Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check removed - still have rootkit infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 Bill@WT

Bill@WT

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 February 2012 - 12:56 PM

I've been trying to fix this one myself for about a week now, I give up!

I am running Windows XP, SP3 on a Dell Latitude 610 laptop.
I connect to a local network at the office, and use the laptop when I travel or work remote.

So far, I followed the System Check Uninstall Guide on your site.
It took me a while to get Malwarebytes to run, but once I did, it found files and quarantined them.
I thought I had the virus removed, but I can't get my USB drivers to work again.
I've tried to re-install them from device manager, but that doesn't work.

I ran Combofix, and that showed a ZeroAccess rootkit infection, but I can't seem to get rid of it.

After digging, I've noticed that there are files in the windows/system32 folder that keep replacing themselves, even after I copy a known good version of them into the folder. For example, shell32.dll is one.
I know my registry is a mess, but I don't know how to get it fixed and/or cleaned up.

Please help!
DDS log follows...
GMER log attached

Thanks,
Bill


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.1
Run by BBAUER at 9:06:45 on 2012-02-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.198 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.129.222
TCP: Interfaces\{814FC671-ACEF-4264-88F2-604EEB258312} : DhcpNameServer = 192.168.129.222
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bbauer.vici\application data\mozilla\firefox\profiles\jxkmtdbb.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.wes-tech.com/WT/|https://www.google.com/a/wes-tech.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fwes-tech.com%2F&bsv=1eic6yu9oa4y3&ltmpl=default&ltmplcache=2#inbox
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-4-7 80384]
S1 MpKsl0e6e6af6;MpKsl0e6e6af6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{99c92936-d82b-4dd0-b08a-b801ea8fb6f2}\mpksl0e6e6af6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{99c92936-d82b-4dd0-b08a-b801ea8fb6f2}\MpKsl0e6e6af6.sys [?]
S1 MpKsl757108d0;MpKsl757108d0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a6dabb51-351c-4db6-b319-701288905085}\mpksl757108d0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a6dabb51-351c-4db6-b319-701288905085}\MpKsl757108d0.sys [?]
S1 MpKsl99a7b602;MpKsl99a7b602;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{65939d83-97cf-4b58-a169-3f5a1eb13036}\mpksl99a7b602.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{65939d83-97cf-4b58-a169-3f5a1eb13036}\MpKsl99a7b602.sys [?]
S1 MpKslb50924fc;MpKslb50924fc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{efe17173-5bd9-4a4d-b276-9338142b505e}\mpkslb50924fc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{efe17173-5bd9-4a4d-b276-9338142b505e}\MpKslb50924fc.sys [?]
S1 MpKslbd140338;MpKslbd140338;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6bee264a-b67b-4bb3-b426-bfd8ee88f4eb}\mpkslbd140338.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6bee264a-b67b-4bb3-b426-bfd8ee88f4eb}\MpKslbd140338.sys [?]
S1 MpKslbdb4c921;MpKslbdb4c921;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72bcf008-d368-49a6-84ee-22cca7c28afc}\mpkslbdb4c921.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72bcf008-d368-49a6-84ee-22cca7c28afc}\MpKslbdb4c921.sys [?]
S1 MpKsle2f0e6a8;MpKsle2f0e6a8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eb22562d-7c4c-4c5d-9cb5-0b60dbd8b80d}\mpksle2f0e6a8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eb22562d-7c4c-4c5d-9cb5-0b60dbd8b80d}\MpKsle2f0e6a8.sys [?]
S1 MpKsle516974a;MpKsle516974a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{92f6c644-f223-4629-915e-78866fe38eda}\mpksle516974a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{92f6c644-f223-4629-915e-78866fe38eda}\MpKsle516974a.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S4 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [2006-2-14 97280]
S4 gupdate1c988a14bbada3e;Google Update Service (gupdate1c988a14bbada3e);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S4 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-9-24 454656]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-07 14:31:28 11776 ----a-w- C:\23rvsger.com.exe
2012-02-07 14:16:10 9728 ----a-w- C:\123.com.exe
2012-02-03 20:59:50 -------- d-----w- c:\program files\common files\Deterministic Networks
2012-02-03 17:16:23 -------- d-----w- c:\program files\ESET
2012-02-02 23:26:22 -------- d-----w- c:\documents and settings\all users\application data\PC Drivers HeadQuarters
2012-02-02 23:12:25 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-02-02 22:33:17 18944 ----a-w- c:\windows\system32\simptcp.dll
2012-02-02 22:33:17 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2012-02-02 19:09:35 13894 ----a-w- c:\windows\system32\dllcache\zonelibm.dll
2012-02-02 19:09:35 113222 ----a-w- c:\windows\system32\dllcache\zoneclim.dll
2012-02-02 19:09:34 4677 ----a-w- c:\windows\system32\dllcache\zeeverm.dll
2012-02-02 19:09:34 41029 ----a-w- c:\windows\system32\dllcache\zcorem.dll
2012-02-02 19:09:34 29760 ----a-w- c:\windows\system32\dllcache\znetm.dll
2012-02-02 19:09:33 36937 ----a-w- c:\windows\system32\dllcache\zclientm.exe
2012-02-02 19:09:32 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-02-02 19:09:27 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-02-02 19:09:25 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-02-02 19:09:21 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-02-02 19:09:13 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-02-02 19:08:30 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2012-02-02 19:08:21 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-02-02 19:08:19 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-02-02 19:08:13 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-02-02 19:08:11 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2012-02-02 19:07:42 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-02-02 19:07:38 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-02-02 19:07:34 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-02-02 19:07:23 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2012-02-02 19:07:17 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-02-02 19:07:12 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-02-02 19:07:11 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-02-02 19:07:11 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-02-02 19:07:05 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2012-02-02 19:07:04 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2012-02-02 19:05:59 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2012-02-02 19:04:57 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2012-02-02 19:03:57 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2012-02-02 19:02:57 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2012-02-02 19:02:52 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2012-02-02 19:02:48 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2012-02-02 19:02:42 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2012-02-02 19:02:38 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2012-02-02 19:02:34 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2012-02-02 19:02:30 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2012-02-02 19:02:26 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2012-02-02 19:02:22 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2012-02-02 19:02:18 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2012-02-02 19:02:13 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2012-02-02 19:02:09 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2012-02-02 19:02:04 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2012-02-02 19:00:59 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2012-02-02 18:59:58 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2012-02-02 18:58:56 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-02-02 18:57:57 62496 ----a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-02-02 18:56:59 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2012-02-02 18:55:58 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys
2012-02-02 18:54:58 30282 ----a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2012-02-02 18:53:58 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2012-02-02 18:52:55 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2012-02-02 18:51:56 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2012-02-02 18:51:56 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2012-02-02 18:51:52 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2012-02-02 18:51:39 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2012-02-02 18:51:34 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-02-02 18:51:26 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-02 18:51:24 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2012-02-02 18:51:23 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-02-02 18:51:12 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2012-02-02 18:51:07 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2012-02-02 18:51:06 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2012-02-02 18:49:59 22848 ----a-w- c:\windows\system32\dllcache\lwusbhid.sys
2012-02-02 18:48:58 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-02-02 18:47:58 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe
2012-02-02 18:46:57 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2012-02-02 18:45:58 324608 ----a-w- c:\windows\system32\dllcache\hpojwia.dll
2012-02-02 18:44:59 322432 ----a-w- c:\windows\system32\dllcache\g400m.sys
2012-02-02 18:43:57 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-02-02 18:42:59 19996 ----a-w- c:\windows\system32\dllcache\em556n4.sys
2012-02-02 18:41:59 31305 ----a-w- c:\windows\system32\dllcache\disrvpp.dll
2012-02-02 18:40:59 3584 ----a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2012-02-02 18:39:59 223232 ----a-w- c:\windows\system32\dllcache\camdrv21.sys
2012-02-01 18:32:48 4736 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-02-01 18:32:48 4736 ----a-w- c:\windows\system32\dllcache\usbd.sys
2012-02-01 18:21:16 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-02-01 18:21:16 59520 ----a-w- c:\windows\system32\dllcache\usbhub.sys
2012-02-01 15:10:35 -------- d-----w- c:\documents and settings\all users\application data\Driver Tool
2012-01-31 23:10:09 -------- d-----w- c:\documents and settings\bbauer.vici\local settings\application data\Sun
2012-01-31 23:09:42 -------- d-----w- c:\program files\Oracle
2012-01-31 23:09:20 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-31 23:09:20 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-31 18:20:19 -------- d-----w- C:\HJT
2012-01-31 16:03:34 -------- d-----w- c:\documents and settings\bbauer.vici\local settings\application data\Apple
2012-01-31 14:08:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-30 21:33:54 -------- d-----w- c:\windows\system32\NtmsData
2012-01-30 18:44:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-30 18:44:22 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-30 16:12:21 -------- d-----w- C:\ComboFix(2)
2012-01-29 19:23:37 -------- d-----w- c:\program files\common files\Java(2)
2012-01-29 19:23:05 476904 ----a-w- c:\program files\mozilla firefox\plugins\REN3D.tmp
2012-01-29 02:38:37 256000 ----a-w- c:\windows\PEV.exe
2012-01-29 02:38:37 208896 ----a-w- c:\windows\MBR.exe
2012-01-29 02:19:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-29 01:48:47 114688 ----a-w- c:\windows\Fport.exe
2012-01-29 00:46:31 -------- d-----w- c:\documents and settings\bbauer.vici\local settings\application data\Skyhook Wireless
2012-01-28 20:35:54 215920 ----a-w- c:\windows\system32\muweb.dll
2012-01-28 17:06:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-28 15:12:01 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2012-01-28 15:12:01 60800 ----a-w- c:\windows\system32\drivers\sysaudio.old.sys
2012-01-28 15:12:01 60800 ----a-w- c:\windows\system32\dllcache\sysaudio.sys
2012-01-28 07:02:48 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2012-01-28 07:02:48 56576 ----a-w- c:\windows\system32\dllcache\swmidi.sys
2012-01-27 22:42:40 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5bf7d830-07ca-46c1-b0a5-db7ab8f7a7d6}\mpengine.dll
2012-01-27 21:36:53 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2012-01-27 21:36:53 68224 ----a-w- c:\windows\system32\dllcache\pci.sys
2012-01-27 18:35:05 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2012-01-27 18:35:05 52864 ----a-w- c:\windows\system32\dllcache\dmusic.sys
2012-01-26 21:42:45 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-01-26 21:42:45 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys
2012-01-26 20:32:05 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-26 20:32:05 52480 ----a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-01-26 18:44:04 -------- d-sha-r- C:\cmdcons
2012-01-26 18:35:26 98816 ----a-w- c:\windows\sed.exe
2012-01-26 18:35:26 518144 ----a-w- c:\windows\SWREG.exe
2012-01-13 01:26:18 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-13 01:26:18 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-13 01:26:18 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-13 01:26:17 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
.
==================== Find3M ====================
.
2012-01-31 23:08:57 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-04 09:26:22 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 13:50:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 9:07:00.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 AM

Posted 08 February 2012 - 11:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 Bill@WT

Bill@WT
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 08 February 2012 - 04:41 PM

Nasdaq-

Thank you for your reply.

One item I discovered last night, working from home was that my wireless network could not connect to my home network. At the office, I use a docking station with a cable connection to the internal NIC. Something else to fix....

I ran the TDSSKiller program, and found nothing. See log pasted in this reply.
Then I ran the aswMBR scan. That log is pasted in the replay and the MBR.dat zip file is attached.

Bill

11:01:14.0701 3236 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
11:01:15.0232 3236 ============================================================
11:01:15.0232 3236 Current date / time: 2012/02/08 11:01:15.0232
11:01:15.0232 3236 SystemInfo:
11:01:15.0232 3236
11:01:15.0232 3236 OS Version: 5.1.2600 ServicePack: 3.0
11:01:15.0232 3236 Product type: Workstation
11:01:15.0232 3236 ComputerName: DD30G771
11:01:15.0232 3236 UserName: BBAUER
11:01:15.0232 3236 Windows directory: C:\WINDOWS
11:01:15.0232 3236 System windows directory: C:\WINDOWS
11:01:15.0232 3236 Processor architecture: Intel x86
11:01:15.0232 3236 Number of processors: 1
11:01:15.0232 3236 Page size: 0x1000
11:01:15.0232 3236 Boot type: Normal boot
11:01:15.0232 3236 ============================================================
11:01:18.0638 3236 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:01:18.0654 3236 \Device\Harddisk0\DR0:
11:01:18.0654 3236 MBR used
11:01:18.0654 3236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x4A5DF76
11:01:18.0716 3236 Initialize success
11:01:18.0716 3236 ============================================================
11:01:31.0982 3300 ============================================================
11:01:31.0982 3300 Scan started
11:01:31.0982 3300 Mode: Manual;
11:01:31.0982 3300 ============================================================
11:01:32.0529 3300 Abiosdsk - ok
11:01:32.0920 3300 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:01:32.0935 3300 abp480n5 - ok
11:01:33.0373 3300 ACGPRS (d71b0548dda09625f0bf19abde4fe35e) C:\WINDOWS\system32\DRIVERS\acgprs.sys
11:01:33.0420 3300 ACGPRS - ok
11:01:33.0888 3300 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:01:33.0966 3300 ACPI - ok
11:01:34.0357 3300 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:01:34.0373 3300 ACPIEC - ok
11:01:34.0810 3300 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:01:34.0873 3300 adpu160m - ok
11:01:35.0263 3300 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:01:35.0326 3300 aec - ok
11:01:35.0732 3300 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:01:35.0795 3300 AFD - ok
11:01:36.0263 3300 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:01:36.0279 3300 agp440 - ok
11:01:36.0685 3300 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:01:36.0701 3300 agpCPQ - ok
11:01:37.0123 3300 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:01:37.0123 3300 Aha154x - ok
11:01:37.0498 3300 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:01:37.0529 3300 aic78u2 - ok
11:01:37.0888 3300 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:01:37.0920 3300 aic78xx - ok
11:01:38.0341 3300 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:01:38.0357 3300 AliIde - ok
11:01:38.0763 3300 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:01:38.0779 3300 alim1541 - ok
11:01:39.0170 3300 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:01:39.0185 3300 amdagp - ok
11:01:39.0560 3300 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:01:39.0591 3300 amsint - ok
11:01:39.0998 3300 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
11:01:40.0045 3300 ApfiltrService - ok
11:01:40.0138 3300 Appdrv - ok
11:01:40.0513 3300 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:01:40.0513 3300 asc - ok
11:01:40.0920 3300 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:01:40.0935 3300 asc3350p - ok
11:01:41.0326 3300 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:01:41.0326 3300 asc3550 - ok
11:01:41.0716 3300 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:01:41.0716 3300 AsyncMac - ok
11:01:42.0170 3300 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:01:42.0170 3300 atapi - ok
11:01:42.0498 3300 Atdisk - ok
11:01:43.0216 3300 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:01:43.0545 3300 ati2mtag - ok
11:01:43.0904 3300 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:01:43.0935 3300 Atmarpc - ok
11:01:44.0341 3300 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:01:44.0341 3300 audstub - ok
11:01:44.0826 3300 b57w2k (741dfbf3a4dc41a400dbc71199564853) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:01:44.0920 3300 b57w2k - ok
11:01:45.0576 3300 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
11:01:45.0857 3300 BCM43XX - ok
11:01:46.0201 3300 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:01:46.0216 3300 Beep - ok
11:01:46.0373 3300 catchme - ok
11:01:46.0716 3300 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:01:46.0716 3300 cbidf - ok
11:01:47.0091 3300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:01:47.0091 3300 cbidf2k - ok
11:01:47.0435 3300 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:01:47.0451 3300 CCDECODE - ok
11:01:47.0826 3300 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:01:47.0826 3300 cd20xrnt - ok
11:01:48.0232 3300 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:01:48.0232 3300 Cdaudio - ok
11:01:48.0654 3300 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:01:48.0685 3300 Cdfs - ok
11:01:49.0091 3300 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:01:49.0123 3300 Cdrom - ok
11:01:49.0466 3300 Changer - ok
11:01:49.0826 3300 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:01:49.0826 3300 CmBatt - ok
11:01:50.0232 3300 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:01:50.0232 3300 CmdIde - ok
11:01:50.0576 3300 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:01:50.0591 3300 Compbatt - ok
11:01:50.0966 3300 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:01:50.0982 3300 Cpqarray - ok
11:01:51.0388 3300 CVirtA (72f820e457bc8a1c61aeb86df89dd41a) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
11:01:51.0388 3300 CVirtA - ok
11:01:51.0920 3300 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:01:51.0998 3300 dac2w2k - ok
11:01:52.0373 3300 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:01:52.0388 3300 dac960nt - ok
11:01:52.0732 3300 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:01:52.0748 3300 Disk - ok
11:01:53.0466 3300 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:01:53.0826 3300 dmboot - ok
11:01:54.0248 3300 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:01:54.0310 3300 dmio - ok
11:01:54.0716 3300 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:01:54.0716 3300 dmload - ok
11:01:55.0138 3300 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:01:55.0170 3300 DMusic - ok
11:01:55.0638 3300 DNE (aa20a40bf05802b33d5979b9f99c1ef0) C:\WINDOWS\system32\DRIVERS\dne2000.sys
11:01:55.0701 3300 DNE - ok
11:01:56.0091 3300 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:01:56.0107 3300 dpti2o - ok
11:01:56.0420 3300 drmkaud - ok
11:01:56.0810 3300 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:01:56.0857 3300 E100B - ok
11:01:57.0341 3300 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:01:57.0404 3300 Fastfat - ok
11:01:57.0748 3300 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:01:57.0763 3300 Fdc - ok
11:01:58.0107 3300 FilterService - ok
11:01:58.0529 3300 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:01:58.0545 3300 Fips - ok
11:01:58.0920 3300 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:01:58.0935 3300 Flpydisk - ok
11:01:59.0326 3300 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:01:59.0388 3300 FltMgr - ok
11:01:59.0748 3300 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:01:59.0748 3300 Fs_Rec - ok
11:02:00.0170 3300 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:02:00.0232 3300 Ftdisk - ok
11:02:00.0591 3300 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:02:00.0607 3300 Gpc - ok
11:02:01.0045 3300 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
11:02:01.0076 3300 GTIPCI21 - ok
11:02:01.0482 3300 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:02:01.0482 3300 HidUsb - ok
11:02:01.0841 3300 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:02:01.0857 3300 hpn - ok
11:02:02.0295 3300 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:02:02.0326 3300 HPZid412 - ok
11:02:02.0685 3300 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:02:02.0685 3300 HPZipr12 - ok
11:02:03.0107 3300 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:02:03.0123 3300 HPZius12 - ok
11:02:03.0607 3300 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:02:03.0732 3300 HTTP - ok
11:02:04.0154 3300 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:02:04.0154 3300 i2omgmt - ok
11:02:04.0529 3300 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:02:04.0545 3300 i2omp - ok
11:02:04.0982 3300 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:02:05.0013 3300 i8042prt - ok
11:02:05.0388 3300 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:02:05.0404 3300 Imapi - ok
11:02:05.0779 3300 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:02:05.0795 3300 ini910u - ok
11:02:06.0170 3300 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:02:06.0170 3300 IntelIde - ok
11:02:06.0576 3300 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:02:06.0591 3300 intelppm - ok
11:02:06.0935 3300 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:02:06.0966 3300 Ip6Fw - ok
11:02:07.0341 3300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:02:07.0357 3300 IpFilterDriver - ok
11:02:07.0716 3300 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:02:07.0732 3300 IpInIp - ok
11:02:08.0154 3300 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:02:08.0232 3300 IpNat - ok
11:02:08.0654 3300 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:02:08.0685 3300 IPSec - ok
11:02:09.0091 3300 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:02:09.0107 3300 IRENUM - ok
11:02:09.0513 3300 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:02:09.0529 3300 isapnp - ok
11:02:09.0920 3300 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:02:09.0920 3300 Kbdclass - ok
11:02:10.0279 3300 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:02:10.0295 3300 kbdhid - ok
11:02:10.0701 3300 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:02:10.0779 3300 kmixer - ok
11:02:11.0232 3300 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:02:11.0279 3300 KSecDD - ok
11:02:11.0623 3300 lbrtfdc - ok
11:02:12.0060 3300 Lvckap - ok
11:02:12.0404 3300 lvpopflt - ok
11:02:12.0748 3300 LxrJD31d - ok
11:02:13.0138 3300 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
11:02:13.0170 3300 mf - ok
11:02:13.0529 3300 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:02:13.0529 3300 mnmdd - ok
11:02:13.0966 3300 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:02:13.0982 3300 Modem - ok
11:02:14.0404 3300 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:02:14.0404 3300 Mouclass - ok
11:02:14.0810 3300 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:02:14.0826 3300 mouhid - ok
11:02:15.0232 3300 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:02:15.0248 3300 MountMgr - ok
11:02:15.0748 3300 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:02:15.0826 3300 MpFilter - ok
11:02:15.0951 3300 MpKsl0e6e6af6 - ok
11:02:15.0982 3300 MpKsl757108d0 - ok
11:02:16.0013 3300 MpKsl99a7b602 - ok
11:02:16.0045 3300 MpKslb50924fc - ok
11:02:16.0076 3300 MpKslbd140338 - ok
11:02:16.0107 3300 MpKslbdb4c921 - ok
11:02:16.0138 3300 MpKsle2f0e6a8 - ok
11:02:16.0170 3300 MpKsle516974a - ok
11:02:16.0560 3300 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:02:16.0576 3300 mraid35x - ok
11:02:17.0060 3300 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:02:17.0138 3300 MRxDAV - ok
11:02:17.0716 3300 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:02:17.0920 3300 MRxSmb - ok
11:02:18.0341 3300 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:02:18.0341 3300 Msfs - ok
11:02:18.0716 3300 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:02:18.0732 3300 MSKSSRV - ok
11:02:19.0091 3300 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:02:19.0091 3300 MSPCLOCK - ok
11:02:19.0482 3300 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:02:19.0498 3300 MSPQM - ok
11:02:19.0841 3300 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:02:19.0857 3300 mssmbios - ok
11:02:20.0248 3300 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:02:20.0248 3300 MSTEE - ok
11:02:20.0685 3300 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:02:20.0732 3300 Mup - ok
11:02:21.0154 3300 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:02:21.0185 3300 NABTSFEC - ok
11:02:21.0654 3300 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:02:21.0732 3300 NDIS - ok
11:02:22.0123 3300 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:02:22.0123 3300 NdisIP - ok
11:02:22.0513 3300 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:02:22.0513 3300 NdisTapi - ok
11:02:22.0857 3300 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:02:22.0873 3300 Ndisuio - ok
11:02:23.0295 3300 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:02:23.0341 3300 NdisWan - ok
11:02:23.0763 3300 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:02:23.0795 3300 NDProxy - ok
11:02:24.0201 3300 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:02:24.0216 3300 NetBIOS - ok
11:02:24.0638 3300 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:02:24.0716 3300 NetBT - ok
11:02:25.0091 3300 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:02:25.0107 3300 Npfs - ok
11:02:25.0732 3300 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:02:25.0998 3300 Ntfs - ok
11:02:26.0404 3300 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:02:26.0404 3300 Null - ok
11:02:27.0560 3300 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:02:28.0420 3300 nv - ok
11:02:28.0763 3300 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:02:28.0779 3300 NwlnkFlt - ok
11:02:29.0138 3300 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:02:29.0154 3300 NwlnkFwd - ok
11:02:29.0591 3300 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:02:29.0623 3300 Parport - ok
11:02:30.0013 3300 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:02:30.0029 3300 PartMgr - ok
11:02:30.0388 3300 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:02:30.0388 3300 ParVdm - ok
11:02:30.0716 3300 PCASp50 - ok
11:02:31.0107 3300 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:02:31.0138 3300 PCI - ok
11:02:31.0513 3300 PCIDump - ok
11:02:31.0904 3300 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:02:31.0904 3300 PCIIde - ok
11:02:32.0341 3300 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:02:32.0388 3300 Pcmcia - ok
11:02:32.0685 3300 PCTINDIS5 - ok
11:02:33.0107 3300 PDCOMP - ok
11:02:33.0466 3300 PDFRAME - ok
11:02:33.0826 3300 PDRELI - ok
11:02:34.0170 3300 PDRFRAME - ok
11:02:34.0529 3300 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:02:34.0545 3300 perc2 - ok
11:02:34.0888 3300 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:02:34.0888 3300 perc2hib - ok
11:02:35.0310 3300 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:02:35.0341 3300 PptpMiniport - ok
11:02:35.0701 3300 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:02:35.0732 3300 PSched - ok
11:02:36.0185 3300 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:02:36.0185 3300 Ptilink - ok
11:02:36.0576 3300 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:02:36.0591 3300 ql1080 - ok
11:02:36.0982 3300 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:02:36.0998 3300 Ql10wnt - ok
11:02:37.0388 3300 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:02:37.0404 3300 ql12160 - ok
11:02:37.0763 3300 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:02:37.0795 3300 ql1240 - ok
11:02:38.0170 3300 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:02:38.0185 3300 ql1280 - ok
11:02:38.0591 3300 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:02:38.0591 3300 RasAcd - ok
11:02:39.0029 3300 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:02:39.0045 3300 Rasl2tp - ok
11:02:39.0451 3300 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:02:39.0466 3300 RasPppoe - ok
11:02:39.0873 3300 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:02:39.0873 3300 Raspti - ok
11:02:40.0357 3300 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:02:40.0435 3300 Rdbss - ok
11:02:40.0841 3300 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:02:40.0841 3300 RDPCDD - ok
11:02:41.0279 3300 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:02:41.0357 3300 rdpdr - ok
11:02:41.0795 3300 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:02:41.0857 3300 RDPWD - ok
11:02:42.0232 3300 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:02:42.0263 3300 redbook - ok
11:02:42.0654 3300 RimSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
11:02:42.0701 3300 RimSerPort - ok
11:02:43.0138 3300 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
11:02:43.0170 3300 RimUsb - ok
11:02:43.0545 3300 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
11:02:43.0545 3300 RimVSerPort - ok
11:02:43.0888 3300 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
11:02:43.0888 3300 ROOTMODEM - ok
11:02:43.0966 3300 SABKUTIL - ok
11:02:44.0341 3300 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:02:44.0357 3300 Secdrv - ok
11:02:44.0701 3300 Ser2pl - ok
11:02:45.0060 3300 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:02:45.0076 3300 serenum - ok
11:02:45.0482 3300 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:02:45.0513 3300 Serial - ok
11:02:45.0873 3300 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
11:02:45.0888 3300 sermouse - ok
11:02:46.0263 3300 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:02:46.0279 3300 Sfloppy - ok
11:02:46.0623 3300 Simbad - ok
11:02:46.0982 3300 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:02:47.0013 3300 sisagp - ok
11:02:47.0388 3300 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:02:47.0404 3300 SLIP - ok
11:02:47.0795 3300 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:02:47.0795 3300 Sparrow - ok
11:02:48.0154 3300 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:02:48.0154 3300 splitter - ok
11:02:48.0591 3300 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:02:48.0623 3300 sr - ok
11:02:49.0170 3300 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:02:49.0341 3300 Srv - ok
11:02:49.0810 3300 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
11:02:49.0951 3300 STAC97 - ok
11:02:50.0341 3300 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:02:50.0357 3300 streamip - ok
11:02:50.0716 3300 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:02:50.0716 3300 swenum - ok
11:02:51.0123 3300 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:02:51.0154 3300 swmidi - ok
11:02:51.0513 3300 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:02:51.0513 3300 symc810 - ok
11:02:51.0873 3300 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:02:51.0888 3300 symc8xx - ok
11:02:52.0248 3300 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:02:52.0263 3300 sym_hi - ok
11:02:52.0638 3300 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:02:52.0654 3300 sym_u3 - ok
11:02:53.0091 3300 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:02:53.0123 3300 sysaudio - ok
11:02:53.0685 3300 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:02:53.0904 3300 Tcpip - ok
11:02:54.0310 3300 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:02:54.0326 3300 TDPIPE - ok
11:02:54.0748 3300 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:02:54.0748 3300 TDTCP - ok
11:02:55.0123 3300 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:02:55.0138 3300 TermDD - ok
11:02:55.0498 3300 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:02:55.0498 3300 TosIde - ok
11:02:55.0873 3300 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
11:02:55.0873 3300 tunmp - ok
11:02:56.0263 3300 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:02:56.0295 3300 Udfs - ok
11:02:56.0670 3300 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:02:56.0685 3300 ultra - ok
11:02:57.0263 3300 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:02:57.0435 3300 Update - ok
11:02:57.0857 3300 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:02:57.0888 3300 usbaudio - ok
11:02:58.0295 3300 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:02:58.0310 3300 usbccgp - ok
11:02:58.0670 3300 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:02:58.0685 3300 usbehci - ok
11:02:59.0123 3300 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:02:59.0154 3300 usbhub - ok
11:02:59.0498 3300 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:02:59.0513 3300 usbprint - ok
11:02:59.0920 3300 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:02:59.0920 3300 usbscan - ok
11:03:00.0310 3300 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:03:00.0326 3300 USBSTOR - ok
11:03:00.0701 3300 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:03:00.0716 3300 usbuhci - ok
11:03:01.0060 3300 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:03:01.0060 3300 VgaSave - ok
11:03:01.0466 3300 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:03:01.0482 3300 viaagp - ok
11:03:01.0841 3300 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:03:01.0841 3300 ViaIde - ok
11:03:02.0263 3300 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:03:02.0279 3300 VolSnap - ok
11:03:02.0670 3300 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:03:02.0685 3300 Wanarp - ok
11:03:03.0248 3300 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:03:03.0451 3300 Wdf01000 - ok
11:03:03.0810 3300 WDICA - ok
11:03:04.0216 3300 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:03:04.0248 3300 wdmaud - ok
11:03:04.0654 3300 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:03:04.0654 3300 WS2IFSL - ok
11:03:05.0013 3300 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:03:05.0029 3300 WSTCODEC - ok
11:03:05.0451 3300 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:03:05.0482 3300 WudfPf - ok
11:03:05.0545 3300 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:03:05.0920 3300 \Device\Harddisk0\DR0 - ok
11:03:05.0935 3300 Boot (0x1200) (ed559889c19882ed43dace1f0bd9475f) \Device\Harddisk0\DR0\Partition0
11:03:05.0935 3300 \Device\Harddisk0\DR0\Partition0 - ok
11:03:05.0935 3300 ============================================================
11:03:05.0935 3300 Scan finished
11:03:05.0935 3300 ============================================================
11:03:05.0951 3316 Detected object count: 0
11:03:05.0951 3316 Actual detected object count: 0

aswMBR--------------------

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-08 11:09:11
-----------------------------
11:09:11.045 OS Version: Windows 5.1.2600 Service Pack 3
11:09:11.045 Number of processors: 1 586 0xD08
11:09:11.045 ComputerName: DD30G771 UserName: BBAUER
11:09:12.920 Initialize success
11:17:46.123 AVAST engine defs: 12020800
11:18:22.013 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:18:22.013 Disk 0 Vendor: FUJITSU_MHV2040AH 00000096 Size: 38154MB BusType: 3
11:18:22.029 Disk 0 MBR read successfully
11:18:22.029 Disk 0 MBR scan
11:18:22.216 Disk 0 Windows XP default MBR code
11:18:22.216 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 62 MB offset 63
11:18:22.232 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38075 MB offset 128520
11:18:22.263 Disk 0 scanning sectors +78108030
11:18:22.404 Disk 0 scanning C:\WINDOWS\system32\drivers
11:18:55.466 Service scanning
11:19:03.560 Modules scanning
11:19:19.513 Disk 0 trace - called modules:
11:19:19.529 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
11:19:19.529 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83569ab8]
11:19:19.529 3 CLASSPNP.SYS[f8664fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83534d98]
11:19:21.623 AVAST engine scan C:\
14:18:28.513 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\BBAUER.VICI\Desktop\MBR.dat"
14:18:28.670 The log file has been saved successfully to "C:\Documents and Settings\BBAUER.VICI\Desktop\aswMBR-2-7.txt"
15:24:34.966 Scan finished successfully
15:32:37.857 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\BBAUER.VICI\Desktop\MBR.dat"
15:32:37.857 The log file has been saved successfully to "C:\Documents and Settings\BBAUER.VICI\Desktop\aswMBR_2-8.txt"

Attached Files

  • Attached File  MBR.zip   513bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 AM

Posted 09 February 2012 - 09:50 AM

Please run the ComboFix tool. If prompted to update please do so.

Post the log for my review.
===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#5 Bill@WT

Bill@WT
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 09 February 2012 - 10:49 AM

ComboFix ran without rebooting, here is the log:

ComboFix 12-02-06.02 - BBAUER 02/09/2012 9:17.16.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.239 [GMT -6:00]
Running from: c:\documents and settings\BBAUER.VICI\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-07 14:31 . 2008-04-14 00:12 11776 ----a-w- C:\23rvsger.com.exe
2012-02-07 14:16 . 2004-08-04 10:00 9728 ----a-w- C:\123.com.exe
2012-02-03 20:59 . 2012-02-03 20:59 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2012-02-03 17:16 . 2012-02-03 17:16 -------- d-----w- c:\program files\ESET
2012-02-02 23:26 . 2012-02-02 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2012-02-02 23:12 . 2012-02-02 23:12 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-02-02 22:33 . 2004-08-04 10:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2012-02-02 19:01 . 2001-08-18 04:36 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2012-02-02 19:01 . 2001-08-18 04:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2012-02-02 18:59 . 2001-08-18 04:36 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-02-02 18:58 . 2001-08-18 04:36 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2012-02-02 18:56 . 2001-08-18 04:36 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2012-02-02 18:53 . 2001-08-18 04:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-02-02 18:51 . 2004-08-04 10:00 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2012-02-02 18:51 . 2001-08-17 19:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2012-02-02 18:51 . 2001-08-17 18:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2012-02-02 18:51 . 2008-04-13 19:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2012-02-02 18:51 . 2001-08-17 19:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-02-02 18:51 . 2001-08-17 20:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-02 18:51 . 2008-04-13 19:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2012-02-02 18:51 . 2004-08-04 10:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-02-02 18:51 . 2001-08-17 20:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2012-02-02 18:51 . 2001-08-17 19:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2012-02-02 18:51 . 2008-04-13 19:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2012-02-02 18:49 . 2001-08-17 18:49 22848 ----a-w- c:\windows\system32\dllcache\lwusbhid.sys
2012-02-02 18:48 . 2001-08-18 04:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-02-02 18:47 . 2004-08-04 10:00 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe
2012-02-02 18:46 . 2001-08-17 20:56 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2012-02-02 18:45 . 2001-08-18 04:36 324608 ----a-w- c:\windows\system32\dllcache\hpojwia.dll
2012-02-02 18:44 . 2001-08-17 18:49 322432 ----a-w- c:\windows\system32\dllcache\g400m.sys
2012-02-02 18:43 . 2001-08-17 19:52 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-02-02 18:42 . 2001-08-17 18:10 19996 ----a-w- c:\windows\system32\dllcache\em556n4.sys
2012-02-02 18:41 . 2001-08-18 04:36 31305 ----a-w- c:\windows\system32\dllcache\disrvpp.dll
2012-02-02 18:40 . 2001-08-17 18:19 3584 ----a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2012-02-02 18:39 . 2001-08-17 20:04 171264 ----a-w- c:\windows\system32\dllcache\camdrv30.sys
2012-02-01 18:32 . 2001-08-17 20:03 4736 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-02-01 18:21 . 2012-02-01 18:16 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-02-01 15:10 . 2012-02-01 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Tool
2012-01-31 23:10 . 2012-01-31 23:10 -------- d-----w- c:\program files\Common Files\Java
2012-01-31 23:10 . 2012-01-31 23:10 -------- d-----w- c:\documents and settings\BBAUER.VICI\Local Settings\Application Data\Sun
2012-01-31 23:09 . 2012-01-31 23:09 -------- d-----w- c:\program files\Oracle
2012-01-31 23:09 . 2012-01-31 23:09 -------- d-----w- c:\documents and settings\BBAUER.VICI\Application Data\Oracle
2012-01-31 23:09 . 2011-11-09 01:56 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-31 23:09 . 2011-11-09 01:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-31 18:20 . 2012-02-01 18:40 -------- d-----w- C:\HJT
2012-01-31 16:03 . 2012-01-31 16:03 -------- d-----w- c:\documents and settings\BBAUER.VICI\Local Settings\Application Data\Apple
2012-01-31 14:08 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-31 02:23 . 2012-01-31 02:23 -------- d-----w- c:\program files\Intel
2012-01-30 21:33 . 2012-02-07 14:08 -------- d-----w- c:\windows\system32\NtmsData
2012-01-30 18:44 . 2012-01-30 18:44 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-29 19:23 . 2012-01-29 19:22 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\REN3D.tmp
2012-01-29 02:19 . 2012-01-29 02:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-29 01:48 . 2001-05-04 19:58 114688 ----a-w- c:\windows\Fport.exe
2012-01-29 00:46 . 2012-01-29 00:46 -------- d-----w- c:\documents and settings\BBAUER.VICI\Local Settings\Application Data\Skyhook Wireless
2012-01-28 20:35 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-01-28 17:06 . 2012-01-31 14:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-28 15:12 . 2008-04-13 20:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2012-01-28 15:12 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.old.sys
2012-01-28 07:02 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2012-01-27 22:42 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BF7D830-07CA-46C1-B0A5-DB7AB8F7A7D6}\mpengine.dll
2012-01-27 21:36 . 2008-04-13 18:36 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2012-01-27 18:35 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2012-01-27 18:35 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\dllcache\dmusic.sys
2012-01-26 21:42 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-01-26 21:42 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys
2012-01-26 20:32 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-26 20:32 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-01-13 01:26 . 2012-01-13 01:26 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-13 01:26 . 2012-01-13 01:26 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-13 01:26 . 2012-01-13 01:26 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-13 01:26 . 2012-01-13 01:26 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-11 17:55 . 2012-01-11 17:55 -------- d-----w- c:\documents and settings\BBAUER.VICI\Application Data\Leadertech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 23:08 . 2011-02-03 15:04 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-06 04:19 . 2010-12-02 04:42 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2009-10-05 15:02 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 21:57 . 2004-08-11 22:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-11 22:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 13:50 . 2011-06-01 13:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 12:35 . 2004-08-11 22:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-11 22:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-11 22:00 152064 ----a-w- c:\windows\system32\schannel.dll
2012-01-13 01:26 . 2011-04-04 19:49 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-03_17.04.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-09 13:53 . 2012-02-09 13:53 16384 c:\windows\temp\Perflib_Perfdata_184.dat
- 2004-08-11 22:00 . 2012-02-02 22:33 69868 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2012-02-03 21:05 69868 c:\windows\system32\perfc009.dat
+ 2004-08-12 14:01 . 2004-08-12 14:01 90624 c:\windows\system32\mydocs.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 90624 c:\windows\system32\mydocs.dll
- 2012-01-28 15:12 . 2008-04-13 19:15 60800 c:\windows\system32\dllcache\sysaudio.sys
+ 2012-01-28 15:12 . 2008-04-13 20:15 60800 c:\windows\system32\dllcache\sysaudio.sys
+ 2004-08-12 14:01 . 2004-08-12 14:01 90624 c:\windows\system32\dllcache\mydocs.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 90624 c:\windows\system32\dllcache\mydocs.dll
+ 2012-02-08 14:10 . 2012-02-09 14:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-04-12 16:27 . 2012-01-12 19:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-04-12 16:27 . 2012-02-09 14:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-02-08 14:10 . 2012-02-09 14:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-11 22:00 . 2012-02-02 22:33 454460 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2012-02-03 21:05 454460 c:\windows\system32\perfh009.dat
+ 2011-08-04 06:10 . 2011-08-04 06:10 133592 c:\windows\system32\drivers\dne2000.sys
+ 2011-08-04 06:10 . 2011-08-04 06:10 108120 c:\windows\system32\dneinobj.dll
- 2004-08-11 22:00 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
+ 2012-02-07 05:02 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
+ 2004-08-11 22:00 . 2011-01-21 14:42 8463360 c:\windows\system32\dllcache\shell32.dll
+ 2012-02-03 21:04 . 2012-02-03 21:04 1398272 c:\windows\Installer\5c2cd.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-04 344064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^BBAUER^Start Menu^Programs^Startup^Shortcut to AcroTray.lnk]
path=c:\documents and settings\BBAUER\Start Menu\Programs\Startup\Shortcut to AcroTray.lnk
backup=c:\windows\pss\Shortcut to AcroTray.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunPUTasktray]
c:\program files\Hewlett-Packard\HP Printer Utility\HPPU.exe --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2004-11-10 16:54 598016 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 13:04 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 17:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-08-09 11:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 20:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF4 Registry Controller]
2006-08-23 00:09 40960 ----a-w- c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 18:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-19 19:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2001-09-24 12:59 73728 ----a-w- c:\program files\NavNT\vptray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/11/2004 4:00 PM 14336]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [4/7/2005 1:59 AM 80384]
S1 MpKsl0e6e6af6;MpKsl0e6e6af6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99C92936-D82B-4DD0-B08A-B801EA8FB6F2}\MpKsl0e6e6af6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99C92936-D82B-4DD0-B08A-B801EA8FB6F2}\MpKsl0e6e6af6.sys [?]
S1 MpKsl757108d0;MpKsl757108d0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6DABB51-351C-4DB6-B319-701288905085}\MpKsl757108d0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6DABB51-351C-4DB6-B319-701288905085}\MpKsl757108d0.sys [?]
S1 MpKsl99a7b602;MpKsl99a7b602;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65939D83-97CF-4B58-A169-3F5A1EB13036}\MpKsl99a7b602.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65939D83-97CF-4B58-A169-3F5A1EB13036}\MpKsl99a7b602.sys [?]
S1 MpKslb50924fc;MpKslb50924fc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE17173-5BD9-4A4D-B276-9338142B505E}\MpKslb50924fc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE17173-5BD9-4A4D-B276-9338142B505E}\MpKslb50924fc.sys [?]
S1 MpKslbd140338;MpKslbd140338;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BEE264A-B67B-4BB3-B426-BFD8EE88F4EB}\MpKslbd140338.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BEE264A-B67B-4BB3-B426-BFD8EE88F4EB}\MpKslbd140338.sys [?]
S1 MpKslbdb4c921;MpKslbdb4c921;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72BCF008-D368-49A6-84EE-22CCA7C28AFC}\MpKslbdb4c921.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72BCF008-D368-49A6-84EE-22CCA7C28AFC}\MpKslbdb4c921.sys [?]
S1 MpKsle2f0e6a8;MpKsle2f0e6a8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB22562D-7C4C-4C5D-9CB5-0B60DBD8B80D}\MpKsle2f0e6a8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB22562D-7C4C-4C5D-9CB5-0B60DBD8B80D}\MpKsle2f0e6a8.sys [?]
S1 MpKsle516974a;MpKsle516974a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92F6C644-F223-4629-915E-78866FE38EDA}\MpKsle516974a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92F6C644-F223-4629-915E-78866FE38EDA}\MpKsle516974a.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S4 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [2/14/2006 2:07 PM 97280]
S4 gupdate1c988a14bbada3e;Google Update Service (gupdate1c988a14bbada3e);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2009 3:24 PM 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2009 3:24 PM 133104]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.129.222
FF - ProfilePath - c:\documents and settings\BBAUER.VICI\Application Data\Mozilla\Firefox\Profiles\jxkmtdbb.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.wes-tech.com/WT/|https://www.google.com/a/wes-tech.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fwes-tech.com%2F&bsv=1eic6yu9oa4y3&ltmpl=default&ltmplcache=2#inbox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-09 09:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll
.
- - - - - - - > 'explorer.exe'(2676)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-09 09:42:51
ComboFix-quarantined-files.txt 2012-02-09 15:42
ComboFix2.txt 2012-02-07 14:58
ComboFix3.txt 2012-02-06 21:09
ComboFix4.txt 2012-02-06 14:49
ComboFix5.txt 2012-02-09 15:11
.
Pre-Run: 370,343,936 bytes free
Post-Run: 460,713,984 bytes free
.
- - End Of File - - 4F957D79CFC21E151D25120D8B8D1CD4

#6 Bill@WT

Bill@WT
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 09 February 2012 - 10:50 AM

Farbar log:

Thanks!

Farbar Service Scanner Version: 08-02-2012
Ran by BBAUER (administrator) on 09-02-2012 at 09:57:10
Running from "C:\Documents and Settings\BBAUER.VICI\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 AM

Posted 09 February 2012 - 01:44 PM

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline


Lan is connected.

Do you have any difficulties when using Google?

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists.

#8 Bill@WT

Bill@WT
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 09 February 2012 - 06:10 PM

Nasdaq-
I am travelling at the moment, using my blackberry to reply.
Sorry for the poor typing / grammer
I can't connect my laptop in the hotel.
My wired connection is not working now either.
I did discover something... When in the office, my laptop is docked.
The network coNnection works in the office when docked.
I am guessing the wireless would work there too.
I looked at the Servies screen in Computer Mgmt and saw that some services
Were enabled for the docked config, but either disabled or stopped now.
Is there a way to force it into docked mode?
The logs I posted here have all been run with the pc in dockm
I tried turning services on/off one by one, but figured I'd bettr not go off on my own.
All are set back to where they were.

Let me know what u thunk,
Thx, bill

#9 Bill@WT

Bill@WT
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 09 February 2012 - 10:16 PM

Nasdaq-

I went through my services and changed the default configuration to match the docked configuration.
I am able to access wifi again....
I'm guessing I set too many services to auto, but I needed to have internet access...

I usually only access google from a browser, either firefox or internet explorer.
I thought that I uninstalled Google Toolbar from my system, but it looks like there are still Google Update services out there.

The USB ports are still not working.
When I look at Device Manager, there is a yellow icon with exclamation point next to all of the USB Root Hub entries.
If I look at the properties, I see this message:
"Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)"

I ran the Security Check scan, and here is the log.

Let me know what to do next.

Thanks,
Bill

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
Norton AntiVirus Corporate Edition
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
JavaFX 2.0.2
Java™ 7 Update 2
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 AM

Posted 10 February 2012 - 10:48 AM

I usually only access google from a browser, either firefox or internet explorer.
I thought that I uninstalled Google Toolbar from my system, but it looks like there are still Google Update services out there.


To stop and not remove Google updates execute this.

Please run Notepad and copy the following text into a new file:

sc config gupdate1c988a14bbada3e start= disabled
sc stop gupdate1c988a14bbada3e
sc config gupdatem start= disabled
sc stop gupdatem


Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. A DOS box will open and close, that is normal.
If any errors errors encountered please post.
When done you can delete the remove.bat file.

Restart the computer normally.
===

The USB ports are still not working.
When I look at Device Manager, there is a yellow icon with exclamation point next to all of the USB Root Hub entries.
If I look at the properties, I see this message:
"Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)"

Hardware issues is not my forte.
I suggest you start a new topic in the Internal hardware forum.
http://www.bleepingcomputer.com/forums/forum7.html
===

Unless you have other issues:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#11 Bill@WT

Bill@WT
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 11 February 2012 - 07:15 PM

Nasdaq-

I ran the batch file, I didn't notice anything different.
I still think there is something that infected on my laptop.
Here is why I think that...

The boot-up sequence is still taking a long time.
It takes an unusually long time to get from the point where the desktop is visible (icons are active) to the point
where all of the icons in the lower right corner of the taskbar are loaded.
Windows seems to stall at some point during the start-up sequence, up to the point of not being able to find my office network drive mappings.
Then it finally finishes, and the hourglass goes away from the cursor when it is hovering over the taskbar.

In trying to fix the USB problem, I renamed and replaced some of the system files, like usbd.sys and usbhub.sys.
I noticed that the files in my c:\windows\system32\drivers folder did not match the ones in the SP3 cab file.
I renamed and replaced those files with ones from the SP3 cab.

Also, I noticed that the dates on the shell32.dll and usbui.dll files did not match the other files from that SP.
Those files had an 8/3/2004 date, when there were a large number of files that were dated 8/4/2004.
When I tried to replace the questionable files with known good ones, I noticed that I couldn't delete those .dll files.
Every time I try to delete or rename the file in question, it re-appears on its own.
Is that normal windows behavior, or is some kind of rogue trying to protect itself?
I think that this issue is related to the problem with the USB ports.
I do not believe it is a hardware issue, because at one point, I used GETxPUD to boot from a CD. When I did this, the USB ports worked.

Any ideas?

I'll be travelling for the next few days, so I may not be able to respond very quickly.
Please keep the topic open, I will respond.

Thanks,
Bill

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 AM

Posted 12 February 2012 - 07:56 AM

First execute the instructions on this page.
http://www.bleepingcomputer.com/forums/topic43051.html

==

If still no joy lets check these files.
shell32.dll and usbui.dll

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    shell32.dll
    usbui.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===

#13 Bill@WT

Bill@WT
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 17 February 2012 - 12:10 PM

Nasdaq-

Sorry for the delay...

I ran the sfc.exe program. It did not give me any error messages, or request the Windows install disc during the process.

Next, I ran SystemLook with the code you gave me.
I am still not able to see anything plugged into the USB ports.

Here is the log for the SystemLook scan.

SystemLook 30.07.11 by jpshortstuff
Log created at 10:59 on 17/02/2012 by BBAUER
Administrator - Elevation successful

========== filefind ==========

Searching for "shell32.dll"
C:\WINDOWS\$hf_mig$\KB2286198\SP3QFE\shell32.dll --a---- 8463360 bytes [06:28 27/07/2010] [06:28 27/07/2010] B65D8CE7C75835906CD21C974B875503
C:\WINDOWS\$hf_mig$\KB2483185\SP3QFE\shell32.dll --a---- 8463360 bytes [14:42 21/01/2011] [14:42 21/01/2011] 1026E80450E2CF36A3D69C0EA319EB95
C:\WINDOWS\$hf_mig$\KB893086\SP2QFE\shell32.dll --a---- 8451584 bytes [23:06 28/02/2005] [23:06 28/02/2005] 564A479E5FC3A1BC66E2F8082682DAC2
C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll --a---- 8452608 bytes [03:18 23/09/2005] [03:18 23/09/2005] 2B7DD09E1DE64B094409E3D43E248716
C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll --a---- 8454656 bytes [04:46 17/03/2006] [04:46 17/03/2006] 5371E3BAE6FA21C26730C19FA8819335
C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\shell32.dll --a---- 8457728 bytes [14:03 13/07/2006] [14:03 13/07/2006] BCDA9264F73B21DF325A10D99C6FB44A
C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll --a---- 8458752 bytes [21:50 19/12/2006] [21:50 19/12/2006] C21253CC2EA4001EB3D93CD98E9B35FE
C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll --a---- 8460288 bytes [14:30 14/11/2007] [03:34 26/10/2007] 3BE4C2E84D99889685FE2B68E5FA2A9D
C:\WINDOWS\$hf_mig$\KB967715\SP3QFE\shell32.dll --a---- 8461824 bytes [19:04 17/06/2008] [19:04 17/06/2008] 270CE1BFDF019A3D7527F1DA6FB1FA96
C:\WINDOWS\$hf_mig$\KB971029\SP3QFE\shell32.dll --a---- 8462848 bytes [22:13 27/07/2009] [22:13 27/07/2009] C63E32A65E44B715B84C7A90F82AA029
C:\WINDOWS\ServicePackFiles\i386\shell32.dll ------- 8461312 bytes [22:06 19/08/2008] [00:12 14/04/2008] 0CF50B1F45DAB08430C1DBB79FE2CA5B
C:\WINDOWS\system32\shell32.dll --a---- 8462336 bytes [05:02 07/02/2012] [14:44 21/01/2011] E86423AA9AA8C382AF02B94A058DC2AA
C:\WINDOWS\system32\dllcache\shell32.dll --a---- 8463360 bytes [22:00 11/08/2004] [14:42 21/01/2011] 1026E80450E2CF36A3D69C0EA319EB95

Searching for "usbui.dll"
C:\i386\usbui.dll --a---- 74240 bytes [19:11 18/04/2005] [05:56 04/08/2004] 065F545CC56DCDAFBC826CD81395BEF0
C:\WINDOWS\ServicePackFiles\i386\usbui.dll ------- 74240 bytes [22:07 19/08/2008] [00:12 14/04/2008] C2D7189CDD37453234A9BBCB58E50883
C:\WINDOWS\system32\usbui.dll --a---- 74240 bytes [22:08 11/08/2004] [01:12 14/04/2008] C2D7189CDD37453234A9BBCB58E50883
C:\WINDOWS\system32\dllcache\usbui.dll --a---- 74240 bytes [22:08 11/08/2004] [01:12 14/04/2008] C2D7189CDD37453234A9BBCB58E50883
C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\usbui.dll --a---- 74240 bytes [02:51 31/01/2012] [01:12 14/04/2008] C2D7189CDD37453234A9BBCB58E50883
C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\usbui.dll --a---- 74240 bytes [02:52 31/01/2012] [01:12 14/04/2008] C2D7189CDD37453234A9BBCB58E50883
C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\usbui.dll --a---- 74240 bytes [02:52 31/01/2012] [01:12 14/04/2008] C2D7189CDD37453234A9BBCB58E50883
C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\usbui.dll --a---- 74240 bytes [02:53 31/01/2012] [01:12 14/04/2008] C2D7189CDD37453234A9BBCB58E50883
C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\usbui.dll --a---- 74240 bytes [03:06 31/01/2012] [01:12 14/04/2008] C2D7189CDD37453234A9BBCB58E50883

-= EOF =-

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 AM

Posted 17 February 2012 - 02:08 PM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Now that ComboFix is installed.

Open notepad and copy/paste the text in the quote box below into it:

FCOPY::
C:\WINDOWS\ServicePackFiles\i386\shell32.dll | C:\WINDOWS\system32\shell32.dll


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

#15 Bill@WT

Bill@WT
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 17 February 2012 - 04:32 PM

First ComboFix log attached...

ComboFix 12-02-17.02 - BBAUER 02/17/2012 13:40:59.17.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.169 [GMT -6:00]
Running from: c:\documents and settings\BBAUER.VICI\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Copy-usbui.txt
c:\windows\system32\GroupPolicy\Machine\Registry.pol
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-10 12:55 . 2012-02-10 12:55 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\PCHealth
2012-02-07 14:31 . 2008-04-14 00:12 11776 ----a-w- C:\23rvsger.com.exe
2012-02-07 14:16 . 2004-08-04 10:00 9728 ----a-w- C:\123.com.exe
2012-02-03 20:59 . 2012-02-03 20:59 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2012-02-03 17:16 . 2012-02-03 17:16 -------- d-----w- c:\program files\ESET
2012-02-02 23:26 . 2012-02-02 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2012-02-02 23:12 . 2012-02-02 23:12 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-02-02 22:33 . 2004-08-04 10:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2012-02-02 19:01 . 2001-08-18 04:36 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2012-02-02 19:01 . 2001-08-18 04:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2012-02-02 18:59 . 2001-08-18 04:36 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-02-02 18:58 . 2001-08-18 04:36 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2012-02-02 18:56 . 2001-08-18 04:36 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2012-02-02 18:54 . 2001-08-17 20:05 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys
2012-02-02 18:54 . 2001-08-17 20:05 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2012-02-02 18:54 . 2001-08-17 20:05 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-02-02 18:54 . 2001-08-17 20:05 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2012-02-02 18:54 . 2001-08-17 19:28 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-02-02 18:52 . 2001-08-17 18:11 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2012-02-02 18:51 . 2004-08-04 10:00 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2012-02-02 18:51 . 2001-08-17 19:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2012-02-02 18:51 . 2001-08-17 18:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2012-02-02 18:51 . 2008-04-13 19:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2012-02-02 18:51 . 2001-08-17 19:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-02-02 18:51 . 2001-08-17 20:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-02 18:51 . 2008-04-13 19:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2012-02-02 18:51 . 2004-08-04 10:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-02-02 18:51 . 2001-08-17 20:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2012-02-02 18:51 . 2001-08-17 19:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2012-02-02 18:51 . 2008-04-13 19:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2012-02-02 18:49 . 2001-08-17 18:49 22848 ----a-w- c:\windows\system32\dllcache\lwusbhid.sys
2012-02-02 18:48 . 2001-08-18 04:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-02-02 18:47 . 2004-08-04 10:00 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe
2012-02-02 18:46 . 2001-08-17 20:56 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2012-02-02 18:45 . 2001-08-18 04:36 324608 ----a-w- c:\windows\system32\dllcache\hpojwia.dll
2012-02-02 18:44 . 2001-08-17 18:49 322432 ----a-w- c:\windows\system32\dllcache\g400m.sys
2012-02-02 18:43 . 2001-08-17 19:52 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-02-02 18:42 . 2001-08-17 18:10 19996 ----a-w- c:\windows\system32\dllcache\em556n4.sys
2012-02-02 18:41 . 2001-08-18 04:36 31305 ----a-w- c:\windows\system32\dllcache\disrvpp.dll
2012-02-02 18:40 . 2001-08-17 18:19 3584 ----a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2012-02-02 18:39 . 2001-08-17 20:04 171264 ----a-w- c:\windows\system32\dllcache\camdrv30.sys
2012-02-01 18:32 . 2001-08-17 20:03 4736 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-02-01 18:21 . 2012-02-01 18:16 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-02-01 15:10 . 2012-02-01 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Tool
2012-01-31 23:10 . 2012-01-31 23:10 -------- d-----w- c:\program files\Common Files\Java
2012-01-31 23:10 . 2012-01-31 23:10 -------- d-----w- c:\documents and settings\BBAUER.VICI\Local Settings\Application Data\Sun
2012-01-31 23:09 . 2012-01-31 23:09 -------- d-----w- c:\program files\Oracle
2012-01-31 23:09 . 2012-01-31 23:09 -------- d-----w- c:\documents and settings\BBAUER.VICI\Application Data\Oracle
2012-01-31 23:09 . 2011-11-09 01:56 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-31 23:09 . 2011-11-09 01:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-31 18:20 . 2012-02-01 18:40 -------- d-----w- C:\HJT
2012-01-31 16:03 . 2012-01-31 16:03 -------- d-----w- c:\documents and settings\BBAUER.VICI\Local Settings\Application Data\Apple
2012-01-31 14:08 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-31 02:23 . 2012-01-31 02:23 -------- d-----w- c:\program files\Intel
2012-01-30 21:33 . 2012-02-17 16:55 -------- d-----w- c:\windows\system32\NtmsData
2012-01-30 18:44 . 2012-01-30 18:44 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-29 19:23 . 2012-01-29 19:22 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\REN3D.tmp
2012-01-29 02:19 . 2012-01-29 02:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-29 01:48 . 2001-05-04 19:58 114688 ----a-w- c:\windows\Fport.exe
2012-01-29 00:46 . 2012-01-29 00:46 -------- d-----w- c:\documents and settings\BBAUER.VICI\Local Settings\Application Data\Skyhook Wireless
2012-01-28 20:35 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-01-28 17:06 . 2012-01-31 14:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-28 15:12 . 2008-04-13 20:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2012-01-28 15:12 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.old.sys
2012-01-28 07:02 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2012-01-27 22:42 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BF7D830-07CA-46C1-B0A5-DB7AB8F7A7D6}\mpengine.dll
2012-01-27 21:36 . 2008-04-13 18:36 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2012-01-27 18:35 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2012-01-27 18:35 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\dllcache\dmusic.sys
2012-01-26 21:42 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-01-26 21:42 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys
2012-01-26 20:32 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-26 20:32 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\dllcache\i8042prt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 03:39 . 2011-06-01 13:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 23:08 . 2011-02-03 15:04 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-06 04:19 . 2010-12-02 04:42 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2009-10-05 15:02 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 21:57 . 2004-08-11 22:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-11 22:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2012-01-13 01:26 . 2011-04-04 19:49 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-03_17.04.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-17 16:54 . 2012-02-17 16:54 16384 c:\windows\temp\Perflib_Perfdata_7b0.dat
+ 2004-08-04 05:56 . 2004-08-04 05:56 23552 c:\windows\system32\wdmaud.drv
- 2004-08-04 05:56 . 2008-04-14 01:12 23552 c:\windows\system32\wdmaud.drv
- 2004-08-11 22:00 . 2012-02-02 22:33 69868 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2012-02-03 21:05 69868 c:\windows\system32\perfc009.dat
+ 2004-08-12 14:01 . 2004-08-12 14:01 90624 c:\windows\system32\mydocs.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 90624 c:\windows\system32\mydocs.dll
+ 2004-08-04 04:08 . 2004-08-04 04:08 48640 c:\windows\system32\drivers\stream.sys
+ 2005-04-07 08:04 . 2004-08-04 04:08 60288 c:\windows\system32\drivers\drmk.sys
+ 2004-08-04 05:56 . 2004-08-04 05:56 23552 c:\windows\system32\dllcache\wdmaud.drv
- 2004-08-04 05:56 . 2008-04-14 01:12 23552 c:\windows\system32\dllcache\wdmaud.drv
+ 2012-01-28 15:12 . 2008-04-13 20:15 60800 c:\windows\system32\dllcache\sysaudio.sys
- 2012-01-28 15:12 . 2008-04-13 19:15 60800 c:\windows\system32\dllcache\sysaudio.sys
+ 2004-08-04 04:08 . 2004-08-04 04:08 48640 c:\windows\system32\dllcache\stream.sys
+ 2004-08-12 14:01 . 2004-08-12 14:01 90624 c:\windows\system32\dllcache\mydocs.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 90624 c:\windows\system32\dllcache\mydocs.dll
+ 2005-04-07 08:04 . 2004-08-04 04:08 60288 c:\windows\system32\dllcache\drmk.sys
+ 2005-04-12 16:27 . 2012-02-17 15:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-04-12 16:27 . 2012-01-12 19:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-02-10 03:51 . 2012-02-17 15:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-02-10 03:46 . 2012-02-10 03:46 22016 c:\windows\Installer\4daa30.msi
+ 2012-02-10 03:40 . 2012-02-10 03:40 24064 c:\windows\Installer\4daa2b.msi
+ 2005-04-07 08:04 . 2004-08-04 05:56 4096 c:\windows\system32\ksuser.dll
- 2005-04-07 08:04 . 2008-04-14 01:11 4096 c:\windows\system32\ksuser.dll
+ 2005-04-07 08:04 . 2004-08-04 05:56 4096 c:\windows\system32\dllcache\ksuser.dll
- 2005-04-07 08:04 . 2008-04-14 01:11 4096 c:\windows\system32\dllcache\ksuser.dll
- 2004-08-11 22:00 . 2012-02-02 22:33 454460 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2012-02-03 21:05 454460 c:\windows\system32\perfh009.dat
+ 2012-02-10 03:39 . 2012-02-10 03:39 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2012-02-10 03:39 . 2012-02-10 03:39 335520 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2005-04-07 07:59 . 2004-11-02 00:52 272568 c:\windows\system32\drivers\STAC97.sys
+ 2005-04-07 08:04 . 2004-08-04 04:15 145792 c:\windows\system32\drivers\portcls.sys
+ 2004-08-04 04:15 . 2004-08-04 04:15 140928 c:\windows\system32\drivers\ks.sys
+ 2011-08-04 06:10 . 2011-08-04 06:10 133592 c:\windows\system32\drivers\dne2000.sys
+ 2011-08-04 06:10 . 2011-08-04 06:10 108120 c:\windows\system32\dneinobj.dll
+ 2005-04-07 08:04 . 2004-08-04 04:15 145792 c:\windows\system32\dllcache\portcls.sys
+ 2004-08-04 04:15 . 2004-08-04 04:15 140928 c:\windows\system32\dllcache\ks.sys
- 2004-08-11 22:00 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
+ 2012-02-07 05:02 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
+ 2004-08-11 22:00 . 2011-01-21 14:42 8463360 c:\windows\system32\dllcache\shell32.dll
+ 2012-02-03 21:04 . 2012-02-03 21:04 1398272 c:\windows\Installer\5c2cd.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-04 344064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^BBAUER^Start Menu^Programs^Startup^Shortcut to AcroTray.lnk]
path=c:\documents and settings\BBAUER\Start Menu\Programs\Startup\Shortcut to AcroTray.lnk
backup=c:\windows\pss\Shortcut to AcroTray.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunPUTasktray]
c:\program files\Hewlett-Packard\HP Printer Utility\HPPU.exe --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2004-11-10 16:54 598016 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 13:04 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 17:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-08-09 11:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 20:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF4 Registry Controller]
2006-08-23 00:09 40960 ----a-w- c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 18:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-19 19:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2001-09-24 12:59 73728 ----a-w- c:\program files\NavNT\vptray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/11/2004 4:00 PM 14336]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [4/7/2005 1:59 AM 80384]
S1 MpKsl0e6e6af6;MpKsl0e6e6af6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99C92936-D82B-4DD0-B08A-B801EA8FB6F2}\MpKsl0e6e6af6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99C92936-D82B-4DD0-B08A-B801EA8FB6F2}\MpKsl0e6e6af6.sys [?]
S1 MpKsl757108d0;MpKsl757108d0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6DABB51-351C-4DB6-B319-701288905085}\MpKsl757108d0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6DABB51-351C-4DB6-B319-701288905085}\MpKsl757108d0.sys [?]
S1 MpKsl99a7b602;MpKsl99a7b602;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65939D83-97CF-4B58-A169-3F5A1EB13036}\MpKsl99a7b602.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65939D83-97CF-4B58-A169-3F5A1EB13036}\MpKsl99a7b602.sys [?]
S1 MpKslb50924fc;MpKslb50924fc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE17173-5BD9-4A4D-B276-9338142B505E}\MpKslb50924fc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE17173-5BD9-4A4D-B276-9338142B505E}\MpKslb50924fc.sys [?]
S1 MpKslbd140338;MpKslbd140338;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BEE264A-B67B-4BB3-B426-BFD8EE88F4EB}\MpKslbd140338.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BEE264A-B67B-4BB3-B426-BFD8EE88F4EB}\MpKslbd140338.sys [?]
S1 MpKslbdb4c921;MpKslbdb4c921;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72BCF008-D368-49A6-84EE-22CCA7C28AFC}\MpKslbdb4c921.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72BCF008-D368-49A6-84EE-22CCA7C28AFC}\MpKslbdb4c921.sys [?]
S1 MpKsle2f0e6a8;MpKsle2f0e6a8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB22562D-7C4C-4C5D-9CB5-0B60DBD8B80D}\MpKsle2f0e6a8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB22562D-7C4C-4C5D-9CB5-0B60DBD8B80D}\MpKsle2f0e6a8.sys [?]
S1 MpKsle516974a;MpKsle516974a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92F6C644-F223-4629-915E-78866FE38EDA}\MpKsle516974a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92F6C644-F223-4629-915E-78866FE38EDA}\MpKsle516974a.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2012 9:40 PM 136176]
S4 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [2/14/2006 2:07 PM 97280]
S4 gupdate1c988a14bbada3e;Google Update Service (gupdate1c988a14bbada3e);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2012 9:40 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2012 9:40 PM 136176]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 03:40]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 03:40]
.
2012-02-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.129.222
FF - ProfilePath - c:\documents and settings\BBAUER.VICI\Application Data\Mozilla\Firefox\Profiles\jxkmtdbb.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.wes-tech.com/WT/|https://www.google.com/a/wes-tech.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fwes-tech.com%2F&bsv=1eic6yu9oa4y3&ltmpl=default&ltmplcache=2#inbox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-17 14:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2012-02-17 14:10:39
ComboFix-quarantined-files.txt 2012-02-17 20:10
ComboFix2.txt 2012-02-09 15:42
ComboFix3.txt 2012-02-07 14:58
ComboFix4.txt 2012-02-06 21:09
ComboFix5.txt 2012-02-17 19:29
.
Pre-Run: 643,620,864 bytes free
Post-Run: 621,936,640 bytes free
.
- - End Of File - - FC0B3F8F6F10FDF81DF163EE646E9987




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users