Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Netflix crash - system check malware


  • This topic is locked This topic is locked
18 replies to this topic

#1 Bode.18

Bode.18

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 11 February 2012 - 03:40 PM

I was on Netlix and all of a sudden my browser crashed.
I had a proxy on both Mozilla and IE.
I had the system check software, which I was able to remove due to other posts on this sight.
I was able to restore all of my hidden files.
I have used Malwarebytes (free), Microsoft security essentials, SuperAntispyware (free), MSERT, TDSS, and Housecall.
I have taken precautions in my services and disabled the ones which pose as threats.

Everything is running very smoothly now, it seems, but I am skeptic. I am doing this just to make sure I am not at risk anymore.

My friend told me that I leave my browser open too much, I need to update my add ons and such (I used Ninite to do this), and because most of my software has not been updated, it left me open to threat. Plus, I have downloaded patches to PC games which I probably should not have. And yes, I have visited sites with the door closed (being honest).

Here is the briefing from Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 12:42:13 PM, on 2/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\COMMON~1\AOL\121064~1\EE\AOLHOS~1.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\121064~1\EE\AOLServiceHost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Steve\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?_bdetect=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080513
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210646597\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [kiNBsyGHcgxrctT.exe] C:\Documents and Settings\All Users\Application Data\kiNBsyGHcgxrctT.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



Thanks

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:53 AM

Posted 15 February 2012 - 10:00 AM

Hello and :welcome: to BleepingComputer!

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Bode.18

Bode.18
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 16 February 2012 - 01:45 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Steve at 10:45:58 on 2012-02-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1402 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\COMMON~1\AOL\121064~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\121064~1\EE\AOLServiceHost.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/?_bdetect=1
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\steve\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [HostManager] c:\program files\common files\aol\1210646597\ee\AOLHostManager.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [kiNBsyGHcgxrctT.exe] c:\documents and settings\all users\application data\kiNBsyGHcgxrctT.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\steve\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\steve\application data\mozilla\firefox\profiles\te1afkks.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/?_bdetect=1#
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\steve\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\steve\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\steve\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MpKsl6cf55c6f;MpKsl6cf55c6f;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f6fb35c0-ffcf-4261-a3e4-62bdc15b5c4b}\MpKsl6cf55c6f.sys [2012-2-16 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-5-12 105984]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-10 136176]
S3 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-10 136176]
.
=============== Created Last 30 ================
.
2012-02-16 15:18:06 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f6fb35c0-ffcf-4261-a3e4-62bdc15b5c4b}\MpKsl6cf55c6f.sys
2012-02-16 15:15:29 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f6fb35c0-ffcf-4261-a3e4-62bdc15b5c4b}\mpengine.dll
2012-02-14 21:20:54 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-14 21:20:54 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-14 21:20:53 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-14 21:20:53 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-14 21:20:52 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-02-14 21:20:51 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-14 21:20:27 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 21:20:27 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-11 02:11:15 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-02-11 02:11:10 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-02-11 02:11:09 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-02-11 02:11:04 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-02-11 02:11:00 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-02-11 02:10:50 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2012-02-11 02:10:45 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-02-11 02:10:43 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-02-11 02:10:38 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-02-11 02:10:37 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2012-02-11 02:09:50 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-02-11 02:09:42 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-02-11 02:09:23 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2012-02-11 02:09:15 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-02-11 02:09:11 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-02-11 02:09:08 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-02-11 02:09:08 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-02-11 02:09:02 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2012-02-11 02:09:01 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2012-02-11 02:09:00 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2012-02-11 02:07:59 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2012-02-11 02:07:47 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2012-02-11 02:07:42 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2012-02-11 02:07:37 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2012-02-11 02:07:33 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2012-02-11 02:07:26 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2012-02-11 02:07:22 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2012-02-11 02:07:17 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2012-02-11 02:07:13 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2012-02-11 02:07:08 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2012-02-11 02:07:06 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2012-02-11 02:07:02 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2012-02-11 02:05:59 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2012-02-11 02:04:58 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2012-02-11 02:03:57 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2012-02-11 02:03:54 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2012-02-11 02:03:50 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2012-02-11 02:03:47 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2012-02-11 02:03:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2012-02-11 02:03:33 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2012-02-11 02:03:27 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2012-02-11 02:03:21 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2012-02-11 02:03:09 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-02-11 02:03:03 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2012-02-11 02:03:03 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2012-02-11 02:01:56 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2012-02-11 02:00:59 63547 ----a-w- c:\windows\system32\dllcache\sla30nd5.sys
2012-02-11 02:00:55 91294 ----a-w- c:\windows\system32\dllcache\skfpwin.sys
2012-02-11 02:00:51 94698 ----a-w- c:\windows\system32\dllcache\sk98xwin.sys
2012-02-11 02:00:46 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2012-02-11 02:00:42 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2012-02-11 02:00:41 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2012-02-11 02:00:38 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-02-11 02:00:33 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-02-11 02:00:29 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-02-11 02:00:24 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-02-11 02:00:20 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-02-11 02:00:16 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-02-11 02:00:15 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2012-02-11 01:58:58 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-02-11 01:57:40 82432 ----a-w- c:\windows\system32\dllcache\rwia450.dll
2012-02-11 01:57:37 79872 ----a-w- c:\windows\system32\dllcache\rwia430.dll
2012-02-11 01:57:36 79872 ----a-w- c:\windows\system32\dllcache\rwia330.dll
2012-02-11 01:57:36 79872 ----a-w- c:\windows\system32\dllcache\rwia001.dll
2012-02-11 01:57:35 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll
2012-02-11 01:57:34 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll
2012-02-11 01:57:29 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2012-02-11 01:57:25 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2012-02-11 01:57:21 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2012-02-11 01:57:14 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2012-02-11 01:57:09 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2012-02-11 01:57:04 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2012-02-11 01:55:59 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-02-11 01:54:59 169984 ----a-w- c:\windows\system32\dllcache\pcx500.sys
2012-02-11 01:53:58 116736 ----a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-02-11 01:53:54 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys
2012-02-11 01:53:51 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2012-02-11 01:53:47 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-02-11 01:53:44 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2012-02-11 01:53:39 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-02-11 01:53:35 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2012-02-11 01:53:31 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-02-11 01:53:27 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-02-11 01:53:13 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2012-02-11 01:53:09 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2012-02-11 01:52:58 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-02-11 01:52:57 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-02-11 01:52:53 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2012-02-11 01:52:49 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-02-11 01:52:49 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2012-02-11 01:52:41 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-02-11 01:52:38 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-02-11 01:52:29 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-02-11 01:52:27 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-02-11 01:52:11 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2012-02-11 01:52:05 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-02-11 01:52:01 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-02-11 01:50:37 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2012-02-11 01:50:30 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-02-11 01:50:17 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-11 01:50:15 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2012-02-11 01:50:14 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-02-11 01:48:55 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys
2012-02-11 01:47:58 15744 ----a-w- c:\windows\system32\dllcache\lit220p.sys
2012-02-11 01:46:58 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2012-02-11 01:45:58 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2012-02-11 01:44:55 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-02-11 01:43:57 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll
2012-02-11 01:42:59 470144 ----a-w- c:\windows\system32\dllcache\g200d.dll
2012-02-11 01:41:57 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-02-11 01:40:59 144896 ----a-w- c:\windows\system32\dllcache\epcfw2k.sys
2012-02-11 01:39:59 8704 ----a-w- c:\windows\system32\dllcache\dot4scan.sys
2012-02-11 01:38:59 29531 ----a-w- c:\windows\system32\dllcache\dgapci.sys
2012-02-11 01:37:59 3712 ----a-w- c:\windows\system32\dllcache\ctljystk.sys
2012-02-11 01:36:59 22044 ----a-w- c:\windows\system32\dllcache\cem28n5.sys
2012-02-11 01:35:53 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-02-11 01:34:59 26880 ----a-w- c:\windows\system32\dllcache\atirtsnd.sys
2012-02-11 01:33:57 747392 ----a-w- c:\windows\system32\dllcache\adm8830.sys
2012-02-11 01:32:26 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-02-11 01:01:35 -------- d-----w- c:\documents and settings\steve\application data\SUPERAntiSpyware.com
2012-02-11 00:58:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-11 00:58:04 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-02-09 07:08:21 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-02-09 07:08:16 -------- d-----w- c:\documents and settings\steve\application data\TestApp
2012-02-09 06:04:20 -------- d-----w- c:\program files\GridinSoft Trojan Killer
.
==================== Find3M ====================
.
2012-02-09 23:59:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 10:46:11.59 ===============

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:53 AM

Posted 16 February 2012 - 01:59 PM

Lets also do a rootkit scan here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Bode.18

Bode.18
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 16 February 2012 - 03:19 PM

No threats were found using TDSSKiller.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:53 AM

Posted 16 February 2012 - 03:41 PM

Lets see what else may be hiding there.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Bode.18

Bode.18
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 16 February 2012 - 09:20 PM

I am going to PM it to you.

Edited by Bode.18, 16 February 2012 - 09:21 PM.


#8 Bode.18

Bode.18
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 16 February 2012 - 09:23 PM

Just in case you missed it, everything seems to have been running fine since I started this forum, but I just want to be sure.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:53 AM

Posted 17 February 2012 - 02:22 AM

See PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Bode.18

Bode.18
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 18 February 2012 - 01:32 PM

ComboFix 12-02-17.02 - Steve 02/18/2012 10:24:20.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1462 [GMT -5:00]
Running from: c:\documents and settings\Steve\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))
.
.
2012-02-17 18:26 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD855AE7-6D60-40BE-97D6-0FF5402D65B4}\mpengine.dll
2012-02-15 12:11 . 2012-02-15 12:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-02-14 21:20 . 2011-12-17 19:46 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-14 21:20 . 2011-12-17 19:46 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-14 21:20 . 2011-12-17 19:46 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-14 21:20 . 2011-12-17 19:46 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-14 21:20 . 2011-12-17 19:46 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-02-14 21:20 . 2011-12-17 19:46 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-14 21:20 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 21:20 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-11 13:56 . 2012-02-11 13:57 -------- d-----w- c:\documents and settings\Administrator
2012-02-11 02:11 . 2008-04-13 22:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-02-11 02:11 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-02-11 02:11 . 2008-04-13 22:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-02-11 02:11 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-02-11 02:11 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-02-11 02:10 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2012-02-11 02:10 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-02-11 02:10 . 2004-08-04 03:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-02-11 02:10 . 2004-08-04 03:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-02-11 02:10 . 2008-04-13 22:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2012-02-11 02:09 . 2004-08-04 03:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-02-11 02:09 . 2001-08-17 17:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-02-11 02:09 . 2001-08-17 18:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2012-02-11 02:09 . 2001-08-18 03:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-02-11 02:09 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-02-11 02:09 . 2004-08-04 10:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-02-11 02:09 . 2004-08-04 10:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-02-11 02:09 . 2001-08-17 18:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2012-02-11 02:09 . 2004-08-04 03:29 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2012-02-11 02:09 . 2008-04-13 16:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2012-02-11 02:07 . 2001-08-17 18:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2012-02-11 02:07 . 2001-08-17 18:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2012-02-11 02:07 . 2001-08-17 18:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2012-02-11 02:07 . 2001-08-17 18:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2012-02-11 02:07 . 2001-08-17 18:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2012-02-11 02:07 . 2001-08-17 18:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2012-02-11 02:07 . 2001-08-17 18:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2012-02-11 02:07 . 2001-08-17 18:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2012-02-11 02:07 . 2001-08-17 18:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2012-02-11 02:07 . 2008-04-13 16:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2012-02-11 02:07 . 2008-04-13 16:45 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2012-02-11 02:07 . 2004-08-04 03:31 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2012-02-11 02:05 . 2001-08-18 03:36 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2012-02-11 02:04 . 2001-08-17 17:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2012-02-11 02:03 . 2001-08-18 03:36 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2012-02-11 02:03 . 2001-08-18 03:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2012-02-11 02:03 . 2001-08-18 03:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2012-02-11 02:03 . 2001-08-18 03:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2012-02-11 02:03 . 2001-08-18 03:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2012-02-11 02:03 . 2001-08-18 03:36 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2012-02-11 02:03 . 2001-08-17 17:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2012-02-11 02:03 . 2001-08-17 18:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2012-02-11 02:03 . 2001-08-17 17:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-02-11 02:03 . 2004-08-04 10:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2012-02-11 02:03 . 2001-08-18 03:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2012-02-11 02:01 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll
2012-02-11 02:00 . 2004-08-04 03:31 63547 ----a-w- c:\windows\system32\dllcache\sla30nd5.sys
2012-02-11 02:00 . 2001-08-17 17:12 91294 ----a-w- c:\windows\system32\dllcache\skfpwin.sys
2012-02-11 02:00 . 2001-08-17 17:12 94698 ----a-w- c:\windows\system32\dllcache\sk98xwin.sys
2012-02-11 02:00 . 2001-08-17 19:56 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2012-02-11 02:00 . 2001-08-17 17:50 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2012-02-11 02:00 . 2004-08-04 03:31 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2012-02-11 02:00 . 2001-08-18 03:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-02-11 02:00 . 2001-08-17 17:50 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-02-11 02:00 . 2001-08-17 19:56 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-02-11 02:00 . 2001-08-17 17:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-02-11 02:00 . 2001-08-17 19:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-02-11 02:00 . 2001-08-17 17:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-02-11 02:00 . 2004-08-04 10:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2012-02-11 01:58 . 2001-08-17 18:51 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-02-11 01:57 . 2001-08-18 03:36 82432 ----a-w- c:\windows\system32\dllcache\rwia450.dll
2012-02-11 01:57 . 2001-08-18 03:36 79872 ----a-w- c:\windows\system32\dllcache\rwia430.dll
2012-02-11 01:57 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\dllcache\rwia330.dll
2012-02-11 01:57 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\dllcache\rwia001.dll
2012-02-11 01:57 . 2008-04-13 22:12 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll
2012-02-11 01:57 . 2008-04-13 22:12 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll
2012-02-11 01:57 . 2004-08-04 03:31 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2012-02-11 01:57 . 2001-08-17 17:12 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2012-02-11 01:57 . 2001-08-17 17:19 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2012-02-11 01:57 . 2001-08-18 03:36 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2012-02-11 01:57 . 2001-08-17 17:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2012-02-11 01:57 . 2008-04-13 16:40 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2012-02-11 01:55 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-02-11 01:54 . 2004-08-04 03:06 169984 ----a-w- c:\windows\system32\dllcache\pcx500.sys
2012-02-11 01:53 . 2001-08-18 03:36 116736 ----a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-02-11 01:53 . 2001-08-17 19:05 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys
2012-02-11 01:53 . 2001-08-17 19:05 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2012-02-11 01:53 . 2001-08-17 19:05 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-02-11 01:53 . 2001-08-17 19:05 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2012-02-11 01:53 . 2001-08-17 18:28 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-02-11 01:53 . 2001-08-17 17:12 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2012-02-11 01:53 . 2001-08-17 17:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-02-11 01:53 . 2001-08-17 17:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-02-11 01:53 . 2001-08-17 17:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2012-02-11 01:53 . 2001-08-18 03:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2012-02-11 01:52 . 2001-08-17 17:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-02-11 01:52 . 2001-08-18 03:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-02-11 01:52 . 2001-08-17 18:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2012-02-11 01:52 . 2008-04-13 16:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2012-02-11 01:52 . 2001-08-17 18:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-02-11 01:52 . 2001-08-17 17:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-02-11 01:52 . 2001-08-17 17:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-02-11 01:52 . 2001-08-17 17:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-02-11 01:52 . 2004-08-04 03:31 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-02-11 01:52 . 2001-08-17 17:11 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2012-02-11 01:52 . 2001-08-17 17:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-02-11 01:52 . 2001-08-18 03:36 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-02-11 01:50 . 2008-04-13 16:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2012-02-11 01:50 . 2001-08-17 18:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-02-11 01:50 . 2001-08-17 19:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-11 01:50 . 2008-04-13 16:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2012-02-11 01:50 . 2004-08-04 10:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-02-11 01:48 . 2001-08-17 18:52 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys
2012-02-11 01:47 . 2001-08-17 18:51 15744 ----a-w- c:\windows\system32\dllcache\lit220p.sys
2012-02-11 01:46 . 2008-04-13 22:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2012-02-11 01:45 . 2001-08-18 03:36 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2012-02-11 01:44 . 2001-08-17 18:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-02-11 01:43 . 2001-08-18 03:36 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll
2012-02-11 01:42 . 2001-08-17 19:56 470144 ----a-w- c:\windows\system32\dllcache\g200d.dll
2012-02-11 01:41 . 2001-08-17 18:52 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-02-11 01:40 . 2001-08-17 18:50 144896 ----a-w- c:\windows\system32\dllcache\epcfw2k.sys
2012-02-11 01:39 . 2001-08-17 18:47 8704 ----a-w- c:\windows\system32\dllcache\dot4scan.sys
2012-02-11 01:38 . 2001-08-17 17:17 29531 ----a-w- c:\windows\system32\dllcache\dgapci.sys
2012-02-11 01:37 . 2001-08-17 17:19 3712 ----a-w- c:\windows\system32\dllcache\ctljystk.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 23:59 . 2011-09-22 19:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2010-07-30 00:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53 . 2004-08-10 17:51 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 04:19 . 2010-07-31 06:42 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-17 19:46 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2010-07-30 00:12 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 15:50 . 2011-05-06 03:19 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-16_23.10.56 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Steam"="c:\program files\Steam\Steam.exe" [2011-12-10 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-19 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-19 137752]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-12-10 1228800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-11 2183168]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-19 405504]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"HostManager"="c:\program files\Common Files\AOL\1210646597\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Steve\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-13 02:39 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/12/2008 9:02 PM 105984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2010 3:42 PM 136176]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2010 3:42 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 25897203
*Deregistered* - 25897203
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 20:42]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 20:42]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039990929-656642245-3409136896-1006Core.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-25 20:42]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039990929-656642245-3409136896-1006UA.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-25 20:42]
.
2012-02-18 c:\windows\Tasks\User_Feed_Synchronization-{42CD490D-E1F1-456C-B8BA-E2C2C8FA69E9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/?_bdetect=1
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 172.16.1.14
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\te1afkks.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/?_bdetect=1#
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-18 10:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4039990929-656642245-3409136896-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1096)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
- - - - - - - > 'explorer.exe'(1296)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Dell\QuickSet\dadkeyb.dll
.
Completion time: 2012-02-18 10:32:56
ComboFix-quarantined-files.txt 2012-02-18 15:32
ComboFix2.txt 2012-02-16 23:13
.
Pre-Run: 55,928,492,032 bytes free
Post-Run: 55,909,097,472 bytes free
.
- - End Of File - - 1A94F413916FDD933C9DCD14E12C87AA

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:53 AM

Posted 18 February 2012 - 01:53 PM

Things look good, no active malware found. Can you please rerun DDS and post me attach.txt this time (no need for DDS) so I can have a look at possible software issues.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Bode.18

Bode.18
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 18 February 2012 - 06:14 PM

It is really nice of you to take the time to do this for me. This is all much appreciated.

15:15:05.0812 1416 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
15:15:08.0562 1416 ============================================================
15:15:08.0562 1416 Current date / time: 2012/02/18 15:15:08.0562
15:15:08.0562 1416 SystemInfo:
15:15:08.0562 1416
15:15:08.0562 1416 OS Version: 5.1.2600 ServicePack: 3.0
15:15:08.0562 1416 Product type: Workstation
15:15:08.0562 1416 ComputerName: D21XW9G1
15:15:08.0562 1416 UserName: Steve
15:15:08.0562 1416 Windows directory: C:\WINDOWS
15:15:08.0562 1416 System windows directory: C:\WINDOWS
15:15:08.0562 1416 Processor architecture: Intel x86
15:15:08.0562 1416 Number of processors: 1
15:15:08.0562 1416 Page size: 0x1000
15:15:08.0562 1416 Boot type: Normal boot
15:15:08.0562 1416 ============================================================
15:15:12.0687 1416 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:15:12.0718 1416 \Device\Harddisk0\DR0:
15:15:12.0750 1416 MBR used
15:15:12.0750 1416 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0xD3DB104
15:15:12.0859 1416 Initialize success
15:15:12.0859 1416 ============================================================
15:15:14.0921 3820 ============================================================
15:15:14.0921 3820 Scan started
15:15:14.0921 3820 Mode: Manual;
15:15:14.0921 3820 ============================================================
15:15:15.0312 3820 Abiosdsk - ok
15:15:15.0359 3820 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:15:15.0375 3820 abp480n5 - ok
15:15:15.0546 3820 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:15:15.0578 3820 ACPI - ok
15:15:15.0640 3820 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:15:15.0656 3820 ACPIEC - ok
15:15:15.0796 3820 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:15:15.0843 3820 adpu160m - ok
15:15:15.0890 3820 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:15:15.0984 3820 aec - ok
15:15:16.0156 3820 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:15:16.0156 3820 AFD - ok
15:15:16.0250 3820 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:15:16.0296 3820 agp440 - ok
15:15:16.0390 3820 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:15:16.0421 3820 agpCPQ - ok
15:15:16.0671 3820 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:15:16.0703 3820 Aha154x - ok
15:15:17.0156 3820 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:15:17.0187 3820 aic78u2 - ok
15:15:17.0265 3820 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:15:17.0296 3820 aic78xx - ok
15:15:17.0375 3820 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:15:17.0390 3820 AliIde - ok
15:15:17.0531 3820 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:15:17.0578 3820 alim1541 - ok
15:15:17.0671 3820 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:15:17.0718 3820 amdagp - ok
15:15:17.0812 3820 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:15:17.0890 3820 amsint - ok
15:15:18.0140 3820 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
15:15:18.0140 3820 ApfiltrService - ok
15:15:18.0218 3820 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:15:18.0250 3820 Arp1394 - ok
15:15:18.0406 3820 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:15:18.0421 3820 asc - ok
15:15:18.0625 3820 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:15:18.0640 3820 asc3350p - ok
15:15:18.0671 3820 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:15:18.0687 3820 asc3550 - ok
15:15:18.0750 3820 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:15:18.0765 3820 AsyncMac - ok
15:15:18.0812 3820 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:15:18.0890 3820 atapi - ok
15:15:19.0109 3820 Atdisk - ok
15:15:19.0281 3820 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:15:19.0328 3820 Atmarpc - ok
15:15:19.0390 3820 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:15:19.0406 3820 audstub - ok
15:15:19.0484 3820 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:15:19.0625 3820 BCM43XX - ok
15:15:19.0828 3820 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:15:19.0875 3820 Beep - ok
15:15:20.0078 3820 catchme - ok
15:15:20.0281 3820 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:15:20.0296 3820 cbidf - ok
15:15:20.0312 3820 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:15:20.0312 3820 cbidf2k - ok
15:15:20.0359 3820 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:15:20.0375 3820 CCDECODE - ok
15:15:20.0546 3820 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:15:20.0562 3820 cd20xrnt - ok
15:15:20.0765 3820 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:15:20.0796 3820 Cdaudio - ok
15:15:20.0906 3820 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:15:20.0953 3820 Cdfs - ok
15:15:21.0015 3820 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:15:21.0062 3820 Cdrom - ok
15:15:21.0250 3820 Changer - ok
15:15:21.0296 3820 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:15:21.0312 3820 CmBatt - ok
15:15:21.0343 3820 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:15:21.0406 3820 CmdIde - ok
15:15:21.0500 3820 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:15:21.0515 3820 Compbatt - ok
15:15:21.0781 3820 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:15:21.0812 3820 Cpqarray - ok
15:15:21.0859 3820 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:15:21.0984 3820 dac2w2k - ok
15:15:22.0125 3820 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:15:22.0171 3820 dac960nt - ok
15:15:22.0281 3820 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:15:22.0343 3820 Disk - ok
15:15:22.0468 3820 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:15:22.0515 3820 dmboot - ok
15:15:22.0953 3820 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:15:23.0000 3820 dmio - ok
15:15:23.0015 3820 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:15:23.0031 3820 dmload - ok
15:15:23.0281 3820 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:15:23.0312 3820 DMusic - ok
15:15:23.0375 3820 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:15:23.0406 3820 dpti2o - ok
15:15:23.0500 3820 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:15:23.0500 3820 drmkaud - ok
15:15:23.0687 3820 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:15:23.0765 3820 E100B - ok
15:15:23.0843 3820 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:15:23.0906 3820 Fastfat - ok
15:15:24.0000 3820 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:15:24.0015 3820 Fdc - ok
15:15:24.0234 3820 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:15:24.0265 3820 Fips - ok
15:15:24.0296 3820 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:15:24.0328 3820 Flpydisk - ok
15:15:24.0484 3820 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:15:24.0500 3820 FltMgr - ok
15:15:24.0718 3820 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:15:24.0734 3820 Fs_Rec - ok
15:15:24.0750 3820 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:15:24.0781 3820 Ftdisk - ok
15:15:24.0921 3820 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:15:24.0921 3820 GEARAspiWDM - ok
15:15:25.0015 3820 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:15:25.0093 3820 Gpc - ok
15:15:25.0218 3820 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:15:25.0250 3820 HDAudBus - ok
15:15:25.0312 3820 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:15:25.0343 3820 HidUsb - ok
15:15:25.0453 3820 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:15:25.0468 3820 hpn - ok
15:15:25.0531 3820 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:15:25.0656 3820 HSFHWAZL - ok
15:15:25.0750 3820 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:15:25.0875 3820 HSF_DPV - ok
15:15:26.0125 3820 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:15:26.0125 3820 HTTP - ok
15:15:26.0234 3820 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:15:26.0296 3820 i2omgmt - ok
15:15:26.0390 3820 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:15:26.0406 3820 i2omp - ok
15:15:26.0453 3820 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:15:26.0515 3820 i8042prt - ok
15:15:26.0937 3820 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:15:27.0468 3820 ialm - ok
15:15:27.0718 3820 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys
15:15:27.0718 3820 iaStor - ok
15:15:27.0859 3820 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:15:27.0906 3820 Imapi - ok
15:15:28.0015 3820 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:15:28.0046 3820 ini910u - ok
15:15:28.0234 3820 IntcHdmiAddService (99d47d1cf700982b37cce16b068449f0) C:\WINDOWS\system32\drivers\IntcHdmi.sys
15:15:28.0281 3820 IntcHdmiAddService - ok
15:15:28.0453 3820 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:15:28.0453 3820 IntelIde - ok
15:15:28.0656 3820 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:15:28.0687 3820 intelppm - ok
15:15:28.0718 3820 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:15:28.0765 3820 Ip6Fw - ok
15:15:28.0968 3820 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:15:28.0984 3820 IpFilterDriver - ok
15:15:29.0187 3820 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:15:29.0218 3820 IpInIp - ok
15:15:29.0265 3820 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:15:29.0296 3820 IpNat - ok
15:15:29.0453 3820 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:15:29.0500 3820 IPSec - ok
15:15:29.0546 3820 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:15:29.0609 3820 IRENUM - ok
15:15:29.0671 3820 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:15:29.0703 3820 isapnp - ok
15:15:29.0875 3820 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:15:29.0906 3820 Kbdclass - ok
15:15:30.0015 3820 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:15:30.0078 3820 kmixer - ok
15:15:30.0140 3820 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:15:30.0156 3820 KSecDD - ok
15:15:30.0171 3820 lbrtfdc - ok
15:15:30.0312 3820 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:15:30.0343 3820 mdmxsdk - ok
15:15:30.0421 3820 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:15:30.0500 3820 mnmdd - ok
15:15:30.0578 3820 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:15:30.0609 3820 Modem - ok
15:15:30.0625 3820 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:15:30.0656 3820 Mouclass - ok
15:15:30.0718 3820 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:15:30.0781 3820 mouhid - ok
15:15:30.0875 3820 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:15:30.0921 3820 MountMgr - ok
15:15:31.0062 3820 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:15:31.0062 3820 MpFilter - ok
15:15:31.0359 3820 MpKsl57e74e0a (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5D067BD-CC5E-4647-A733-39999E860132}\MpKsl57e74e0a.sys
15:15:31.0359 3820 MpKsl57e74e0a - ok
15:15:31.0531 3820 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:15:31.0546 3820 mraid35x - ok
15:15:31.0609 3820 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:15:31.0609 3820 MRxDAV - ok
15:15:31.0765 3820 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:15:31.0781 3820 MRxSmb - ok
15:15:31.0953 3820 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:15:31.0984 3820 Msfs - ok
15:15:32.0031 3820 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:15:32.0046 3820 MSKSSRV - ok
15:15:32.0250 3820 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:15:32.0265 3820 MSPCLOCK - ok
15:15:32.0281 3820 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:15:32.0296 3820 MSPQM - ok
15:15:32.0515 3820 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:15:32.0531 3820 mssmbios - ok
15:15:32.0593 3820 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:15:32.0625 3820 MSTEE - ok
15:15:32.0750 3820 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:15:32.0750 3820 Mup - ok
15:15:32.0968 3820 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:15:33.0250 3820 NABTSFEC - ok
15:15:33.0453 3820 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:15:33.0500 3820 NDIS - ok
15:15:33.0781 3820 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:15:34.0031 3820 NdisIP - ok
15:15:35.0109 3820 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:15:35.0390 3820 NdisTapi - ok
15:15:36.0281 3820 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:15:36.0531 3820 Ndisuio - ok
15:15:37.0187 3820 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:15:37.0828 3820 NdisWan - ok
15:15:38.0796 3820 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:15:39.0031 3820 NDProxy - ok
15:15:39.0203 3820 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:15:39.0265 3820 NetBIOS - ok
15:15:39.0390 3820 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:15:39.0437 3820 NetBT - ok
15:15:39.0640 3820 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:15:39.0671 3820 NIC1394 - ok
15:15:39.0750 3820 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
15:15:39.0859 3820 nm - ok
15:15:39.0953 3820 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:15:40.0218 3820 Npfs - ok
15:15:40.0312 3820 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:15:40.0515 3820 Ntfs - ok
15:15:40.0656 3820 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:15:40.0671 3820 Null - ok
15:15:40.0812 3820 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:15:40.0968 3820 nv - ok
15:15:41.0218 3820 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:15:41.0250 3820 NwlnkFlt - ok
15:15:41.0265 3820 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:15:41.0296 3820 NwlnkFwd - ok
15:15:41.0593 3820 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:15:41.0796 3820 ohci1394 - ok
15:15:42.0000 3820 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:15:42.0046 3820 Parport - ok
15:15:42.0562 3820 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:15:42.0593 3820 PartMgr - ok
15:15:42.0640 3820 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:15:42.0687 3820 ParVdm - ok
15:15:42.0781 3820 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:15:42.0828 3820 PCI - ok
15:15:42.0843 3820 PCIDump - ok
15:15:42.0875 3820 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:15:42.0921 3820 PCIIde - ok
15:15:43.0031 3820 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:15:43.0062 3820 Pcmcia - ok
15:15:43.0250 3820 PDCOMP - ok
15:15:43.0328 3820 PDFRAME - ok
15:15:43.0328 3820 PDRELI - ok
15:15:43.0343 3820 PDRFRAME - ok
15:15:43.0375 3820 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:15:43.0406 3820 perc2 - ok
15:15:43.0500 3820 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:15:43.0515 3820 perc2hib - ok
15:15:43.0703 3820 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:15:43.0765 3820 PptpMiniport - ok
15:15:43.0812 3820 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:15:44.0296 3820 PSched - ok
15:15:44.0484 3820 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:15:44.0515 3820 Ptilink - ok
15:15:44.0593 3820 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:15:44.0640 3820 PxHelp20 - ok
15:15:44.0718 3820 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:15:44.0734 3820 ql1080 - ok
15:15:44.0796 3820 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:15:44.0843 3820 Ql10wnt - ok
15:15:44.0953 3820 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:15:44.0968 3820 ql12160 - ok
15:15:44.0984 3820 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:15:45.0015 3820 ql1240 - ok
15:15:45.0062 3820 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:15:45.0171 3820 ql1280 - ok
15:15:45.0281 3820 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:15:45.0281 3820 RasAcd - ok
15:15:45.0453 3820 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:15:45.0500 3820 Rasl2tp - ok
15:15:45.0843 3820 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:15:45.0875 3820 RasPppoe - ok
15:15:45.0890 3820 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:15:45.0906 3820 Raspti - ok
15:15:45.0953 3820 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:15:46.0015 3820 Rdbss - ok
15:15:46.0281 3820 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:15:46.0312 3820 RDPCDD - ok
15:15:46.0375 3820 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:15:46.0421 3820 rdpdr - ok
15:15:46.0500 3820 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:15:46.0515 3820 RDPWD - ok
15:15:46.0703 3820 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:15:46.0734 3820 redbook - ok
15:15:46.0843 3820 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:15:46.0906 3820 rimmptsk - ok
15:15:46.0968 3820 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:15:47.0000 3820 rimsptsk - ok
15:15:47.0234 3820 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:15:47.0265 3820 rismxdp - ok
15:15:47.0500 3820 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:15:47.0515 3820 SASDIFSV - ok
15:15:47.0562 3820 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:15:47.0578 3820 SASKUTIL - ok
15:15:47.0765 3820 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:15:47.0796 3820 sdbus - ok
15:15:47.0890 3820 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:15:47.0921 3820 Secdrv - ok
15:15:47.0984 3820 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:15:48.0000 3820 serenum - ok
15:15:48.0218 3820 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:15:48.0281 3820 Serial - ok
15:15:48.0359 3820 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
15:15:48.0375 3820 sffdisk - ok
15:15:48.0406 3820 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
15:15:48.0421 3820 sffp_sd - ok
15:15:48.0671 3820 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:15:48.0734 3820 Sfloppy - ok
15:15:48.0828 3820 Simbad - ok
15:15:48.0890 3820 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:15:48.0921 3820 sisagp - ok
15:15:49.0218 3820 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:15:49.0375 3820 SLIP - ok
15:15:49.0421 3820 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:15:49.0437 3820 Sparrow - ok
15:15:49.0609 3820 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:15:49.0625 3820 splitter - ok
15:15:49.0671 3820 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:15:49.0718 3820 sr - ok
15:15:49.0843 3820 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:15:49.0843 3820 Srv - ok
15:15:50.0421 3820 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
15:15:50.0593 3820 STHDA - ok
15:15:50.0734 3820 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:15:50.0765 3820 streamip - ok
15:15:50.0843 3820 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:15:50.0859 3820 swenum - ok
15:15:50.0906 3820 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:15:50.0937 3820 swmidi - ok
15:15:51.0109 3820 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:15:51.0171 3820 symc810 - ok
15:15:51.0296 3820 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:15:51.0328 3820 symc8xx - ok
15:15:51.0359 3820 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:15:51.0406 3820 sym_hi - ok
15:15:51.0562 3820 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:15:51.0578 3820 sym_u3 - ok
15:15:51.0640 3820 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:15:51.0671 3820 sysaudio - ok
15:15:51.0765 3820 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:15:51.0812 3820 Tcpip - ok
15:15:51.0984 3820 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
15:15:52.0000 3820 Tcpip6 - ok
15:15:52.0078 3820 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:15:52.0078 3820 TDPIPE - ok
15:15:52.0156 3820 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:15:52.0156 3820 TDTCP - ok
15:15:52.0281 3820 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:15:52.0281 3820 TermDD - ok
15:15:52.0390 3820 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:15:52.0406 3820 TosIde - ok
15:15:52.0453 3820 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
15:15:52.0468 3820 tunmp - ok
15:15:52.0703 3820 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:15:52.0734 3820 Udfs - ok
15:15:52.0875 3820 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:15:52.0906 3820 ultra - ok
15:15:53.0125 3820 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:15:53.0156 3820 Update - ok
15:15:53.0531 3820 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:15:53.0562 3820 USBAAPL - ok
15:15:53.0718 3820 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:15:53.0750 3820 usbaudio - ok
15:15:53.0796 3820 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:15:53.0890 3820 usbccgp - ok
15:15:54.0109 3820 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:15:54.0156 3820 usbehci - ok
15:15:54.0234 3820 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:15:54.0265 3820 usbhub - ok
15:15:54.0421 3820 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:15:54.0453 3820 usbprint - ok
15:15:54.0656 3820 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:15:54.0671 3820 usbscan - ok
15:15:54.0718 3820 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:15:54.0750 3820 USBSTOR - ok
15:15:54.0796 3820 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:15:54.0843 3820 usbuhci - ok
15:15:55.0187 3820 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:15:55.0218 3820 usbvideo - ok
15:15:55.0234 3820 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:15:55.0250 3820 VgaSave - ok
15:15:55.0281 3820 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:15:55.0328 3820 viaagp - ok
15:15:55.0515 3820 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:15:55.0531 3820 ViaIde - ok
15:15:55.0609 3820 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:15:55.0687 3820 VolSnap - ok
15:15:55.0734 3820 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:15:55.0765 3820 Wanarp - ok
15:15:55.0921 3820 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
15:15:55.0968 3820 wanatw - ok
15:15:56.0031 3820 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:15:56.0046 3820 Wdf01000 - ok
15:15:56.0171 3820 WDICA - ok
15:15:56.0234 3820 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:15:56.0281 3820 wdmaud - ok
15:15:56.0421 3820 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:15:56.0453 3820 winachsf - ok
15:15:56.0687 3820 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:15:56.0703 3820 WmiAcpi - ok
15:15:56.0750 3820 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:15:56.0812 3820 WS2IFSL - ok
15:15:56.0953 3820 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:15:56.0968 3820 WSTCODEC - ok
15:15:57.0078 3820 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:15:57.0140 3820 WudfPf - ok
15:15:57.0250 3820 yukonwxp (67331fd053f97a874a60374be6b59523) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
15:15:57.0312 3820 yukonwxp - ok
15:15:57.0328 3820 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
15:15:57.0359 3820 \Device\Harddisk0\DR0 - ok
15:15:57.0406 3820 Boot (0x1200) (a1650dc83a2af9ef1181990cacadc123) \Device\Harddisk0\DR0\Partition0
15:15:57.0406 3820 \Device\Harddisk0\DR0\Partition0 - ok
15:15:57.0406 3820 ============================================================
15:15:57.0406 3820 Scan finished
15:15:57.0406 3820 ============================================================
15:15:57.0453 3548 Detected object count: 0
15:15:57.0453 3548 Actual detected object count: 0

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:53 AM

Posted 19 February 2012 - 03:46 AM

That is a tdsskiller log. I need you to rerun DDS and post the attach.txt log. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Bode.18

Bode.18
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 19 February 2012 - 08:49 PM

ooo haha embarrassing...

Attached File  attach.txt   19.15KB   2 downloads

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Steve at 17:44:50 on 2012-02-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1360 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\121064~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\121064~1\EE\AOLServiceHost.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/?_bdetect=1
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [HostManager] c:\program files\common files\aol\1210646597\ee\AOLHostManager.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\steve\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: Interfaces\{727C24A4-41D9-4344-9A18-B8A49B3CD11F} : DhcpNameServer = 172.16.1.14
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\steve\application data\mozilla\firefox\profiles\te1afkks.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/?_bdetect=1#
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\steve\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\steve\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\steve\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-5-12 105984]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-10 136176]
S3 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-10 136176]
.
=============== Created Last 30 ================
.
2012-02-18 17:42:33 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e5d067bd-cc5e-4647-a733-39999e860132}\mpengine.dll
2012-02-14 21:20:54 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-14 21:20:54 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-14 21:20:53 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-14 21:20:53 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-14 21:20:52 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-02-14 21:20:51 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-14 21:20:27 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 21:20:27 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-11 02:11:15 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-02-11 02:11:10 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-02-11 02:11:09 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-02-11 02:11:04 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-02-11 02:11:00 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-02-11 02:10:50 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2012-02-11 02:10:45 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-02-11 02:10:43 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-02-11 02:10:38 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-02-11 02:10:37 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2012-02-11 02:09:50 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-02-11 02:09:42 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-02-11 02:09:23 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2012-02-11 02:09:15 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-02-11 02:09:11 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-02-11 02:09:08 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-02-11 02:09:08 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-02-11 02:09:02 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2012-02-11 02:09:01 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2012-02-11 02:09:00 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2012-02-11 02:07:59 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2012-02-11 02:07:47 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2012-02-11 02:07:42 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2012-02-11 02:07:37 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2012-02-11 02:07:33 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2012-02-11 02:07:26 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2012-02-11 02:07:22 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2012-02-11 02:07:17 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2012-02-11 02:07:13 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2012-02-11 02:07:08 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2012-02-11 02:07:06 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2012-02-11 02:07:02 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2012-02-11 02:05:59 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2012-02-11 02:04:58 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2012-02-11 02:03:57 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2012-02-11 02:03:54 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2012-02-11 02:03:50 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2012-02-11 02:03:47 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2012-02-11 02:03:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2012-02-11 02:03:33 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2012-02-11 02:03:27 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2012-02-11 02:03:21 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2012-02-11 02:03:09 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-02-11 02:03:03 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2012-02-11 02:03:03 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2012-02-11 02:01:56 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2012-02-11 02:00:59 63547 ----a-w- c:\windows\system32\dllcache\sla30nd5.sys
2012-02-11 02:00:55 91294 ----a-w- c:\windows\system32\dllcache\skfpwin.sys
2012-02-11 02:00:51 94698 ----a-w- c:\windows\system32\dllcache\sk98xwin.sys
2012-02-11 02:00:46 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2012-02-11 02:00:42 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2012-02-11 02:00:41 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2012-02-11 02:00:38 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-02-11 02:00:33 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-02-11 02:00:29 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-02-11 02:00:24 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-02-11 02:00:20 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-02-11 02:00:16 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-02-11 02:00:15 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2012-02-11 01:58:58 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-02-11 01:57:40 82432 ----a-w- c:\windows\system32\dllcache\rwia450.dll
2012-02-11 01:57:37 79872 ----a-w- c:\windows\system32\dllcache\rwia430.dll
2012-02-11 01:57:36 79872 ----a-w- c:\windows\system32\dllcache\rwia330.dll
2012-02-11 01:57:36 79872 ----a-w- c:\windows\system32\dllcache\rwia001.dll
2012-02-11 01:57:35 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll
2012-02-11 01:57:34 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll
2012-02-11 01:57:29 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2012-02-11 01:57:25 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2012-02-11 01:57:21 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2012-02-11 01:57:14 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2012-02-11 01:57:09 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2012-02-11 01:57:04 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2012-02-11 01:55:59 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-02-11 01:54:59 169984 ----a-w- c:\windows\system32\dllcache\pcx500.sys
2012-02-11 01:53:58 116736 ----a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-02-11 01:53:54 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys
2012-02-11 01:53:51 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2012-02-11 01:53:47 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-02-11 01:53:44 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2012-02-11 01:53:39 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-02-11 01:53:35 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2012-02-11 01:53:31 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-02-11 01:53:27 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-02-11 01:53:13 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2012-02-11 01:53:09 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2012-02-11 01:52:58 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-02-11 01:52:57 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-02-11 01:52:53 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2012-02-11 01:52:49 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-02-11 01:52:49 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2012-02-11 01:52:41 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-02-11 01:52:38 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-02-11 01:52:29 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-02-11 01:52:27 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-02-11 01:52:11 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2012-02-11 01:52:05 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-02-11 01:52:01 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-02-11 01:50:37 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2012-02-11 01:50:30 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-02-11 01:50:17 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-11 01:50:15 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2012-02-11 01:50:14 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-02-11 01:48:55 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys
2012-02-11 01:47:58 15744 ----a-w- c:\windows\system32\dllcache\lit220p.sys
2012-02-11 01:46:58 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2012-02-11 01:45:58 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2012-02-11 01:44:55 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-02-11 01:43:57 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll
2012-02-11 01:42:59 470144 ----a-w- c:\windows\system32\dllcache\g200d.dll
2012-02-11 01:41:57 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-02-11 01:40:59 144896 ----a-w- c:\windows\system32\dllcache\epcfw2k.sys
2012-02-11 01:39:59 8704 ----a-w- c:\windows\system32\dllcache\dot4scan.sys
2012-02-11 01:38:59 29531 ----a-w- c:\windows\system32\dllcache\dgapci.sys
2012-02-11 01:37:59 3712 ----a-w- c:\windows\system32\dllcache\ctljystk.sys
2012-02-11 01:36:59 22044 ----a-w- c:\windows\system32\dllcache\cem28n5.sys
2012-02-11 01:35:53 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-02-11 01:34:59 26880 ----a-w- c:\windows\system32\dllcache\atirtsnd.sys
2012-02-11 01:33:57 747392 ----a-w- c:\windows\system32\dllcache\adm8830.sys
2012-02-11 01:32:26 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-02-11 01:01:35 -------- d-----w- c:\documents and settings\steve\application data\SUPERAntiSpyware.com
2012-02-11 00:58:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-11 00:58:04 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-02-09 07:08:21 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-02-09 07:08:16 -------- d-----w- c:\documents and settings\steve\application data\TestApp
2012-02-09 06:04:20 -------- d-----w- c:\program files\GridinSoft Trojan Killer
.
==================== Find3M ====================
.
2012-02-09 23:59:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 17:47:04.50 ===============

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:53 AM

Posted 20 February 2012 - 03:05 AM

Hi again,

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  • Look for "JDK 7u3 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users