13:03:26.0156 5364 System windows directory: C:\WINDOWS
13:03:26.0156 5364 Processor architecture: Intel x86
13:03:26.0156 5364 Number of processors: 2
13:03:26.0156 5364 Page size: 0x1000
13:03:26.0156 5364 Boot type: Normal boot
13:03:26.0156 5364 ============================================================
13:03:27.0078 5364 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:03:27.0125 5364 Initialize success
13:03:28.0937 5308 ============================================================
13:03:28.0937 5308 Scan started
13:03:28.0937 5308 Mode: Manual;
13:03:28.0937 5308 ============================================================
13:03:33.0421 5308 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:03:33.0437 5308 Aavmker4 - ok
13:03:33.0437 5308 Abiosdsk - ok
13:03:33.0500 5308 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:03:33.0500 5308 abp480n5 - ok
13:03:33.0531 5308 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:03:33.0531 5308 ACPI - ok
13:03:33.0546 5308 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:03:33.0546 5308 ACPIEC - ok
13:03:33.0593 5308 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:03:33.0593 5308 adpu160m - ok
13:03:33.0875 5308 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:03:33.0875 5308 aec - ok
13:03:33.0937 5308 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
13:03:33.0937 5308 AESTAud - ok
13:03:34.0000 5308 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:03:34.0000 5308 AFD - ok
13:03:34.0031 5308 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:03:34.0031 5308 agp440 - ok
13:03:34.0046 5308 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:03:34.0046 5308 agpCPQ - ok
13:03:34.0062 5308 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:03:34.0062 5308 Aha154x - ok
13:03:34.0078 5308 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:03:34.0078 5308 aic78u2 - ok
13:03:34.0093 5308 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:03:34.0093 5308 aic78xx - ok
13:03:34.0125 5308 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:03:34.0125 5308 AliIde - ok
13:03:34.0171 5308 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:03:34.0171 5308 alim1541 - ok
13:03:34.0375 5308 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:03:34.0375 5308 amdagp - ok
13:03:34.0500 5308 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:03:34.0500 5308 amsint - ok
13:03:34.0796 5308 ApfiltrService (fb7c669774ffcacd77b5969ee5d9a19b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
13:03:34.0812 5308 ApfiltrService - ok
13:03:34.0875 5308 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\Drivers\APLMp50.sys
13:03:34.0875 5308 APLMp50 - ok
13:03:35.0187 5308 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:03:35.0187 5308 Arp1394 - ok
13:03:35.0437 5308 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:03:35.0437 5308 asc - ok
13:03:35.0859 5308 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:03:35.0859 5308 asc3350p - ok
13:03:36.0296 5308 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:03:36.0296 5308 asc3550 - ok
13:03:37.0000 5308 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:03:37.0000 5308 aswFsBlk - ok
13:03:37.0421 5308 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
13:03:37.0421 5308 aswMon2 - ok
13:03:38.0000 5308 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
13:03:38.0000 5308 aswRdr - ok
13:03:38.0328 5308 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
13:03:38.0328 5308 aswSP - ok
13:03:39.0406 5308 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
13:03:39.0406 5308 aswTdi - ok
13:03:40.0890 5308 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:03:40.0890 5308 AsyncMac - ok
13:03:41.0296 5308 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:03:41.0296 5308 atapi - ok
13:03:42.0031 5308 Atdisk - ok
13:03:42.0984 5308 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:03:42.0984 5308 Atmarpc - ok
13:03:43.0796 5308 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:03:43.0796 5308 audstub - ok
13:03:44.0328 5308 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
13:03:44.0328 5308 BCM43XX - ok
13:03:45.0781 5308 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:03:45.0781 5308 Beep - ok
13:03:46.0000 5308 catchme - ok
13:03:46.0765 5308 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:03:46.0765 5308 cbidf - ok
13:03:47.0562 5308 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:03:47.0562 5308 cbidf2k - ok
13:03:48.0250 5308 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:03:48.0250 5308 cd20xrnt - ok
13:03:49.0015 5308 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:03:49.0015 5308 Cdaudio - ok
13:03:49.0437 5308 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:03:49.0437 5308 Cdfs - ok
13:03:50.0000 5308 Cdrom (868dd4ba60e7c9a88d2bc948ae01c0a2) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:03:50.0000 5308 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 868dd4ba60e7c9a88d2bc948ae01c0a2, Fake md5: 4dfa53b9cdf71b2f9fd17407a652ca33
13:03:50.0000 5308 Cdrom ( Virus.Win32.ZAccess.k ) - infected
13:03:50.0000 5308 Cdrom - detected Virus.Win32.ZAccess.k (0)
13:03:50.0250 5308 Changer - ok
13:03:50.0609 5308 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:03:50.0609 5308 CmBatt - ok
13:03:50.0890 5308 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:03:50.0890 5308 CmdIde - ok
13:03:51.0171 5308 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:03:51.0171 5308 Compbatt - ok
13:03:51.0437 5308 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:03:51.0437 5308 Cpqarray - ok
13:03:51.0828 5308 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
13:03:51.0828 5308 CVirtA - ok
13:03:52.0093 5308 CVPNDRVA (8a15d7bd4cf1a8ccd7c65f7349f22e35) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
13:03:52.0093 5308 CVPNDRVA - ok
13:03:52.0593 5308 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:03:52.0593 5308 dac2w2k - ok
13:03:52.0859 5308 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:03:52.0859 5308 dac960nt - ok
13:03:53.0328 5308 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:03:53.0328 5308 Disk - ok
13:03:54.0187 5308 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
13:03:54.0187 5308 DLABMFSM - ok
13:03:54.0625 5308 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
13:03:54.0640 5308 DLABOIOM - ok
13:03:55.0031 5308 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
13:03:55.0031 5308 DLACDBHM - ok
13:03:55.0953 5308 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
13:03:55.0953 5308 DLADResM - ok
13:03:56.0281 5308 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
13:03:56.0281 5308 DLAIFS_M - ok
13:03:57.0062 5308 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
13:03:57.0062 5308 DLAOPIOM - ok
13:03:57.0406 5308 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
13:03:57.0406 5308 DLAPoolM - ok
13:03:59.0015 5308 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
13:03:59.0015 5308 DLARTL_M - ok
13:03:59.0406 5308 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
13:03:59.0406 5308 DLAUDFAM - ok
13:03:59.0968 5308 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
13:03:59.0968 5308 DLAUDF_M - ok
13:04:00.0250 5308 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:04:00.0250 5308 dmboot - ok
13:04:00.0843 5308 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:04:00.0843 5308 dmio - ok
13:04:01.0203 5308 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:04:01.0203 5308 dmload - ok
13:04:01.0734 5308 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:04:01.0734 5308 DMusic - ok
13:04:02.0000 5308 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
13:04:02.0000 5308 DNE - ok
13:04:02.0296 5308 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:04:02.0296 5308 dpti2o - ok
13:04:02.0796 5308 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:04:02.0796 5308 drmkaud - ok
13:04:03.0093 5308 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
13:04:03.0093 5308 DRVMCDB - ok
13:04:03.0406 5308 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
13:04:03.0406 5308 DRVNDDM - ok
13:04:03.0843 5308 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:04:03.0843 5308 Fastfat - ok
13:04:04.0109 5308 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:04:04.0125 5308 Fdc - ok
13:04:04.0390 5308 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:04:04.0390 5308 Fips - ok
13:04:04.0828 5308 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:04:04.0828 5308 Flpydisk - ok
13:04:05.0171 5308 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:04:05.0171 5308 FltMgr - ok
13:04:05.0437 5308 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:04:05.0437 5308 Fs_Rec - ok
13:04:05.0859 5308 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:04:05.0859 5308 Ftdisk - ok
13:04:06.0343 5308 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:04:06.0343 5308 GEARAspiWDM - ok
13:04:07.0062 5308 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:04:07.0062 5308 Gpc - ok
13:04:07.0968 5308 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:04:07.0968 5308 HDAudBus - ok
13:04:08.0359 5308 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:04:08.0359 5308 hidusb - ok
13:04:08.0828 5308 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:04:08.0828 5308 hpn - ok
13:04:09.0078 5308 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:04:09.0078 5308 HPZid412 - ok
13:04:09.0359 5308 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:04:09.0359 5308 HPZipr12 - ok
13:04:10.0031 5308 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:04:10.0046 5308 HPZius12 - ok
13:04:10.0296 5308 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:04:10.0296 5308 HTTP - ok
13:04:10.0906 5308 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:04:10.0921 5308 i2omgmt - ok
13:04:11.0218 5308 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:04:11.0218 5308 i2omp - ok
13:04:11.0484 5308 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:04:11.0484 5308 i8042prt - ok
13:04:12.0000 5308 ialm (66a685b05066683621920bc14a45cfe8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:04:12.0062 5308 ialm - ok
13:04:12.0375 5308 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
13:04:12.0390 5308 iaStor - ok
13:04:12.0406 5308 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:04:12.0406 5308 Imapi - ok
13:04:12.0453 5308 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:04:12.0453 5308 ini910u - ok
13:04:12.0859 5308 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:04:12.0859 5308 IntelIde - ok
13:04:13.0140 5308 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:04:13.0140 5308 intelppm - ok
13:04:13.0375 5308 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:04:13.0390 5308 Ip6Fw - ok
13:04:13.0843 5308 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:04:13.0843 5308 IpFilterDriver - ok
13:04:14.0109 5308 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:04:14.0109 5308 IpInIp - ok
13:04:14.0359 5308 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:04:14.0359 5308 IpNat - ok
13:04:14.0890 5308 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:04:14.0890 5308 IPSec - ok
13:04:15.0203 5308 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:04:15.0203 5308 IRENUM - ok
13:04:15.0656 5308 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:04:15.0656 5308 isapnp - ok
13:04:15.0921 5308 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:04:15.0921 5308 Kbdclass - ok
13:04:16.0203 5308 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:04:16.0203 5308 kbdhid - ok
13:04:16.0593 5308 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:04:16.0609 5308 kmixer - ok
13:04:16.0875 5308 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:04:16.0875 5308 KSecDD - ok
13:04:17.0234 5308 lbrtfdc - ok
13:04:17.0515 5308 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:04:17.0515 5308 mnmdd - ok
13:04:17.0796 5308 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:04:17.0796 5308 Modem - ok
13:04:18.0046 5308 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:04:18.0046 5308 Mouclass - ok
13:04:18.0109 5308 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:04:18.0109 5308 mouhid - ok
13:04:18.0375 5308 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:04:18.0375 5308 MountMgr - ok
13:04:18.0656 5308 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:04:18.0656 5308 mraid35x - ok
13:04:18.0796 5308 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
13:04:18.0796 5308 MREMP50 - ok
13:04:18.0890 5308 MREMPR5 - ok
13:04:19.0000 5308 MRENDIS5 - ok
13:04:19.0140 5308 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
13:04:19.0171 5308 MRESP50 - ok
13:04:19.0765 5308 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:04:19.0781 5308 MRxDAV - ok
13:04:20.0046 5308 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:04:20.0062 5308 MRxSmb - ok
13:04:20.0312 5308 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:04:20.0312 5308 Msfs - ok
13:04:20.0734 5308 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:04:20.0734 5308 MSKSSRV - ok
13:04:21.0046 5308 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:04:21.0046 5308 MSPCLOCK - ok
13:04:21.0296 5308 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:04:21.0296 5308 MSPQM - ok
13:04:21.0718 5308 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:04:21.0718 5308 mssmbios - ok
13:04:21.0953 5308 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:04:21.0953 5308 Mup - ok
13:04:22.0062 5308 NAVENG - ok
13:04:22.0062 5308 NAVEX15 - ok
13:04:22.0328 5308 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:04:22.0328 5308 NDIS - ok
13:04:22.0875 5308 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:04:22.0875 5308 NdisTapi - ok
13:04:23.0125 5308 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:04:23.0125 5308 Ndisuio - ok
13:04:23.0406 5308 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:04:23.0406 5308 NdisWan - ok
13:04:23.0890 5308 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:04:23.0890 5308 NDProxy - ok
13:04:24.0218 5308 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:04:24.0218 5308 NetBIOS - ok
13:04:25.0000 5308 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:04:25.0000 5308 NetBT - ok
13:04:25.0343 5308 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:04:25.0343 5308 NIC1394 - ok
13:04:25.0734 5308 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:04:25.0734 5308 nm - ok
13:04:26.0015 5308 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:04:26.0015 5308 Npfs - ok
13:04:26.0375 5308 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:04:26.0390 5308 Ntfs - ok
13:04:26.0765 5308 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:04:26.0765 5308 Null - ok
13:04:27.0062 5308 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:04:27.0062 5308 NwlnkFlt - ok
13:04:27.0531 5308 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:04:27.0531 5308 NwlnkFwd - ok
13:04:27.0937 5308 O2MDGRDR (1cd60d5fb54ab1a1fdf6fb8e0abb20b8) C:\WINDOWS\system32\DRIVERS\o2mdg.sys
13:04:27.0937 5308 O2MDGRDR - ok
13:04:28.0312 5308 O2SDGRDR (5890635f36eebbf3dc00d5b07269d4e1) C:\WINDOWS\system32\DRIVERS\o2sdg.sys
13:04:28.0312 5308 O2SDGRDR - ok
13:04:28.0593 5308 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:04:28.0593 5308 ohci1394 - ok
13:04:28.0890 5308 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:04:28.0890 5308 Parport - ok
13:04:29.0484 5308 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:04:29.0484 5308 PartMgr - ok
13:04:29.0906 5308 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:04:29.0906 5308 ParVdm - ok
13:04:30.0187 5308 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:04:30.0187 5308 PCI - ok
13:04:30.0437 5308 PCIDump - ok
13:04:30.0890 5308 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:04:30.0890 5308 PCIIde - ok
13:04:31.0671 5308 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:04:31.0671 5308 Pcmcia - ok
13:04:32.0046 5308 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
13:04:32.0046 5308 pcouffin - ok
13:04:32.0343 5308 PDCOMP - ok
13:04:32.0953 5308 PDFRAME - ok
13:04:33.0359 5308 PDRELI - ok
13:04:33.0796 5308 PDRFRAME - ok
13:04:34.0109 5308 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:04:34.0109 5308 perc2 - ok
13:04:34.0437 5308 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:04:34.0437 5308 perc2hib - ok
13:04:35.0046 5308 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:04:35.0046 5308 PptpMiniport - ok
13:04:35.0890 5308 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:04:35.0890 5308 PSched - ok
13:04:36.0343 5308 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:04:36.0343 5308 Ptilink - ok
13:04:36.0625 5308 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:04:36.0625 5308 PxHelp20 - ok
13:04:36.0937 5308 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:04:36.0937 5308 ql1080 - ok
13:04:37.0359 5308 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:04:37.0359 5308 Ql10wnt - ok
13:04:37.0859 5308 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:04:37.0859 5308 ql12160 - ok
13:04:38.0171 5308 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:04:38.0171 5308 ql1240 - ok
13:04:38.0687 5308 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:04:38.0687 5308 ql1280 - ok
13:04:38.0984 5308 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:04:38.0984 5308 RasAcd - ok
13:04:39.0359 5308 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:04:39.0359 5308 Rasl2tp - ok
13:04:39.0906 5308 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:04:39.0906 5308 RasPppoe - ok
13:04:40.0250 5308 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:04:40.0250 5308 Raspti - ok
13:04:40.0968 5308 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:04:40.0968 5308 Rdbss - ok
13:04:41.0296 5308 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:04:41.0296 5308 RDPCDD - ok
13:04:41.0843 5308 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:04:41.0843 5308 rdpdr - ok
13:04:42.0687 5308 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:04:42.0687 5308 RDPWD - ok
13:04:43.0218 5308 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:04:43.0218 5308 redbook - ok
13:04:43.0671 5308 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:04:43.0671 5308 RTLE8023xp - ok
13:04:43.0953 5308 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:04:43.0953 5308 sdbus - ok
13:04:44.0234 5308 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:04:44.0234 5308 Secdrv - ok
13:04:44.0687 5308 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:04:44.0687 5308 Serial - ok
13:04:45.0046 5308 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:04:45.0046 5308 Sfloppy - ok
13:04:45.0312 5308 Simbad - ok
13:04:45.0921 5308 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:04:45.0921 5308 sisagp - ok
13:04:46.0296 5308 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:04:46.0296 5308 Sparrow - ok
13:04:47.0000 5308 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:04:47.0000 5308 splitter - ok
13:04:47.0328 5308 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:04:47.0328 5308 sr - ok
13:04:47.0750 5308 SRTSP - ok
13:04:48.0000 5308 SRTSPX - ok
13:04:48.0328 5308 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:04:48.0343 5308 Srv - ok
13:04:48.0781 5308 STHDA (5849f5d472a676ace7224fc2c656f4b2) C:\WINDOWS\system32\drivers\sthda.sys
13:04:48.0781 5308 STHDA - ok
13:04:49.0234 5308 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:04:49.0234 5308 swenum - ok
13:04:50.0031 5308 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:04:50.0031 5308 swmidi - ok
13:04:50.0296 5308 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:04:50.0296 5308 symc810 - ok
13:04:50.0718 5308 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:04:50.0718 5308 symc8xx - ok
13:04:50.0953 5308 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:04:50.0953 5308 sym_hi - ok
13:04:51.0343 5308 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:04:51.0343 5308 sym_u3 - ok
13:04:51.0718 5308 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:04:51.0718 5308 sysaudio - ok
13:04:51.0984 5308 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:04:52.0000 5308 Tcpip - ok
13:04:52.0234 5308 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:04:52.0234 5308 TDPIPE - ok
13:04:52.0578 5308 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:04:52.0578 5308 TDTCP - ok
13:04:52.0906 5308 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:04:52.0906 5308 TermDD - ok
13:04:53.0171 5308 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:04:53.0171 5308 TosIde - ok
13:04:53.0421 5308 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:04:53.0421 5308 Udfs - ok
13:04:53.0750 5308 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:04:53.0750 5308 ultra - ok
13:04:54.0015 5308 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:04:54.0015 5308 Update - ok
13:04:54.0265 5308 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:04:54.0265 5308 USBAAPL - ok
13:04:54.0640 5308 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:04:54.0640 5308 usbaudio - ok
13:04:54.0890 5308 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:04:54.0890 5308 usbccgp - ok
13:04:55.0171 5308 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:04:55.0171 5308 usbehci - ok
13:04:55.0453 5308 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:04:55.0453 5308 usbhub - ok
13:04:55.0890 5308 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:04:55.0890 5308 usbprint - ok
13:04:56.0140 5308 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:04:56.0140 5308 usbscan - ok
13:04:56.0406 5308 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:04:56.0406 5308 USBSTOR - ok
13:04:56.0781 5308 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:04:56.0781 5308 usbuhci - ok
13:04:57.0062 5308 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:04:57.0062 5308 VgaSave - ok
13:04:57.0328 5308 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:04:57.0328 5308 viaagp - ok
13:04:57.0687 5308 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:04:57.0687 5308 ViaIde - ok
13:04:57.0953 5308 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:04:57.0953 5308 VolSnap - ok
13:04:58.0203 5308 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
13:04:58.0203 5308 vsdatant - ok
13:04:58.0484 5308 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:04:58.0484 5308 Wanarp - ok
13:04:58.0796 5308 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:04:58.0812 5308 Wdf01000 - ok
13:04:59.0062 5308 WDICA - ok
13:04:59.0406 5308 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:04:59.0406 5308 wdmaud - ok
13:04:59.0828 5308 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
13:04:59.0828 5308 WinUSB - ok
13:05:00.0125 5308 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:05:00.0140 5308 WS2IFSL - ok
13:05:00.0171 5308 MBR (0x1B8) (53484ef36f7f7dd82000c2b34a0afeff) \Device\Harddisk0\DR0
13:05:00.0218 5308 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
13:05:00.0218 5308 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
13:05:00.0234 5308 Boot (0x1200) (f45aaad74a8320b1003eed7b44147ff2) \Device\Harddisk0\DR0\Partition0
13:05:00.0250 5308 \Device\Harddisk0\DR0\Partition0 - ok
13:05:00.0250 5308 ============================================================
13:05:00.0250 5308 Scan finished
13:05:00.0250 5308 ============================================================
13:05:00.0250 5332 Detected object count: 2
13:05:00.0250 5332 Actual detected object count: 2
13:05:10.0406 5332 Backup copy found, using it..
13:05:10.0421 5332 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot
13:05:12.0890 5332 Cdrom ( Virus.Win32.ZAccess.k ) - User select action: Cure
13:05:12.0968 5332 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
13:05:12.0968 5332 \Device\Harddisk0\DR0 - ok
13:05:12.0968 5332 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
13:05:17.0750 5576 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 AM

Posted 19 January 2012 - 02:26 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Brootforce

Brootforce
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 19 January 2012 - 03:18 PM

Notice came up saying askMBR.exe was infected and to run a chksystem.

Here is the log:
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 14:48:10
-----------------------------
14:48:10.765 OS Version: Windows 5.1.2600 Service Pack 3
14:48:10.765 Number of processors: 2 586 0x170A
14:48:10.781 ComputerName: PC UserName: B
14:48:11.531 Initialize success
14:48:11.640 AVAST engine defs: 11120200
14:48:19.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:48:19.453 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
14:48:19.468 Disk 0 MBR read successfully
14:48:19.468 Disk 0 MBR scan
14:48:19.593 Disk 0 unknown MBR code
14:48:19.593 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:48:19.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152586 MB offset 81920
14:48:19.625 Disk 0 scanning sectors +312579760
14:48:19.671 Disk 0 scanning C:\WINDOWS\system32\drivers
14:48:26.734 Service scanning
14:48:27.671 Modules scanning
14:48:35.359 Disk 0 trace - called modules:
14:48:35.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:48:35.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac9b678]
14:48:35.406 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8acc5028]
14:48:36.203 AVAST engine scan C:\WINDOWS
14:48:49.109 AVAST engine scan C:\WINDOWS\system32
14:50:02.015 AVAST engine scan C:\WINDOWS\system32\drivers
14:50:12.484 AVAST engine scan C:\Documents and Settings\B
15:08:52.015 AVAST engine scan C:\Documents and Settings\All Users
15:12:38.000 Scan finished successfully
15:16:57.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\B\Desktop\MBR.dat"
15:16:57.515 The log file has been saved successfully to "C:\Documents and Settings\B\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 AM

Posted 19 January 2012 - 05:28 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Brootforce

Brootforce
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 19 January 2012 - 06:12 PM

Ran fixTDSS twice. First time it said Backdoor.Tirserv had been found, second time it said it wasn't found.
Ran TDSSKill again. Came out clean. Still have the Server Busy pop-up.

TDSSKill Log:
18:06:36.0046 3840 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
18:06:36.0421 3840 ============================================================
18:06:36.0421 3840 Current date / time: 2012/01/19 18:06:36.0421
18:06:36.0421 3840 SystemInfo:
18:06:36.0421 3840
18:06:36.0421 3840 OS Version: 5.1.2600 ServicePack: 3.0
18:06:36.0421 3840 Product type: Workstation
18:06:36.0421 3840 ComputerName: PC
18:06:36.0421 3840 UserName: B
18:06:36.0421 3840 Windows directory: C:\WINDOWS
18:06:36.0421 3840 System windows directory: C:\WINDOWS
18:06:36.0421 3840 Processor architecture: Intel x86
18:06:36.0421 3840 Number of processors: 2
18:06:36.0421 3840 Page size: 0x1000
18:06:36.0421 3840 Boot type: Normal boot
18:06:36.0421 3840 ============================================================
18:06:36.0812 3840 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:06:36.0890 3840 Initialize success
18:06:38.0828 2080 ============================================================
18:06:38.0828 2080 Scan started
18:06:38.0828 2080 Mode: Manual;
18:06:38.0828 2080 ============================================================
18:06:39.0312 2080 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:06:39.0312 2080 Aavmker4 - ok
18:06:39.0328 2080 Abiosdsk - ok
18:06:39.0359 2080 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:06:39.0359 2080 abp480n5 - ok
18:06:39.0406 2080 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:06:39.0421 2080 ACPI - ok
18:06:39.0421 2080 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:06:39.0421 2080 ACPIEC - ok
18:06:39.0500 2080 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:06:39.0500 2080 adpu160m - ok
18:06:39.0562 2080 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:06:39.0562 2080 aec - ok
18:06:39.0625 2080 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
18:06:39.0625 2080 AESTAud - ok
18:06:39.0687 2080 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:06:39.0687 2080 AFD - ok
18:06:39.0718 2080 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:06:39.0718 2080 agp440 - ok
18:06:39.0718 2080 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:06:39.0718 2080 agpCPQ - ok
18:06:39.0765 2080 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:06:39.0765 2080 Aha154x - ok
18:06:39.0765 2080 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:06:39.0781 2080 aic78u2 - ok
18:06:39.0781 2080 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:06:39.0781 2080 aic78xx - ok
18:06:39.0828 2080 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:06:39.0828 2080 AliIde - ok
18:06:39.0843 2080 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:06:39.0843 2080 alim1541 - ok
18:06:39.0859 2080 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:06:39.0859 2080 amdagp - ok
18:06:39.0875 2080 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:06:39.0875 2080 amsint - ok
18:06:39.0937 2080 ApfiltrService (fb7c669774ffcacd77b5969ee5d9a19b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:06:39.0937 2080 ApfiltrService - ok
18:06:40.0000 2080 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\Drivers\APLMp50.sys
18:06:40.0000 2080 APLMp50 - ok
18:06:40.0031 2080 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:06:40.0046 2080 Arp1394 - ok
18:06:40.0093 2080 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:06:40.0093 2080 asc - ok
18:06:40.0109 2080 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:06:40.0109 2080 asc3350p - ok
18:06:40.0125 2080 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:06:40.0125 2080 asc3550 - ok
18:06:40.0203 2080 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:06:40.0203 2080 aswFsBlk - ok
18:06:40.0203 2080 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
18:06:40.0203 2080 aswMon2 - ok
18:06:40.0218 2080 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
18:06:40.0218 2080 aswRdr - ok
18:06:40.0250 2080 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
18:06:40.0265 2080 aswSP - ok
18:06:40.0281 2080 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
18:06:40.0281 2080 aswTdi - ok
18:06:40.0296 2080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:06:40.0296 2080 AsyncMac - ok
18:06:40.0343 2080 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:06:40.0343 2080 atapi - ok
18:06:40.0343 2080 Atdisk - ok
18:06:40.0359 2080 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:06:40.0359 2080 Atmarpc - ok
18:06:40.0406 2080 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:06:40.0421 2080 audstub - ok
18:06:40.0531 2080 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:06:40.0593 2080 BCM43XX - ok
18:06:40.0656 2080 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:06:40.0656 2080 Beep - ok
18:06:40.0828 2080 catchme - ok
18:06:41.0093 2080 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:06:41.0093 2080 cbidf - ok
18:06:41.0109 2080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:06:41.0109 2080 cbidf2k - ok
18:06:41.0156 2080 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:06:41.0156 2080 cd20xrnt - ok
18:06:41.0218 2080 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:06:41.0218 2080 Cdaudio - ok
18:06:41.0234 2080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:06:41.0234 2080 Cdfs - ok
18:06:41.0296 2080 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:06:41.0296 2080 Cdrom - ok
18:06:41.0312 2080 Changer - ok
18:06:41.0375 2080 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:06:41.0375 2080 CmBatt - ok
18:06:41.0390 2080 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:06:41.0390 2080 CmdIde - ok
18:06:41.0390 2080 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:06:41.0406 2080 Compbatt - ok
18:06:41.0437 2080 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:06:41.0437 2080 Cpqarray - ok
18:06:41.0500 2080 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
18:06:41.0515 2080 CVirtA - ok
18:06:41.0562 2080 CVPNDRVA (8a15d7bd4cf1a8ccd7c65f7349f22e35) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
18:06:41.0578 2080 CVPNDRVA - ok
18:06:41.0593 2080 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:06:41.0593 2080 dac2w2k - ok
18:06:41.0609 2080 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:06:41.0609 2080 dac960nt - ok
18:06:41.0640 2080 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:06:41.0656 2080 Disk - ok
18:06:41.0671 2080 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
18:06:41.0671 2080 DLABMFSM - ok
18:06:41.0718 2080 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
18:06:41.0718 2080 DLABOIOM - ok
18:06:41.0718 2080 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:06:41.0718 2080 DLACDBHM - ok
18:06:41.0734 2080 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
18:06:41.0734 2080 DLADResM - ok
18:06:41.0750 2080 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
18:06:41.0750 2080 DLAIFS_M - ok
18:06:41.0765 2080 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
18:06:41.0765 2080 DLAOPIOM - ok
18:06:41.0781 2080 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
18:06:41.0781 2080 DLAPoolM - ok
18:06:41.0796 2080 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
18:06:41.0796 2080 DLARTL_M - ok
18:06:41.0796 2080 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
18:06:41.0796 2080 DLAUDFAM - ok
18:06:41.0812 2080 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
18:06:41.0812 2080 DLAUDF_M - ok
18:06:41.0875 2080 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:06:41.0890 2080 dmboot - ok
18:06:41.0906 2080 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:06:41.0906 2080 dmio - ok
18:06:41.0921 2080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:06:41.0921 2080 dmload - ok
18:06:41.0968 2080 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:06:41.0968 2080 DMusic - ok
18:06:42.0015 2080 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
18:06:42.0031 2080 DNE - ok
18:06:42.0078 2080 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:06:42.0078 2080 dpti2o - ok
18:06:42.0125 2080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:06:42.0125 2080 drmkaud - ok
18:06:42.0203 2080 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
18:06:42.0203 2080 DRVMCDB - ok
18:06:42.0218 2080 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:06:42.0218 2080 DRVNDDM - ok
18:06:42.0296 2080 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:06:42.0296 2080 Fastfat - ok
18:06:42.0328 2080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:06:42.0328 2080 Fdc - ok
18:06:42.0343 2080 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:06:42.0343 2080 Fips - ok
18:06:42.0359 2080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:06:42.0359 2080 Flpydisk - ok
18:06:42.0406 2080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:06:42.0406 2080 FltMgr - ok
18:06:42.0468 2080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:06:42.0468 2080 Fs_Rec - ok
18:06:42.0640 2080 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:06:42.0640 2080 Ftdisk - ok
18:06:42.0671 2080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:06:42.0671 2080 GEARAspiWDM - ok
18:06:42.0890 2080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:06:42.0890 2080 Gpc - ok
18:06:44.0078 2080 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:06:44.0078 2080 HDAudBus - ok
18:06:44.0281 2080 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:06:44.0281 2080 hidusb - ok
18:06:44.0343 2080 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:06:44.0343 2080 hpn - ok
18:06:44.0390 2080 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:06:44.0390 2080 HPZid412 - ok
18:06:44.0453 2080 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:06:44.0453 2080 HPZipr12 - ok
18:06:44.0531 2080 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:06:44.0531 2080 HPZius12 - ok
18:06:44.0703 2080 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:06:44.0703 2080 HTTP - ok
18:06:44.0796 2080 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:06:44.0828 2080 i2omgmt - ok
18:06:44.0984 2080 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:06:44.0984 2080 i2omp - ok
18:06:45.0046 2080 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:06:45.0046 2080 i8042prt - ok
18:06:45.0359 2080 ialm (66a685b05066683621920bc14a45cfe8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:06:45.0593 2080 ialm - ok
18:06:45.0687 2080 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
18:06:45.0687 2080 iaStor - ok
18:06:45.0765 2080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:06:45.0796 2080 Imapi - ok
18:06:45.0875 2080 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:06:45.0875 2080 ini910u - ok
18:06:45.0890 2080 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:06:45.0890 2080 IntelIde - ok
18:06:45.0906 2080 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:06:45.0906 2080 intelppm - ok
18:06:45.0968 2080 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:06:45.0968 2080 Ip6Fw - ok
18:06:45.0984 2080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:06:45.0984 2080 IpFilterDriver - ok
18:06:45.0984 2080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:06:45.0984 2080 IpInIp - ok
18:06:46.0062 2080 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:06:46.0062 2080 IpNat - ok
18:06:46.0078 2080 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:06:46.0078 2080 IPSec - ok
18:06:46.0093 2080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:06:46.0093 2080 IRENUM - ok
18:06:46.0187 2080 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:06:46.0187 2080 isapnp - ok
18:06:46.0312 2080 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:06:46.0312 2080 Kbdclass - ok
18:06:46.0406 2080 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:06:46.0406 2080 kbdhid - ok
18:06:46.0625 2080 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:06:46.0625 2080 kmixer - ok
18:06:47.0015 2080 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:06:47.0031 2080 KSecDD - ok
18:06:47.0046 2080 lbrtfdc - ok
18:06:47.0109 2080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:06:47.0109 2080 mnmdd - ok
18:06:47.0281 2080 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:06:47.0281 2080 Modem - ok
18:06:47.0703 2080 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:06:47.0703 2080 Mouclass - ok
18:06:47.0843 2080 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:06:47.0843 2080 mouhid - ok
18:06:47.0859 2080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:06:47.0859 2080 MountMgr - ok
18:06:48.0062 2080 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:06:48.0062 2080 mraid35x - ok
18:06:48.0328 2080 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
18:06:48.0328 2080 MREMP50 - ok
18:06:48.0328 2080 MREMPR5 - ok
18:06:48.0343 2080 MRENDIS5 - ok
18:06:48.0375 2080 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
18:06:48.0375 2080 MRESP50 - ok
18:06:49.0000 2080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:06:49.0000 2080 MRxDAV - ok
18:06:49.0546 2080 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:06:49.0625 2080 MRxSmb - ok
18:06:50.0046 2080 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:06:50.0046 2080 Msfs - ok
18:06:50.0625 2080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:06:50.0625 2080 MSKSSRV - ok
18:06:51.0171 2080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:06:51.0171 2080 MSPCLOCK - ok
18:06:51.0625 2080 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:06:51.0625 2080 MSPQM - ok
18:06:52.0109 2080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:06:52.0109 2080 mssmbios - ok
18:06:52.0609 2080 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:06:52.0609 2080 Mup - ok
18:06:52.0828 2080 NAVENG - ok
18:06:52.0859 2080 NAVEX15 - ok
18:06:53.0265 2080 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:06:53.0281 2080 NDIS - ok
18:06:53.0390 2080 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:06:53.0390 2080 NdisTapi - ok
18:06:54.0187 2080 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:06:54.0187 2080 Ndisuio - ok
18:06:54.0828 2080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:06:54.0843 2080 NdisWan - ok
18:06:55.0640 2080 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:06:55.0640 2080 NDProxy - ok
18:06:56.0343 2080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:06:56.0343 2080 NetBIOS - ok
18:06:57.0109 2080 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:06:57.0109 2080 NetBT - ok
18:06:57.0703 2080 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:06:57.0703 2080 NIC1394 - ok
18:06:58.0812 2080 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
18:06:58.0812 2080 nm - ok
18:06:59.0796 2080 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:06:59.0812 2080 Npfs - ok
18:07:00.0296 2080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:07:00.0312 2080 Ntfs - ok
18:07:00.0703 2080 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:07:00.0703 2080 Null - ok
18:07:01.0203 2080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:07:01.0234 2080 NwlnkFlt - ok
18:07:01.0734 2080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:07:01.0765 2080 NwlnkFwd - ok
18:07:02.0171 2080 O2MDGRDR (1cd60d5fb54ab1a1fdf6fb8e0abb20b8) C:\WINDOWS\system32\DRIVERS\o2mdg.sys
18:07:02.0171 2080 O2MDGRDR - ok
18:07:03.0218 2080 O2SDGRDR (5890635f36eebbf3dc00d5b07269d4e1) C:\WINDOWS\system32\DRIVERS\o2sdg.sys
18:07:03.0343 2080 O2SDGRDR - ok
18:07:04.0125 2080 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:07:04.0218 2080 ohci1394 - ok
18:07:05.0468 2080 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:07:05.0640 2080 Parport - ok
18:07:06.0390 2080 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:07:06.0390 2080 PartMgr - ok
18:07:06.0984 2080 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:07:07.0218 2080 ParVdm - ok
18:07:08.0765 2080 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:07:08.0765 2080 PCI - ok
18:07:09.0656 2080 PCIDump - ok
18:07:10.0546 2080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:07:10.0546 2080 PCIIde - ok
18:07:11.0500 2080 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:07:11.0500 2080 Pcmcia - ok
18:07:12.0234 2080 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
18:07:12.0234 2080 pcouffin - ok
18:07:12.0796 2080 PDCOMP - ok
18:07:13.0953 2080 PDFRAME - ok
18:07:14.0968 2080 PDRELI - ok
18:07:16.0125 2080 PDRFRAME - ok
18:07:16.0921 2080 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:07:16.0937 2080 perc2 - ok
18:07:18.0000 2080 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:07:18.0015 2080 perc2hib - ok
18:07:19.0312 2080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:07:19.0312 2080 PptpMiniport - ok
18:07:20.0609 2080 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:07:20.0812 2080 PSched - ok
18:07:21.0812 2080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:07:21.0812 2080 Ptilink - ok
18:07:23.0015 2080 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:07:23.0015 2080 PxHelp20 - ok
18:07:24.0031 2080 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:07:24.0046 2080 ql1080 - ok
18:07:24.0843 2080 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:07:24.0843 2080 Ql10wnt - ok
18:07:25.0312 2080 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:07:25.0312 2080 ql12160 - ok
18:07:25.0562 2080 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:07:25.0562 2080 ql1240 - ok
18:07:25.0828 2080 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:07:25.0843 2080 ql1280 - ok
18:07:26.0078 2080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:07:26.0078 2080 RasAcd - ok
18:07:26.0359 2080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:07:26.0359 2080 Rasl2tp - ok
18:07:26.0640 2080 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:07:26.0640 2080 RasPppoe - ok
18:07:27.0000 2080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:07:27.0000 2080 Raspti - ok
18:07:27.0296 2080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:07:27.0296 2080 Rdbss - ok
18:07:27.0625 2080 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:07:27.0625 2080 RDPCDD - ok
18:07:27.0937 2080 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:07:27.0953 2080 rdpdr - ok
18:07:28.0718 2080 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:07:28.0718 2080 RDPWD - ok
18:07:29.0031 2080 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:07:29.0031 2080 redbook - ok
18:07:29.0484 2080 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:07:29.0484 2080 RTLE8023xp - ok
18:07:29.0890 2080 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:07:29.0890 2080 sdbus - ok
18:07:30.0140 2080 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:07:30.0140 2080 Secdrv - ok
18:07:30.0406 2080 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:07:30.0406 2080 Serial - ok
18:07:30.0718 2080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:07:30.0718 2080 Sfloppy - ok
18:07:30.0953 2080 Simbad - ok
18:07:31.0203 2080 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:07:31.0203 2080 sisagp - ok
18:07:31.0453 2080 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:07:31.0453 2080 Sparrow - ok
18:07:32.0296 2080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:07:32.0296 2080 splitter - ok
18:07:33.0359 2080 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:07:33.0359 2080 sr - ok
18:07:34.0281 2080 SRTSP - ok
18:07:35.0000 2080 SRTSPX - ok
18:07:35.0546 2080 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:07:35.0546 2080 Srv - ok
18:07:36.0515 2080 STHDA (5849f5d472a676ace7224fc2c656f4b2) C:\WINDOWS\system32\drivers\sthda.sys
18:07:37.0062 2080 STHDA - ok
18:07:37.0640 2080 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:07:37.0640 2080 swenum - ok
18:07:38.0359 2080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:07:38.0390 2080 swmidi - ok
18:07:39.0171 2080 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:07:39.0171 2080 symc810 - ok
18:07:39.0546 2080 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:07:39.0546 2080 symc8xx - ok
18:07:39.0906 2080 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:07:39.0906 2080 sym_hi - ok
18:07:40.0562 2080 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:07:40.0562 2080 sym_u3 - ok
18:07:41.0000 2080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:07:41.0000 2080 sysaudio - ok
18:07:41.0828 2080 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:07:41.0828 2080 Tcpip - ok
18:07:42.0328 2080 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:07:42.0328 2080 TDPIPE - ok
18:07:42.0953 2080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:07:42.0953 2080 TDTCP - ok
18:07:43.0468 2080 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:07:43.0468 2080 TermDD - ok
18:07:43.0890 2080 TIDHOOK - ok
18:07:44.0187 2080 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:07:44.0187 2080 TosIde - ok
18:07:44.0453 2080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:07:44.0453 2080 Udfs - ok
18:07:44.0953 2080 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:07:44.0953 2080 ultra - ok
18:07:45.0218 2080 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:07:45.0234 2080 Update - ok
18:07:45.0500 2080 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:07:45.0500 2080 USBAAPL - ok
18:07:45.0875 2080 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:07:45.0890 2080 usbaudio - ok
18:07:46.0140 2080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:07:46.0156 2080 usbccgp - ok
18:07:46.0421 2080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:07:46.0421 2080 usbehci - ok
18:07:46.0734 2080 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:07:46.0734 2080 usbhub - ok
18:07:47.0000 2080 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:07:47.0000 2080 usbprint - ok
18:07:47.0265 2080 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:07:47.0265 2080 usbscan - ok
18:07:47.0531 2080 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:07:47.0531 2080 USBSTOR - ok
18:07:47.0921 2080 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:07:47.0921 2080 usbuhci - ok
18:07:48.0203 2080 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:07:48.0203 2080 VgaSave - ok
18:07:48.0468 2080 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:07:48.0468 2080 viaagp - ok
18:07:48.0796 2080 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:07:48.0796 2080 ViaIde - ok
18:07:49.0062 2080 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:07:49.0062 2080 VolSnap - ok
18:07:49.0312 2080 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
18:07:49.0312 2080 vsdatant - ok
18:07:49.0593 2080 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:07:49.0593 2080 Wanarp - ok
18:07:50.0093 2080 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:07:50.0109 2080 Wdf01000 - ok
18:07:50.0343 2080 WDICA - ok
18:07:50.0984 2080 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:07:50.0984 2080 wdmaud - ok
18:07:51.0390 2080 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
18:07:51.0390 2080 WinUSB - ok
18:07:51.0703 2080 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:07:51.0703 2080 WS2IFSL - ok
18:07:51.0796 2080 MBR (0x1B8) (53484ef36f7f7dd82000c2b34a0afeff) \Device\Harddisk0\DR0
18:07:51.0875 2080 \Device\Harddisk0\DR0 - ok
18:07:51.0921 2080 Boot (0x1200) (f45aaad74a8320b1003eed7b44147ff2) \Device\Harddisk0\DR0\Partition0
18:07:51.0921 2080 \Device\Harddisk0\DR0\Partition0 - ok
18:07:51.0921 2080 ============================================================
18:07:51.0921 2080 Scan finished
18:07:51.0921 2080 ============================================================
18:07:51.0937 0704 Detected object count: 0
18:07:51.0937 0704 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 AM

Posted 19 January 2012 - 08:43 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Edited by gringo_pr, 19 January 2012 - 08:43 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Brootforce

Brootforce
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 20 January 2012 - 10:15 AM

When I ran ComboFix again, a popup came up: "infectes with Rootkit.ZeroAccess" has inserted itself into the tcp/ip stack". After the computer restarted and ComboFix was running a popup camp up that said "pev.3XE - Corrupt File, C:\Documentsandsettings\B\Application Data\BITS\torrent is corrupt and unreadable. Please run Chkdsk Utility".
Whenever I start computer a Malwarebytes pop-up says Runtime error'53': File not found: mbamnet

Also still getting Server busy, Switch to popup.

ComboFix log:

ComboFix 12-01-19.02 - B 01/20/2012 9:49.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2613 [GMT -5:00]
Running from: c:\documents and settings\B\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\B\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\documents and settings\B\Start Menu\Programs\System Check
c:\documents and settings\B\WINDOWS
c:\windows\$NtUninstallKB27692$
c:\windows\$NtUninstallKB27692$\181102311\@
c:\windows\$NtUninstallKB27692$\181102311\bckfg.tmp
c:\windows\$NtUninstallKB27692$\181102311\cfg.ini
c:\windows\$NtUninstallKB27692$\181102311\Desktop.ini
c:\windows\$NtUninstallKB27692$\181102311\kwrd.dll
c:\windows\$NtUninstallKB27692$\181102311\L\rohepcid
c:\windows\$NtUninstallKB27692$\181102311\lsflt7.ver
c:\windows\$NtUninstallKB27692$\181102311\U\00000001.@
c:\windows\$NtUninstallKB27692$\181102311\U\00000002.@
c:\windows\$NtUninstallKB27692$\181102311\U\00000004.@
c:\windows\$NtUninstallKB27692$\181102311\U\80000000.@
c:\windows\$NtUninstallKB27692$\181102311\U\80000004.@
c:\windows\$NtUninstallKB27692$\181102311\U\80000032.@
c:\windows\$NtUninstallKB27692$\3706943998
.
Infected copy of c:\windows\system32\autochk.exe was found and disinfected
Restored copy from - c:\i386\AUTOCHK.EXE
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 14:51 . 2012-01-20 14:51 -------- d-----w- c:\windows\LastGood.Tmp
2012-01-12 01:25 . 2012-01-12 01:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2012-01-12 00:52 . 2012-01-12 00:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-01-12 00:44 . 2012-01-12 00:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-01-12 00:44 . 2012-01-12 00:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-01-10 14:32 . 2012-01-10 14:32 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-10 14:32 . 2012-01-10 14:32 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-10 14:32 . 2012-01-10 14:32 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-10 14:32 . 2012-01-10 14:32 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-27 14:25 . 2011-12-27 14:25 -------- d-----w- c:\program files\Eye-Fi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 15:07 . 2010-03-03 17:13 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-20 15:07 . 2010-02-05 16:56 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-20 15:07 . 2010-02-05 16:56 58288 ------w- c:\windows\system32\rpcnet.exe
2012-01-20 15:04 . 2010-03-03 17:14 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-01-19 18:06 . 2008-04-14 00:10 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-11-25 21:57 . 2008-04-25 16:16 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29 . 2008-04-25 16:16 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-25 16:16 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-25 16:16 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-25 16:16 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-25 16:16 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-25 16:16 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-25 16:16 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-06 20:40 . 2010-11-06 20:40 9163464 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-01-10 14:32 . 2011-03-22 20:11 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-19_16.36.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 15:04 . 2012-01-20 15:04 16384 c:\windows\Temp\Perflib_Perfdata_814.dat
+ 2008-04-14 00:10 . 2009-11-13 22:57 62592 c:\windows\system32\dllcache\cdrom.sys
- 2009-11-13 22:57 . 2009-11-13 22:57 62592 c:\windows\system32\dllcache\cdrom.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-29 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-05 2938552]
"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-22 729088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-18 150040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-12 2220032]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-02-22 483420]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-01-02 1670656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-11-6 9163464]
.
c:\documents and settings\B\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\B\Application Data\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-6-1 25214]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2011-6-3 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Documents and Settings\\B\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TVTrigger\\TVTrigger.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\Eye-Fi\\Helper\\EyeFiHelper.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\B\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\B\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20262:TCP"= 20262:TCP:BitComet 20262 TCP
"20262:UDP"= 20262:UDP:BitComet 20262 UDP
"6000:TCP"= 6000:TCP:BitComet 6000 TCP
"6000:UDP"= 6000:UDP:BitComet 6000 UDP
"56604:TCP"= 56604:TCP:Pando Media Booster
"56604:UDP"= 56604:UDP:Pando Media Booster
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/4/2009 3:55 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/4/2009 3:55 PM 17744]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 290832]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/23/2009 4:00 PM 112512]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [11/30/2011 12:04 PM 245760]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [5/23/2009 4:00 PM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [5/23/2009 4:00 PM 41760]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/4/2009 2:22 PM 47360]
S2 gupdate1c9e0855b9f74be;Google Update Service (gupdate1c9e0855b9f74be);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2009 12:46 PM 133104]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2009 12:46 PM 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 10:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-29 13:47]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 17:46]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 17:46]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541550411-28408551-317687305-1005Core.job
- c:\documents and settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 14:12]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541550411-28408551-317687305-1005UA.job
- c:\documents and settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 14:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=0&l=dir
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download All By FlashGet3 - c:\documents and settings\B\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\B\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\B\Application Data\Mozilla\Firefox\Profiles\bdzljy38.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-96865995.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-20 10:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1316)
c:\windows\system32\WININET.dll
c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\drivers\audio\r211990\stacsv.exe
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\rpcnet.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-01-20 10:10:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-20 15:10
ComboFix2.txt 2012-01-19 16:56
.
Pre-Run: 75,851,821,056 bytes free
Post-Run: 76,350,349,312 bytes free
.
- - End Of File - - 72B5D6286BF2AC0FE14B01A5942E2D66

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 AM

Posted 20 January 2012 - 02:18 PM

Hello


Let me know how the computer is doing at this time


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

DDS::
uStart Page = hxxp://www.ask.com/?o=0&l=dir


Firefox::
FF - ProfilePath - c:\documents and settings\B\Application Data\Mozilla\Firefox\Profiles\bdzljy38.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 4

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Brootforce

Brootforce
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 20 January 2012 - 06:04 PM

Here is the next ComboFix log:

ComboFix 12-01-19.02 - B 01/20/2012 17:40:16.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2405 [GMT -5:00]
Running from: c:\documents and settings\B\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\B\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\autochk.exe was found and disinfected
Restored copy from - c:\i386\AUTOCHK.EXE
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-12 01:25 . 2012-01-12 01:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2012-01-12 00:52 . 2012-01-12 00:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-01-12 00:44 . 2012-01-12 00:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-01-12 00:44 . 2012-01-12 00:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-01-10 14:32 . 2012-01-10 14:32 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-10 14:32 . 2012-01-10 14:32 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-10 14:32 . 2012-01-10 14:32 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-10 14:32 . 2012-01-10 14:32 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-27 14:25 . 2011-12-27 14:25 -------- d-----w- c:\program files\Eye-Fi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 22:54 . 2010-03-03 17:13 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-20 22:54 . 2010-03-03 17:14 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-01-20 22:54 . 2010-02-05 16:56 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-20 15:07 . 2010-02-05 16:56 58288 ------w- c:\windows\system32\rpcnet.exe
2012-01-19 18:06 . 2008-04-14 00:10 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-11-25 21:57 . 2008-04-25 16:16 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29 . 2008-04-25 16:16 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-25 16:16 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-25 16:16 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-25 16:16 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-25 16:16 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-25 16:16 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-25 16:16 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-06 20:40 . 2010-11-06 20:40 9163464 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-01-10 14:32 . 2011-03-22 20:11 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-19_16.36.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 22:54 . 2012-01-20 22:54 16384 c:\windows\temp\Perflib_Perfdata_dc.dat
+ 2008-04-14 00:10 . 2009-11-13 22:57 62592 c:\windows\system32\dllcache\cdrom.sys
- 2009-11-13 22:57 . 2009-11-13 22:57 62592 c:\windows\system32\dllcache\cdrom.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-29 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-05 2938552]
"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-22 729088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-18 150040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-12 2220032]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-02-22 483420]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-01-02 1670656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-11-6 9163464]
.
c:\documents and settings\B\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\B\Application Data\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-6-1 25214]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2011-6-3 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Documents and Settings\\B\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TVTrigger\\TVTrigger.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\Eye-Fi\\Helper\\EyeFiHelper.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\B\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\B\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20262:TCP"= 20262:TCP:BitComet 20262 TCP
"20262:UDP"= 20262:UDP:BitComet 20262 UDP
"6000:TCP"= 6000:TCP:BitComet 6000 TCP
"6000:UDP"= 6000:UDP:BitComet 6000 UDP
"56604:TCP"= 56604:TCP:Pando Media Booster
"56604:UDP"= 56604:UDP:Pando Media Booster
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/4/2009 3:55 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/4/2009 3:55 PM 17744]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 290832]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/23/2009 4:00 PM 112512]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [11/30/2011 12:04 PM 245760]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [5/23/2009 4:00 PM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [5/23/2009 4:00 PM 41760]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/4/2009 2:22 PM 47360]
S2 gupdate1c9e0855b9f74be;Google Update Service (gupdate1c9e0855b9f74be);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2009 12:46 PM 133104]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2009 12:46 PM 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 10:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-29 13:47]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 17:46]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 17:46]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541550411-28408551-317687305-1005Core.job
- c:\documents and settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 14:12]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541550411-28408551-317687305-1005UA.job
- c:\documents and settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-08 14:12]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download All By FlashGet3 - c:\documents and settings\B\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\B\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\B\Application Data\Mozilla\Firefox\Profiles\bdzljy38.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-20 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\WININET.dll
c:\documents and settings\B\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\drivers\audio\r211990\stacsv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\system32\rpcnet.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
.
**************************************************************************
.
Completion time: 2012-01-20 18:01:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-20 23:01
ComboFix2.txt 2012-01-20 15:10
ComboFix3.txt 2012-01-19 16:56
.
Pre-Run: 76,335,284,224 bytes free
Post-Run: 76,323,201,024 bytes free
.
- - End Of File - - 8825D060D148D77445CF0EB30DCF467D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users