Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm Issues_BloodHound?_Slow Computer


  • Please log in to reply
19 replies to this topic

#1 3_L7

3_L7

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 07 February 2012 - 12:01 PM

Hello.
I had this problem back in Dec (2011).
Had it fixed via BleepingComputer forum help.
Re-attached external hard drive and exact symptoms
from Dec(2011)returned. Original thred was removed.

Thank you,
3_L7

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 PM

Posted 07 February 2012 - 01:54 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

You have attached the Attach.txt log.
Please post the DDS.txt log for my review.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists with this computer.

#3 3_L7

3_L7
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 07 February 2012 - 02:10 PM

Hi Nasdaq.
Thank you for the response.
The requested docs are attached now posted below.

Edited by 3_L7, 07 February 2012 - 02:23 PM.


#4 3_L7

3_L7
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 07 February 2012 - 02:20 PM

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by XXXXX at 23:37:52 on 2012-02-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1321 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Updater For eGames Toolbar - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - c:\program files\egames\egamestoolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - c:\program files\egames\egamestoolbar.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{3096C8D6-25D9-473E-B47F-96E3AE700DF9} : DhcpNameServer = 167.206.251.129 167.206.251.130
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\XXXXX\application data\mozilla\firefox\profiles\j2kt4i1r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: eGames Toolbar: {b2b46577-0217-4ec5-a467-7a1e8d0d7b71} - %profile%\extensions\{b2b46577-0217-4ec5-a467-7a1e8d0d7b71}
.
============= SERVICES / DRIVERS ===============
.
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-5-12 2440632]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-11-18 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-11-18 451960]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-14 106104]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120206.002\NAVENG.SYS [2012-2-6 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120206.002\NAVEX15.SYS [2012-2-6 1576312]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-11-18 10752]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-12-13 17:45:22 1393736 ----a-w- c:\documents and settings\XXXXX\gotomypc_635.exe
2011-12-01 05:08:51 3082 ----a-w- c:\windows\system32\tmp.reg
.
============= FINISH: 23:38:36.73 ===============

#5 3_L7

3_L7
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 07 February 2012 - 02:22 PM

CHECKUP.txt:

Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 10.0.12.36 Flash Player out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox (3.6). Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 PM

Posted 08 February 2012 - 08:32 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 29


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Please let me know what problem persists.

#7 3_L7

3_L7
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 08 February 2012 - 11:42 AM

- Updates made
- Disabled Protection
- ComboFix log below
- Re-enabled Protection
- Computer still very slow

ComboFix 12-02-08.01 - XXXXX 02/08/2012 11:30:13.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1479 [GMT -5:00]
Running from: c:\documents and settings\XXXXX\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\XXXXX\gotomypc_635.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-08 15:58 . 2012-02-08 15:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 15:57 . 2011-12-11 02:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-01 05:08 . 2011-12-01 05:08 3082 ----a-w- c:\windows\system32\tmp.reg
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-10_03.15.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-08 16:08 . 2012-02-08 16:08 16384 c:\windows\Temp\Perflib_Perfdata_7b0.dat
+ 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 01:23 . 2007-11-07 01:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2012-02-08 15:58 . 2012-02-08 15:57 157472 c:\windows\system32\javaws.exe
+ 2012-02-08 15:58 . 2012-02-08 15:57 149280 c:\windows\system32\javaw.exe
+ 2012-02-08 15:58 . 2012-02-08 15:57 149280 c:\windows\system32\java.exe
+ 2008-06-20 05:12 . 2011-06-21 22:46 167936 c:\windows\system32\drivers\WpsHelper.sys
- 2008-06-20 05:12 . 2010-09-11 03:32 167936 c:\windows\system32\drivers\WpsHelper.sys
+ 2012-02-08 15:57 . 2012-02-08 15:57 901120 c:\windows\Installer\a06bfd6.msi
+ 2011-12-11 02:31 . 2011-12-11 02:31 203776 c:\windows\Installer\21f1a38.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-02-08 16:20 . 2012-02-08 16:20 2295808 c:\windows\Installer\b6eb0.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\b6eb1.msp
+ 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]
2009-12-18 18:47 81920 ----a-w- c:\program files\eGames\egamestoolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}"= "c:\program files\egames\egamestoolbar.dll" [2009-12-18 81920]
.
[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-18 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [11/18/2011 09:55 PM 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [11/18/2011 09:56 PM 451960]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 05:32 PM 497856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/7/2012 07:19 PM 106104]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11/18/2011 09:56 PM 10752]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 06:17 PM 23888]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\documents and settings\XXXXX\Application Data\Mozilla\Firefox\Profiles\j2kt4i1r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: eGames Toolbar: {b2b46577-0217-4ec5-a467-7a1e8d0d7b71} - %profile%\extensions\{b2b46577-0217-4ec5-a467-7a1e8d0d7b71}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-08 11:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-02-08 11:41:57
ComboFix-quarantined-files.txt 2012-02-08 16:41
ComboFix2.txt 2011-12-10 03:18
.
Pre-Run: 20,483,567,616 bytes free
Post-Run: 20,535,738,368 bytes free
.
- - End Of File - - 20E813D0E4E33D023D45FC982E5888AD

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 PM

Posted 08 February 2012 - 02:45 PM

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}


Did you enable both firewall.

If yes disable AVG and keep Norton/Symanted Ednpoint.

#9 3_L7

3_L7
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 08 February 2012 - 05:01 PM

I manually disabled and then re-enabled Symantec (Through my system tray).

I dont know what or where AVG is. I never manually did anything to AVG.
Its not present in the system tray or listed in "Add/Remove Programs".

Assuming AVG is off, the computer is still very slow.

Edited by 3_L7, 08 February 2012 - 08:22 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 PM

Posted 09 February 2012 - 10:16 AM

Article about a slow XP computer. Hope they can help.

Optimize your computer for peak performance
http://www.microsoft.com/athome/moredone/optimize.mspx

Put your PC maintenance routine on autopilot
http://www.microsoft.com/athome/moredone/maintenance.mspx

Restore Your Computer's Performance with Windows XP
http://www.microsoft.com/windowsxp/using/setup/expert/northrup_restoreperf.mspx

Maintenance tasks that improve performance
http://www.microsoft.com/windowsxp/using/setup/maintain/improveperf.mspx
===



Open notepad and copy/paste the text in the quote box below into it:

SecCenter::
{8decf618-9569-4340-b34a-d78d28969b66}



Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Open your Task Manager using the (CTRL+ALT+DEL) keys and select the Process tab.
Which of the process is using a log of CPU.

===

#11 3_L7

3_L7
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 09 February 2012 - 01:57 PM

ComboFix 12-02-08.01 - XXXXX 02/09/2012 13:15:12.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1459 [GMT -5:00]
Running from: c:\documents and settings\XXXXX\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\XXXXX\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-08 15:58 . 2012-02-08 15:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 15:57 . 2011-12-11 02:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-01 05:08 . 2011-12-01 05:08 3082 ----a-w- c:\windows\system32\tmp.reg
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-10_03.15.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-08 16:08 . 2012-02-08 16:08 16384 c:\windows\Temp\Perflib_Perfdata_7b0.dat
+ 2012-02-08 21:52 . 2012-02-08 21:52 22216 c:\windows\SoftwareDistribution\EventCache\{07483479-6EAE-40BA-85ED-AF6779670536}.bin
+ 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 01:23 . 2007-11-07 01:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2012-02-08 15:58 . 2012-02-08 15:57 157472 c:\windows\system32\javaws.exe
+ 2012-02-08 15:58 . 2012-02-08 15:57 149280 c:\windows\system32\javaw.exe
+ 2012-02-08 15:58 . 2012-02-08 15:57 149280 c:\windows\system32\java.exe
- 2008-06-20 05:12 . 2010-09-11 03:32 167936 c:\windows\system32\drivers\WpsHelper.sys
+ 2008-06-20 05:12 . 2011-06-21 22:46 167936 c:\windows\system32\drivers\WpsHelper.sys
+ 2012-02-08 15:57 . 2012-02-08 15:57 901120 c:\windows\Installer\a06bfd6.msi
+ 2011-12-11 02:31 . 2011-12-11 02:31 203776 c:\windows\Installer\21f1a38.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-02-08 16:20 . 2012-02-08 16:20 2295808 c:\windows\Installer\b6eb0.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\b6eb1.msp
+ 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]
2009-12-18 18:47 81920 ----a-w- c:\program files\eGames\egamestoolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}"= "c:\program files\egames\egamestoolbar.dll" [2009-12-18 81920]
.
[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-18 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [11/18/2011 09:55 PM 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [11/18/2011 09:56 PM 451960]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 05:32 PM 497856]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 06:17 PM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/7/2012 07:19 PM 106104]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11/18/2011 09:56 PM 10752]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\documents and settings\XXXXX\Application Data\Mozilla\Firefox\Profiles\j2kt4i1r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: eGames Toolbar: {b2b46577-0217-4ec5-a467-7a1e8d0d7b71} - %profile%\extensions\{b2b46577-0217-4ec5-a467-7a1e8d0d7b71}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-09 13:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2340)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-09 13:27:17
ComboFix-quarantined-files.txt 2012-02-09 18:27
ComboFix2.txt 2012-02-08 16:41
ComboFix3.txt 2011-12-10 03:18
.
Pre-Run: 20,116,135,936 bytes free
Post-Run: 20,188,536,832 bytes free
.
- - End Of File - - CA8A5042E58F270C896673864C8C7843

#12 3_L7

3_L7
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 09 February 2012 - 02:02 PM

Which of the process is using a log of CPU
(Not sure I understand the question)
Does this make sense?...
System Idle Process CPU Column seems to bounce around
It'll jump from 99, 90, 97, 83, 99, 64, 72 etc...

#13 3_L7

3_L7
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 09 February 2012 - 08:13 PM

Not sure if this was part of the previous step or some other step but...
someting called "TDSSKiller.exe" and "eula.txt" appeared in a window to unzip.
So I unzipped it to my desktop thinking it was part of a sequence I started prior.
Now I am realizing that it may not be part of any sequence you have directed me to perform.
So what is it and what do I do with it?

Thank you nasdaq and the Bleeping Computer Team for all your help.
I really appreciate you taking the time to help me with this issue.
- 3_L7

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 PM

Posted 10 February 2012 - 09:40 AM

Not sure if this was part of the previous step or some other step but...
someting called "TDSSKiller.exe" and "eula.txt" appeared in a window to unzip.
So I unzipped it to my desktop thinking it was part of a sequence I started prior.
Now I am realizing that it may not be part of any sequence you have directed me to perform.
So what is it and what do I do with it?

Run the TDSSKiller.exe, save the file and post it in your next reply.
===

System Idle Process CPU Column seems to bounce around
It'll jump from 99, 90, 97, 83, 99, 64, 72 etc...

You should see all the processes.
Which one is using the most CPU.

Mind you after you have executed the TDSSKiller tool it may not be an issue.

#15 3_L7

3_L7
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 10 February 2012 - 11:37 AM

TDSSKiller Report:
11:40:59.0109 2576 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
11:40:59.0359 2576 ============================================================
11:40:59.0359 2576 Current date / time: 2012/02/10 11:40:59.0359
11:40:59.0359 2576 SystemInfo:
11:40:59.0359 2576
11:40:59.0359 2576 OS Version: 5.1.2600 ServicePack: 3.0
11:40:59.0359 2576 Product type: Workstation
11:40:59.0359 2576 ComputerName: XXXXX
11:40:59.0359 2576 UserName: XXXXX
11:40:59.0359 2576 Windows directory: C:\WINDOWS
11:40:59.0359 2576 System windows directory: C:\WINDOWS
11:40:59.0359 2576 Processor architecture: Intel x86
11:40:59.0359 2576 Number of processors: 1
11:40:59.0359 2576 Page size: 0x1000
11:40:59.0359 2576 Boot type: Normal boot
11:40:59.0359 2576 ============================================================
11:41:01.0671 2576 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:41:01.0671 2576 \Device\Harddisk0\DR0:
11:41:01.0671 2576 MBR used
11:41:01.0671 2576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61DA8F4
11:41:01.0703 2576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61DA972, BlocksNum 0x7DB4F8E
11:41:01.0750 2576 Initialize success
11:41:01.0750 2576 ============================================================
11:41:30.0218 3816 ============================================================
11:41:30.0218 3816 Scan started
11:41:30.0218 3816 Mode: Manual;
11:41:30.0218 3816 ============================================================
11:41:32.0218 3816 Abiosdsk - ok
11:41:32.0390 3816 abp480n5 - ok
11:41:32.0656 3816 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:41:32.0656 3816 ACPI - ok
11:41:32.0875 3816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:41:32.0875 3816 ACPIEC - ok
11:41:33.0046 3816 adpu160m - ok
11:41:33.0281 3816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:41:33.0296 3816 aec - ok
11:41:33.0531 3816 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
11:41:33.0531 3816 AFD - ok
11:41:33.0718 3816 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:41:33.0718 3816 agp440 - ok
11:41:33.0921 3816 Aha154x - ok
11:41:34.0093 3816 aic78u2 - ok
11:41:34.0281 3816 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:41:34.0281 3816 aic78xx - ok
11:41:34.0468 3816 AliIde - ok
11:41:34.0640 3816 amsint - ok
11:41:34.0843 3816 asc - ok
11:41:35.0015 3816 asc3350p - ok
11:41:35.0187 3816 asc3550 - ok
11:41:35.0453 3816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:41:35.0453 3816 AsyncMac - ok
11:41:35.0671 3816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:41:35.0671 3816 atapi - ok
11:41:35.0859 3816 Atdisk - ok
11:41:36.0078 3816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:41:36.0078 3816 Atmarpc - ok
11:41:36.0265 3816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:41:36.0265 3816 audstub - ok
11:41:36.0468 3816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:41:36.0468 3816 Beep - ok
11:41:36.0640 3816 catchme - ok
11:41:36.0843 3816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:41:36.0843 3816 cbidf2k - ok
11:41:37.0062 3816 cd20xrnt - ok
11:41:37.0296 3816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:41:37.0296 3816 Cdaudio - ok
11:41:37.0515 3816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:41:37.0515 3816 Cdfs - ok
11:41:37.0718 3816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:41:37.0718 3816 Cdrom - ok
11:41:37.0953 3816 Changer - ok
11:41:38.0156 3816 CmdIde - ok
11:41:38.0500 3816 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys
11:41:38.0500 3816 COH_Mon - ok
11:41:39.0109 3816 Cpqarray - ok
11:41:39.0312 3816 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
11:41:39.0312 3816 ctljystk - ok
11:41:39.0515 3816 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
11:41:39.0515 3816 CVirtA - ok
11:41:39.0687 3816 dac2w2k - ok
11:41:39.0875 3816 dac960nt - ok
11:41:40.0093 3816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:41:40.0093 3816 Disk - ok
11:41:40.0562 3816 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:41:40.0578 3816 dmboot - ok
11:41:40.0812 3816 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:41:40.0812 3816 dmio - ok
11:41:40.0984 3816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:41:40.0984 3816 dmload - ok
11:41:41.0203 3816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:41:41.0203 3816 DMusic - ok
11:41:41.0390 3816 dpti2o - ok
11:41:41.0578 3816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:41:41.0578 3816 drmkaud - ok
11:41:41.0843 3816 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:41:41.0843 3816 eeCtrl - ok
11:41:42.0125 3816 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
11:41:42.0140 3816 emu10k - ok
11:41:42.0359 3816 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
11:41:42.0359 3816 emu10k1 - ok
11:41:42.0468 3816 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:41:42.0468 3816 EraserUtilRebootDrv - ok
11:41:42.0750 3816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:41:42.0750 3816 Fastfat - ok
11:41:43.0000 3816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:41:43.0000 3816 Fdc - ok
11:41:43.0203 3816 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:41:43.0203 3816 Fips - ok
11:41:43.0421 3816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:41:43.0421 3816 Flpydisk - ok
11:41:43.0687 3816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:41:43.0687 3816 FltMgr - ok
11:41:43.0906 3816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:41:43.0906 3816 Fs_Rec - ok
11:41:44.0187 3816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:41:44.0203 3816 Ftdisk - ok
11:41:44.0406 3816 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
11:41:44.0406 3816 gameenum - ok
11:41:44.0640 3816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:41:44.0640 3816 GEARAspiWDM - ok
11:41:44.0875 3816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:41:44.0875 3816 Gpc - ok
11:41:45.0109 3816 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:41:45.0109 3816 hidusb - ok
11:41:45.0281 3816 hpn - ok
11:41:45.0578 3816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:41:45.0578 3816 HTTP - ok
11:41:45.0750 3816 i2omgmt - ok
11:41:45.0937 3816 i2omp - ok
11:41:46.0156 3816 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:41:46.0156 3816 i8042prt - ok
11:41:46.0343 3816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:41:46.0343 3816 Imapi - ok
11:41:46.0531 3816 ini910u - ok
11:41:46.0750 3816 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:41:46.0750 3816 IntelIde - ok
11:41:47.0000 3816 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:41:47.0000 3816 intelppm - ok
11:41:47.0203 3816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:41:47.0203 3816 Ip6Fw - ok
11:41:47.0453 3816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:41:47.0453 3816 IpFilterDriver - ok
11:41:47.0640 3816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:41:47.0640 3816 IpInIp - ok
11:41:47.0906 3816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:41:47.0906 3816 IpNat - ok
11:41:48.0156 3816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:41:48.0171 3816 IPSec - ok
11:41:48.0375 3816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:41:48.0375 3816 IRENUM - ok
11:41:48.0593 3816 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:41:48.0593 3816 isapnp - ok
11:41:48.0812 3816 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:41:48.0812 3816 Kbdclass - ok
11:41:49.0015 3816 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:41:49.0015 3816 kbdhid - ok
11:41:49.0296 3816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:41:49.0296 3816 kmixer - ok
11:41:49.0515 3816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:41:49.0515 3816 KSecDD - ok
11:41:49.0703 3816 lbrtfdc - ok
11:41:49.0968 3816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:41:49.0968 3816 mnmdd - ok
11:41:50.0187 3816 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:41:50.0203 3816 Modem - ok
11:41:50.0390 3816 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
11:41:50.0390 3816 motmodem - ok
11:41:50.0593 3816 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:41:50.0593 3816 Mouclass - ok
11:41:50.0781 3816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:41:50.0781 3816 mouhid - ok
11:41:51.0015 3816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:41:51.0015 3816 MountMgr - ok
11:41:51.0187 3816 mraid35x - ok
11:41:51.0421 3816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:41:51.0421 3816 MRxDAV - ok
11:41:51.0765 3816 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:41:51.0765 3816 MRxSmb - ok
11:41:51.0984 3816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:41:51.0984 3816 Msfs - ok
11:41:52.0203 3816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:41:52.0203 3816 MSKSSRV - ok
11:41:52.0421 3816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:41:52.0421 3816 MSPCLOCK - ok
11:41:52.0609 3816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:41:52.0609 3816 MSPQM - ok
11:41:52.0812 3816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:41:52.0812 3816 mssmbios - ok
11:41:53.0031 3816 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:41:53.0031 3816 Mup - ok
11:41:53.0234 3816 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120209.017\NAVENG.SYS
11:41:53.0234 3816 NAVENG - ok
11:41:53.0828 3816 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120209.017\NAVEX15.SYS
11:41:53.0843 3816 NAVEX15 - ok
11:41:54.0187 3816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:41:54.0187 3816 NDIS - ok
11:41:54.0375 3816 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:41:54.0375 3816 NdisTapi - ok
11:41:54.0562 3816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:41:54.0562 3816 Ndisuio - ok
11:41:54.0781 3816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:41:54.0781 3816 NdisWan - ok
11:41:55.0000 3816 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
11:41:55.0000 3816 NDProxy - ok
11:41:55.0203 3816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:41:55.0203 3816 NetBIOS - ok
11:41:55.0437 3816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:41:55.0453 3816 NetBT - ok
11:41:55.0656 3816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:41:55.0671 3816 Npfs - ok
11:41:56.0062 3816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:41:56.0062 3816 Ntfs - ok
11:41:56.0281 3816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:41:56.0296 3816 Null - ok
11:42:00.0125 3816 nv (cb0ce8de9f66a297cd86eb98921b8e58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:42:00.0234 3816 nv - ok
11:42:00.0500 3816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:42:00.0500 3816 NwlnkFlt - ok
11:42:00.0703 3816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:42:00.0703 3816 NwlnkFwd - ok
11:42:00.0937 3816 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:42:00.0937 3816 Parport - ok
11:42:01.0156 3816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:42:01.0156 3816 PartMgr - ok
11:42:01.0359 3816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:42:01.0359 3816 ParVdm - ok
11:42:01.0562 3816 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:42:01.0562 3816 PCI - ok
11:42:01.0750 3816 PCIDump - ok
11:42:01.0937 3816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
11:42:01.0937 3816 PCIIde - ok
11:42:02.0203 3816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:42:02.0203 3816 Pcmcia - ok
11:42:02.0375 3816 PDCOMP - ok
11:42:02.0546 3816 PDFRAME - ok
11:42:02.0734 3816 PDRELI - ok
11:42:02.0906 3816 PDRFRAME - ok
11:42:03.0109 3816 perc2 - ok
11:42:03.0296 3816 perc2hib - ok
11:42:03.0546 3816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:42:03.0546 3816 PptpMiniport - ok
11:42:03.0765 3816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:42:03.0765 3816 PSched - ok
11:42:03.0968 3816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:42:03.0968 3816 Ptilink - ok
11:42:04.0156 3816 ql1080 - ok
11:42:04.0328 3816 Ql10wnt - ok
11:42:04.0500 3816 ql12160 - ok
11:42:04.0671 3816 ql1240 - ok
11:42:04.0843 3816 ql1280 - ok
11:42:05.0062 3816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:42:05.0062 3816 RasAcd - ok
11:42:05.0281 3816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:42:05.0281 3816 Rasl2tp - ok
11:42:05.0484 3816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:42:05.0484 3816 RasPppoe - ok
11:42:05.0656 3816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:42:05.0656 3816 Raspti - ok
11:42:05.0906 3816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:42:05.0906 3816 Rdbss - ok
11:42:06.0109 3816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:42:06.0109 3816 RDPCDD - ok
11:42:06.0390 3816 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:42:06.0390 3816 rdpdr - ok
11:42:06.0625 3816 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:42:06.0625 3816 RDPWD - ok
11:42:06.0828 3816 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:42:06.0843 3816 redbook - ok
11:42:07.0109 3816 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
11:42:07.0109 3816 RimUsb - ok
11:42:07.0375 3816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:42:07.0375 3816 Secdrv - ok
11:42:07.0640 3816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
11:42:07.0656 3816 Serial - ok
11:42:07.0828 3816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:42:07.0828 3816 Sfloppy - ok
11:42:08.0062 3816 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
11:42:08.0078 3816 sfman - ok
11:42:08.0250 3816 Simbad - ok
11:42:08.0437 3816 Sparrow - ok
11:42:08.0656 3816 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
11:42:08.0656 3816 SPBBCDrv - ok
11:42:08.0843 3816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:42:08.0859 3816 splitter - ok
11:42:09.0109 3816 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:42:09.0109 3816 sr - ok
11:42:09.0375 3816 SRTSP (3cb2f35789632f0bae8a1b9edb08e965) C:\WINDOWS\system32\Drivers\SRTSP.SYS
11:42:09.0375 3816 SRTSP - ok
11:42:09.0671 3816 SRTSPL (d69f1be5fd6da685a4c0e36d58a29e85) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
11:42:09.0671 3816 SRTSPL - ok
11:42:09.0875 3816 SRTSPX (1af60c53c43e2e672bbda3ba9a947d48) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
11:42:09.0875 3816 SRTSPX - ok
11:42:10.0218 3816 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
11:42:10.0218 3816 Srv - ok
11:42:10.0453 3816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:42:10.0453 3816 swenum - ok
11:42:10.0687 3816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:42:10.0687 3816 swmidi - ok
11:42:10.0875 3816 symc810 - ok
11:42:11.0062 3816 symc8xx - ok
11:42:11.0312 3816 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
11:42:11.0312 3816 SymEvent - ok
11:42:11.0531 3816 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
11:42:11.0531 3816 SYMREDRV - ok
11:42:11.0796 3816 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
11:42:11.0796 3816 SYMTDI - ok
11:42:11.0968 3816 sym_hi - ok
11:42:12.0156 3816 sym_u3 - ok
11:42:12.0359 3816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:42:12.0359 3816 sysaudio - ok
11:42:12.0593 3816 SysPlant (6ccbb4b7e72c8ee59e0b649b4feec3d1) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
11:42:12.0593 3816 SysPlant - ok
11:42:12.0937 3816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:42:12.0937 3816 Tcpip - ok
11:42:13.0156 3816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:42:13.0156 3816 TDPIPE - ok
11:42:13.0343 3816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:42:13.0343 3816 TDTCP - ok
11:42:13.0578 3816 Teefer2 (0dc098cc18a974e7c1e96e6846bd06e4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
11:42:13.0578 3816 Teefer2 - ok
11:42:13.0781 3816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:42:13.0781 3816 TermDD - ok
11:42:13.0968 3816 TosIde - ok
11:42:14.0234 3816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:42:14.0234 3816 Udfs - ok
11:42:14.0406 3816 ultra - ok
11:42:14.0718 3816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:42:14.0734 3816 Update - ok
11:42:14.0968 3816 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:42:14.0968 3816 usbaudio - ok
11:42:15.0203 3816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:42:15.0203 3816 usbccgp - ok
11:42:15.0406 3816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:42:15.0406 3816 usbehci - ok
11:42:15.0625 3816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:42:15.0625 3816 usbhub - ok
11:42:15.0828 3816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:42:15.0828 3816 USBSTOR - ok
11:42:16.0031 3816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:42:16.0031 3816 usbuhci - ok
11:42:16.0281 3816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:42:16.0281 3816 VgaSave - ok
11:42:16.0453 3816 ViaIde - ok
11:42:16.0656 3816 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:42:16.0656 3816 VolSnap - ok
11:42:16.0875 3816 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\WINDOWS\system32\DRIVERS\vpnva.sys
11:42:16.0875 3816 vpnva - ok
11:42:17.0031 3816 vsdatant - ok
11:42:17.0281 3816 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
11:42:17.0281 3816 wacmoumonitor - ok
11:42:17.0484 3816 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
11:42:17.0484 3816 wacommousefilter - ok
11:42:17.0718 3816 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
11:42:17.0718 3816 wacomvhid - ok
11:42:17.0937 3816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:42:17.0937 3816 Wanarp - ok
11:42:18.0359 3816 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:42:18.0359 3816 Wdf01000 - ok
11:42:18.0531 3816 WDICA - ok
11:42:18.0750 3816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:42:18.0750 3816 wdmaud - ok
11:42:19.0046 3816 WPS (0cdbea86a391f11918af8576c7844a3f) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
11:42:19.0062 3816 WPS - ok
11:42:19.0312 3816 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
11:42:19.0312 3816 WpsHelper - ok
11:42:19.0515 3816 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:42:19.0515 3816 WS2IFSL - ok
11:42:19.0750 3816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:42:19.0750 3816 WudfPf - ok
11:42:19.0968 3816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:42:19.0968 3816 WudfRd - ok
11:42:20.0296 3816 yukonwxp (b927200cea49d6179c677798e9c984a1) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
11:42:20.0312 3816 yukonwxp - ok
11:42:20.0359 3816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:42:20.0703 3816 \Device\Harddisk0\DR0 - ok
11:42:20.0703 3816 Boot (0x1200) (cd9e340c54f17b9e1c46ab9831569b5d) \Device\Harddisk0\DR0\Partition0
11:42:20.0703 3816 \Device\Harddisk0\DR0\Partition0 - ok
11:42:20.0734 3816 Boot (0x1200) (6d4194698ae8553d607ec38495d2fce3) \Device\Harddisk0\DR0\Partition1
11:42:20.0765 3816 \Device\Harddisk0\DR0\Partition1 - ok
11:42:20.0765 3816 ============================================================
11:42:20.0765 3816 Scan finished
11:42:20.0765 3816 ============================================================
11:42:20.0781 0552 Detected object count: 0
11:42:20.0781 0552 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users