Jump to content

bobmmp

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

Reputation

0 Neutral
  1. bobmmp
    Thanks for all of your help.
  2. bobmmp
    Yes, they seem to. Computer runs faster... ping.exe is not there. Just seems like eset will not run correctly. I was carefully to fully remove it prior to reinstalling also. Used there uninstall tool in the event you have installation issues. Just odd it runs fine after installation then bam, reboot and here you go again? I worry that I am not protected.
  3. bobmmp
    Also noticed when downloading Adobe Reader for reinstall the google toolbar info.
  4. bobmmp
    OK, did all of the above. Installed Eset again and all works fine until after reboot. Image shows after install: Now after reboot: Does not start up in sys tray, but shows in processes Shows in processes And finally when I try to access the gui by the start menu > All Programs > ... >Eset Security Suite I get this error: I run ESET on 4 windows machines, on win 7 3 XP and this only happened after infection.
  5. bobmmp
    Prior to running F-Secure online scan I uninstalled ESET Securtiy Suite. One thing I noticed running the online scan that was different than your instructions was once I clicked on the link, I got redirected to a different page on the F-secure site. The scanner used Java and never did ask for ActiveX since it was using the java virtual machine. Here are the two scan results: Scanned: Files: 88326 System: 4697 Not scanned: 9 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\DOCUMENTS AND SETTINGS\BOB\LOCAL SETTINGS\TEMP\HSPERFDATA_BOB\2476 C:\DOCUMENTS AND SETTINGS\BOB\LOCAL SETTINGS\TEMP\HSPERFDATA_BOB\2712 -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics Results of screen317's Security Check version 0.99.30 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Out of date Spybot installed! Spybot - Search & Destroy 1.5.2.20 Spybot - Search & Destroy CCleaner Java 6 Update 30 Adobe Flash Player 10.1.85.3 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of date! Mozilla Firefox 5.0. Firefox out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log```````````` Thanks for your help. Going to wait to re-install ESET since my last group of scans have been clean and I only get the GUI after the initial install. Once system is rebooted, I get the permissions / path error.
  6. bobmmp
    Should I go ahead and uninstall ESET again since I have no control over stopping the protection?
  7. bobmmp
    Complied a couple of days ago, gui for AV still will not run.
  8. bobmmp

    Hi, I complied and posted the directed logs a couple of days ago. Will be traveling home tomorrow.

  9. bobmmp
    OK, ran combofix with the script and then dds again, here are logs, first combox ****************************************** Combo Fix ****************************************** ComboFix 12-01-02.01 - Bob 01/02/2012 12:51:09.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.549 [GMT -7:00] Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_vqvhha . . ((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 ))))))))))))))))))))))))))))))) . . 2011-12-14 21:22 . 2011-12-14 21:22 -------- d-----w- c:\program files\Common Files\Java 2011-12-13 21:48 . 2011-12-13 21:49 1692968 ----a-w- C:\avg_remover_stf_x86_2012_1796.exe 2011-12-13 21:13 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2011-12-13 21:13 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-14 16:05 . 2004-08-11 22:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-12-14 16:05 . 2004-08-04 04:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys 2011-12-10 22:24 . 2011-04-11 15:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-30 17:33 . 2006-09-26 21:46 89680 ----a-w- c:\documents and settings\Bob\MSSSerif120.fon 2011-11-23 13:25 . 2004-08-11 22:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-12 00:56 . 2011-06-09 05:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-10 12:54 . 2010-05-13 19:01 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 10:27 . 2007-04-18 19:36 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 19:20 . 2004-08-11 22:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2004-08-11 22:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2004-08-11 22:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2004-08-11 22:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-22 15:51 . 2011-05-11 01:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-12-28_16.07.27 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-02 20:10 . 2012-01-02 20:10 16384 c:\windows\Temp\Perflib_Perfdata_6f8.dat + 2012-01-02 19:42 . 2012-01-02 19:42 16384 c:\windows\Temp\Perflib_Perfdata_6e4.dat + 2012-01-02 20:10 . 2012-01-02 20:10 16384 c:\windows\Temp\Perflib_Perfdata_5b0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472] "nwiz"="nwiz.exe" [2006-01-19 1519616] "NVHotkey"="nvHotkey.dll" [2006-01-19 73728] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-22 24576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wxvault.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VProperty.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VProperty.lnk backup=c:\windows\pss\VProperty.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boingo Wi-Finder] 2011-12-14 20:15 2203 ----a-w- c:\program files\Boingo\Boingo Wi-Finder\Boingo.lnk . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder] 2006-11-27 16:25 255528 ----a-w- c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager] 2006-03-09 17:26 98304 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] 2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-06-03 15:37 273544 ----a-w- c:\program files\real\realplayer\Update\realsched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Home\\ftpte.exe"= "c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\IDM Computer Solutions\\UltraEdit-32\\uedit32.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= . R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 5:21 AM 92592] S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [3/15/2009 1:13 PM 34064] S3 SPC610NC;SPC 610NC Laptop Camera;c:\windows\system32\drivers\SPC610NC.sys [12/23/2006 11:27 PM 156800] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000] . Contents of the 'Scheduled Tasks' folder . 2009-03-23 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56] . 2012-01-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2841834785-1377149234-1346910322-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47] . 2012-01-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2841834785-1377149234-1346910322-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47] . 2012-01-02 c:\windows\Tasks\User_Feed_Synchronization-{52F71B14-476C-4C3F-A717-D9333F264825}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 10:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://mail.adigitalm.com/ uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam5.hrz.tu-darmstadt.de/activex/AMC.cab FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\6h5kru6m.default\ FF - prefs.js: browser.search.selectedEngine - Live Search . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-02 13:10 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(500) c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . - - - - - - - > 'explorer.exe'(3032) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\System32\SCardSvr.exe c:\program files\Wave Systems Corp\Common\DataServer.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PSIService.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\System32\snmp.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\System32\PAStiSvc.exe c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\windows\stsystra.exe c:\program files\Apoint\HidFind.exe c:\program files\Apoint\Apntex.exe c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe . ************************************************************************** . Completion time: 2012-01-02 13:18:42 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-02 20:18 ComboFix2.txt 2011-12-28 16:12 ComboFix3.txt 2011-12-28 03:41 . Pre-Run: 12,129,710,080 bytes free Post-Run: 11,976,597,504 bytes free . - - End Of File - - 1EF3C09DE540E4800BF1AC1DC3A2DD60 ************************************************************ DDS ************************************************************ . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30 Run by Bob at 13:23:51 on 2012-01-02 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.597 [GMT -7:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\snmp.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mail.adigitalm.com/ uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe" IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://webcam.innonfifth.com:8080/VatDec.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151685220046 DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://64.84.107.59/activex/AMC.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://80.59.219.32:86/activex/AxisCamControl.cab DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - hxxp://www.trendmicro.com/spyware-scan/as4web.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam5.hrz.tu-darmstadt.de/activex/AMC.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab AppInit_DLLs: c:\windows\system32\wxvault.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\6h5kru6m.default\ FF - prefs.js: browser.search.selectedEngine - Live Search . ============= SERVICES / DRIVERS =============== . R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592] S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-3-15 34064] S3 SPC610NC;SPC 610NC Laptop Camera;c:\windows\system32\drivers\SPC610NC.sys [2006-12-23 156800] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000] . =============== Created Last 30 ================ . 2011-12-28 02:45:49 -------- d-sha-r- C:\cmdcons 2011-12-28 02:42:14 98816 ----a-w- c:\windows\sed.exe 2011-12-28 02:42:14 518144 ----a-w- c:\windows\SWREG.exe 2011-12-28 02:42:14 256000 ----a-w- c:\windows\PEV.exe 2011-12-28 02:42:14 208896 ----a-w- c:\windows\MBR.exe 2011-12-13 21:48:50 1692968 ----a-w- C:\avg_remover_stf_x86_2012_1796.exe 2011-12-13 21:13:05 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2011-12-13 21:13:05 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys . ==================== Find3M ==================== . 2011-12-14 16:05:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys 2011-12-14 16:05:06 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-30 17:33:26 89680 ----a-w- c:\documents and settings\bob\MSSSerif120.fon 2011-11-30 15:11:23 3714 --sha-w- c:\windows\system32\KGyGaAvL.sys 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-12 00:56:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-10 12:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 10:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 13:24:29.57 ===============
  10. bobmmp
    Thanks, I understand holidays, shortages ... I had to completely uninstall ESET Security Es. to kill it do to not having any control. Now that the Malwarebytes, ComboFix and DDS are ran, reinstalling ESET. I am getting use to the process of uninstalling and reinstalling Thanks again. BTW, hope you had an awesome Christmas. Combofix said it deleteted two instances of rootkit.zeroaccess and later it said it detected two more rootkits but did not report what they were, did a reboot then finished. ************************************************************** 1. First completed the MBAM quick scan, here is the results: ************************************************************** Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2011.12.28.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Bob :: ADIGITALM [administrator] 12/27/2011 7:23:02 PM mbam-log-2011-12-27 (19-23-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 229536 Time elapsed: 15 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ************************************** 2. Ran ComboFix - Here is the log: ************************************** ComboFix 11-12-27.01 - Bob 12/27/2011 20:06:28.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.660 [GMT -7:00] Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP C:\install.exe c:\windows\$NtUninstallKB59619$ c:\windows\$NtUninstallKB59619$\2535997179 c:\windows\$NtUninstallKB59619$\3232639053\@ c:\windows\$NtUninstallKB59619$\3232639053\bckfg.tmp c:\windows\$NtUninstallKB59619$\3232639053\cfg.ini c:\windows\$NtUninstallKB59619$\3232639053\Desktop.ini c:\windows\$NtUninstallKB59619$\3232639053\keywords c:\windows\$NtUninstallKB59619$\3232639053\kwrd.dll c:\windows\$NtUninstallKB59619$\3232639053\L\iahonoel c:\windows\$NtUninstallKB59619$\3232639053\lsflt7.ver c:\windows\$NtUninstallKB59619$\3232639053\U\00000001.@ c:\windows\$NtUninstallKB59619$\3232639053\U\00000002.@ c:\windows\$NtUninstallKB59619$\3232639053\U\00000004.@ c:\windows\$NtUninstallKB59619$\3232639053\U\80000000.@ c:\windows\$NtUninstallKB59619$\3232639053\U\80000004.@ c:\windows\$NtUninstallKB59619$\3232639053\U\80000032.@ c:\windows\system32\Cache . . ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 ))))))))))))))))))))))))))))))) . . 2011-12-14 21:22 . 2011-12-14 21:22 -------- d-----w- c:\program files\Common Files\Java 2011-12-13 21:48 . 2011-12-13 21:49 1692968 ----a-w- C:\avg_remover_stf_x86_2012_1796.exe 2011-12-13 21:13 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2011-12-13 21:13 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys 2011-11-29 19:33 . 2011-12-13 20:03 -------- d-----w- C:\123AB 2011-11-29 08:41 . 2011-11-29 08:41 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2011-11-29 08:40 . 2011-11-29 08:40 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-11-29 08:01 . 2011-11-29 08:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-14 16:05 . 2004-08-11 22:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-12-14 16:05 . 2004-08-04 04:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys 2011-12-10 22:24 . 2011-04-11 15:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-30 17:33 . 2006-09-26 21:46 89680 ----a-w- c:\documents and settings\Bob\MSSSerif120.fon 2011-11-12 00:56 . 2011-06-09 05:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-10 12:54 . 2010-05-13 19:01 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 10:27 . 2007-04-18 19:36 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-10-10 14:22 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-22 15:51 . 2011-05-11 01:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472] "nwiz"="nwiz.exe" [2006-01-19 1519616] "NVHotkey"="nvHotkey.dll" [2006-01-19 73728] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-22 24576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wxvault.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VProperty.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VProperty.lnk backup=c:\windows\pss\VProperty.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boingo Wi-Finder] 2011-12-14 20:15 2203 ----a-w- c:\program files\Boingo\Boingo Wi-Finder\Boingo.lnk . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder] 2006-11-27 16:25 255528 ----a-w- c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager] 2006-03-09 17:26 98304 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] 2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-06-03 15:37 273544 ----a-w- c:\program files\real\realplayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Home\\ftpte.exe"= "c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\IDM Computer Solutions\\UltraEdit-32\\uedit32.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= . R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 5:21 AM 92592] S0 vqvhha;vqvhha;c:\windows\system32\drivers\btqjcpn.sys --> c:\windows\system32\drivers\btqjcpn.sys [?] S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [3/15/2009 1:13 PM 34064] S3 SPC610NC;SPC 610NC Laptop Camera;c:\windows\system32\drivers\SPC610NC.sys [12/23/2006 11:27 PM 156800] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000] . Contents of the 'Scheduled Tasks' folder . 2009-03-23 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56] . 2011-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2841834785-1377149234-1346910322-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47] . 2011-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2841834785-1377149234-1346910322-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47] . 2011-12-28 c:\windows\Tasks\User_Feed_Synchronization-{52F71B14-476C-4C3F-A717-D9333F264825}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 10:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://mail.adigitalm.com/ uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm TCP: DhcpNameServer = 192.168.0.1 DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam5.hrz.tu-darmstadt.de/activex/AMC.cab FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\6h5kru6m.default\ FF - prefs.js: browser.search.selectedEngine - Live Search . - - - - ORPHANS REMOVED - - - - . HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe SafeBoot-62665652.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-27 20:30 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(568) c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . - - - - - - - > 'explorer.exe'(3436) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\System32\SCardSvr.exe c:\program files\Wave Systems Corp\Common\DataServer.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PSIService.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\System32\snmp.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\System32\PAStiSvc.exe c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe c:\windows\system32\rundll32.exe c:\program files\Apoint\HidFind.exe c:\windows\stsystra.exe c:\program files\Apoint\Apntex.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe . ************************************************************************** . Completion time: 2011-12-27 20:41:04 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-28 03:40 . Pre-Run: 12,272,414,720 bytes free Post-Run: 12,740,771,840 bytes free . - - End Of File - - 8D0DD1D249B11EF566D71A816FE2DF42 ***************************** 3. Finally ran DDS DSS Log: ***************************** . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30 Run by Bob at 21:26:11 on 2011-12-27 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.546 [GMT -7:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\snmp.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Apoint\HidFind.exe C:\WINDOWS\stsystra.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mail.adigitalm.com/ uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe" IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://webcam.innonfifth.com:8080/VatDec.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151685220046 DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://64.84.107.59/activex/AMC.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://80.59.219.32:86/activex/AxisCamControl.cab DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - hxxp://www.trendmicro.com/spyware-scan/as4web.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam5.hrz.tu-darmstadt.de/activex/AMC.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5F922AB0-1979-4C86-9178-78ED53B12405} : DhcpNameServer = 192.168.0.1 AppInit_DLLs: c:\windows\system32\wxvault.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\6h5kru6m.default\ FF - prefs.js: browser.search.selectedEngine - Live Search . ============= SERVICES / DRIVERS =============== . R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592] S0 vqvhha;vqvhha;c:\windows\system32\drivers\btqjcpn.sys --> c:\windows\system32\drivers\btqjcpn.sys [?] S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-3-15 34064] S3 SPC610NC;SPC 610NC Laptop Camera;c:\windows\system32\drivers\SPC610NC.sys [2006-12-23 156800] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000] . =============== Created Last 30 ================ . 2011-12-28 02:45:49 -------- d-sha-r- C:\cmdcons 2011-12-28 02:42:14 98816 ----a-w- c:\windows\sed.exe 2011-12-28 02:42:14 518144 ----a-w- c:\windows\SWREG.exe 2011-12-28 02:42:14 256000 ----a-w- c:\windows\PEV.exe 2011-12-28 02:42:14 208896 ----a-w- c:\windows\MBR.exe 2011-12-13 21:48:50 1692968 ----a-w- C:\avg_remover_stf_x86_2012_1796.exe 2011-12-13 21:13:05 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2011-12-13 21:13:05 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys 2011-11-29 19:33:37 -------- d-----w- C:\123AB . ==================== Find3M ==================== . 2011-12-14 16:05:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys 2011-12-14 16:05:06 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-30 17:33:26 89680 ----a-w- c:\documents and settings\bob\MSSSerif120.fon 2011-11-30 15:11:23 3714 --sha-w- c:\windows\system32\KGyGaAvL.sys 2011-11-12 00:56:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-10 12:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 10:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 21:27:39.68 ===============
  11. bobmmp
    ******************************************************************************** Here are the MBAM history logs plust KDSSKiller which took out 2 rootkits. After I ran KDSSKiller, it said it cured two rootkits. This stopped Ping.EXE ******************************************************************************** ******************* MBAM 4/11/2011 ******************* Database version: 6333 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/11/2011 10:32:02 AM mbam-log-2011-04-11 (10-32-02).txt Scan type: Quick scan Objects scanned: 189557 Time elapsed: 7 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 4 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\program files\MJC (Trojan.Agent) -> Quarantined and deleted successfully. C:\program files\MJC\mjc rounded div (Trojan.Agent) -> Quarantined and deleted successfully. C:\program files\MJC\mjc rounded div\MJC (Trojan.Agent) -> Quarantined and deleted successfully. C:\program files\MJC\mjc rounded div\MJC\roundeddiv (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\program files\MJC\mjc rounded div\MJC\roundeddiv\Thumbs.db (Trojan.Agent) -> Quarantined and deleted successfully. ******************* MBAM 11/9/2011 ******************* Database version: 8125 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/9/2011 9:08:57 AM mbam-log-2011-11-09 (09-08-57).txt Scan type: Quick scan Objects scanned: 209381 Time elapsed: 5 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oWWKK8fRL9hTwjC8234A (Malware.Packer) -> Value: oWWKK8fRL9hTwjC8234A -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\av security 2012v121.exe (Malware.Packer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\cdrom.sys (Rootkit.0Access) -> Quarantined and deleted successfully. C:\documents and settings\Bob\local settings\Temp\0.12187553257565276.exe (Trojan.Exploit.Drop) -> Quarantined and deleted successfully. C:\documents and settings\Bob\local settings\Temp\0.9979782010782732.exe (Trojan.Exploit.Drop) -> Quarantined and deleted successfully. C:\documents and settings\Bob\application data\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully. ******************* MBAM 11/9/2011 Re-scan ******************* Database version: 8125 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/9/2011 12:26:40 PM mbam-log-2011-11-09 (12-26-40).txt Scan type: Full scan (C:\|) Objects scanned: 496554 Time elapsed: 2 hour(s), 34 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1416\A0140287.sys (Rootkit.0Access) -> Quarantined and deleted successfully. ******************* MBAM 11/18/2011 ******************* Database version: 8189 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/18/2011 1:08:06 PM mbam-log-2011-11-18 (13-08-06).txt Scan type: Quick scan Objects scanned: 215267 Time elapsed: 12 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\documents and settings\Bob\Desktop\av security 2012.lnk (Rogue.AVSecurity2012) -> Quarantined and deleted successfully. ******************* MBAM 11/29/2011 ******************* Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8273 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/29/2011 2:37:19 PM mbam-log-2011-11-29 (14-37-19).txt Scan type: Quick scan Objects scanned: 208544 Time elapsed: 7 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1782351697 (Trojan.FakeAlert) -> Value: 1782351697 -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\documents and settings\Bob\local settings\application data\etf.exe1 (Trojan.FakeMS) -> Quarantined and deleted successfully. ******************* MBAM 11/30/2011 ******************* Database version: 8273 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/30/2011 8:27:23 AM mbam-log-2011-11-30 (08-27-23).txt Scan type: Quick scan Objects scanned: 221996 Time elapsed: 22 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\Temp\0.1723781414203639.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\0.7334956929411629.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\0.5426214126757316.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. ******************* MBAM 12/1/2011 ******************* Database version: 8273 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/1/2011 8:08:32 PM mbam-log-2011-12-01 (20-08-32).txt Scan type: Quick scan Objects scanned: 222545 Time elapsed: 18 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MozillaAgent (Trojan.Dropper) -> Value: MozillaAgent -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully. ******************* KDSSKiller ******************* 08:55:56.0265 3236 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 08:55:56.0328 3236 ============================================================ 08:55:56.0328 3236 Current date / time: 2011/12/14 08:55:56.0328 08:55:56.0328 3236 SystemInfo: 08:55:56.0328 3236 08:55:56.0328 3236 OS Version: 5.1.2600 ServicePack: 3.0 08:55:56.0328 3236 Product type: Workstation 08:55:56.0328 3236 ComputerName: ADIGITALM 08:55:56.0328 3236 UserName: Bob 08:55:56.0328 3236 Windows directory: C:\WINDOWS 08:55:56.0328 3236 System windows directory: C:\WINDOWS 08:55:56.0328 3236 Processor architecture: Intel x86 08:55:56.0328 3236 Number of processors: 2 08:55:56.0328 3236 Page size: 0x1000 08:55:56.0328 3236 Boot type: Normal boot 08:55:56.0328 3236 ============================================================ 08:55:58.0140 3236 Initialize success 08:56:35.0015 3456 ============================================================ 08:56:35.0015 3456 Scan started 08:56:35.0015 3456 Mode: Manual; 08:56:35.0015 3456 ============================================================ 08:56:35.0328 3456 Abiosdsk - ok 08:56:35.0359 3456 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 08:56:35.0390 3456 abp480n5 - ok 08:56:35.0453 3456 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys 08:56:35.0453 3456 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17 08:56:35.0468 3456 ACPI ( Virus.Win32.Rloader.a ) - infected 08:56:35.0468 3456 ACPI - detected Virus.Win32.Rloader.a (0) 08:56:35.0484 3456 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 08:56:35.0500 3456 ACPIEC - ok 08:56:35.0531 3456 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 08:56:35.0546 3456 adpu160m - ok 08:56:35.0656 3456 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 08:56:35.0671 3456 aec - ok 08:56:35.0703 3456 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys 08:56:35.0734 3456 AegisP - ok 08:56:35.0781 3456 AFD (d883012f1019f2d2f4d928d95b701f75) C:\WINDOWS\System32\drivers\afd.sys 08:56:35.0812 3456 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: d883012f1019f2d2f4d928d95b701f75, Fake md5: 1e44bc1e83d8fd2305f8d452db109cf9 08:56:35.0812 3456 AFD ( Rootkit.Win32.ZAccess.k ) - infected 08:56:35.0812 3456 AFD - detected Rootkit.Win32.ZAccess.k (0) 08:56:35.0859 3456 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 08:56:35.0875 3456 agp440 - ok 08:56:35.0953 3456 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 08:56:35.0968 3456 agpCPQ - ok 08:56:35.0984 3456 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 08:56:36.0031 3456 Aha154x - ok 08:56:36.0062 3456 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 08:56:36.0078 3456 aic78u2 - ok 08:56:36.0125 3456 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 08:56:36.0140 3456 aic78xx - ok 08:56:36.0218 3456 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 08:56:36.0234 3456 AliIde - ok 08:56:36.0281 3456 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 08:56:36.0296 3456 alim1541 - ok 08:56:36.0312 3456 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 08:56:36.0328 3456 amdagp - ok 08:56:36.0375 3456 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 08:56:36.0421 3456 amsint - ok 08:56:36.0515 3456 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 08:56:36.0546 3456 ApfiltrService - ok 08:56:36.0578 3456 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 08:56:36.0578 3456 APPDRV - ok 08:56:36.0625 3456 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 08:56:36.0640 3456 Arp1394 - ok 08:56:36.0687 3456 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 08:56:36.0703 3456 asc - ok 08:56:36.0781 3456 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 08:56:36.0812 3456 asc3350p - ok 08:56:36.0843 3456 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 08:56:36.0875 3456 asc3550 - ok 08:56:36.0937 3456 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 08:56:36.0953 3456 AsyncMac - ok 08:56:36.0984 3456 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 08:56:36.0984 3456 atapi - ok 08:56:37.0078 3456 Atdisk - ok 08:56:37.0109 3456 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 08:56:37.0109 3456 Atmarpc - ok 08:56:37.0171 3456 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 08:56:37.0187 3456 audstub - ok 08:56:37.0234 3456 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 08:56:37.0234 3456 b57w2k - ok 08:56:37.0265 3456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 08:56:37.0281 3456 Beep - ok 08:56:37.0328 3456 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 08:56:37.0359 3456 cbidf - ok 08:56:37.0421 3456 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 08:56:37.0421 3456 cbidf2k - ok 08:56:37.0484 3456 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 08:56:37.0500 3456 CCDECODE - ok 08:56:37.0531 3456 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 08:56:37.0531 3456 cd20xrnt - ok 08:56:37.0546 3456 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 08:56:37.0609 3456 Cdaudio - ok 08:56:37.0656 3456 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 08:56:37.0656 3456 Cdfs - ok 08:56:37.0765 3456 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 08:56:37.0796 3456 Cdrom - ok 08:56:37.0812 3456 Changer - ok 08:56:37.0890 3456 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 08:56:37.0906 3456 CmBatt - ok 08:56:37.0937 3456 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 08:56:37.0953 3456 CmdIde - ok 08:56:37.0984 3456 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 08:56:37.0984 3456 Compbatt - ok 08:56:38.0031 3456 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 08:56:38.0062 3456 Cpqarray - ok 08:56:38.0156 3456 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 08:56:38.0203 3456 dac2w2k - ok 08:56:38.0250 3456 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 08:56:38.0265 3456 dac960nt - ok 08:56:38.0343 3456 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 08:56:38.0375 3456 Disk - ok 08:56:38.0453 3456 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 08:56:38.0484 3456 DLABOIOM - ok 08:56:38.0531 3456 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 08:56:38.0546 3456 DLACDBHM - ok 08:56:38.0546 3456 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS 08:56:38.0578 3456 DLADResN - ok 08:56:38.0609 3456 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 08:56:38.0625 3456 DLAIFS_M - ok 08:56:38.0640 3456 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 08:56:38.0640 3456 DLAOPIOM - ok 08:56:38.0671 3456 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 08:56:38.0687 3456 DLAPoolM - ok 08:56:38.0781 3456 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 08:56:38.0781 3456 DLARTL_N - ok 08:56:38.0812 3456 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 08:56:38.0828 3456 DLAUDFAM - ok 08:56:38.0859 3456 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 08:56:38.0875 3456 DLAUDF_M - ok 08:56:38.0968 3456 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 08:56:39.0015 3456 dmboot - ok 08:56:39.0093 3456 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 08:56:39.0125 3456 dmio - ok 08:56:39.0156 3456 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 08:56:39.0171 3456 dmload - ok 08:56:39.0234 3456 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 08:56:39.0234 3456 DMusic - ok 08:56:39.0265 3456 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 08:56:39.0265 3456 dpti2o - ok 08:56:39.0312 3456 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 08:56:39.0328 3456 drmkaud - ok 08:56:39.0406 3456 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 08:56:39.0437 3456 DRVMCDB - ok 08:56:39.0484 3456 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 08:56:39.0484 3456 DRVNDDM - ok 08:56:39.0515 3456 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 08:56:39.0515 3456 E100B - ok 08:56:39.0578 3456 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys 08:56:39.0578 3456 eamon - ok 08:56:39.0640 3456 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys 08:56:39.0687 3456 ehdrv - ok 08:56:39.0765 3456 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\WINDOWS\system32\DRIVERS\epfw.sys 08:56:39.0796 3456 epfw - ok 08:56:39.0828 3456 Epfwndis (75d3bcd3e0eded0ab0f96d9a10ff01c9) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys 08:56:39.0828 3456 Epfwndis - ok 08:56:39.0890 3456 epfwtdi (dc64f26f35e32c9472bbf8acd84060d3) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys 08:56:39.0906 3456 epfwtdi - ok 08:56:39.0984 3456 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 08:56:40.0000 3456 Fastfat - ok 08:56:40.0046 3456 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 08:56:40.0062 3456 Fdc - ok 08:56:40.0125 3456 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 08:56:40.0125 3456 Fips - ok 08:56:40.0156 3456 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 08:56:40.0171 3456 Flpydisk - ok 08:56:40.0234 3456 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 08:56:40.0234 3456 FltMgr - ok 08:56:40.0296 3456 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 08:56:40.0312 3456 Fs_Rec - ok 08:56:40.0343 3456 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 08:56:40.0359 3456 Ftdisk - ok 08:56:40.0453 3456 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 08:56:40.0453 3456 Gpc - ok 08:56:40.0515 3456 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 08:56:40.0515 3456 HDAudBus - ok 08:56:40.0562 3456 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 08:56:40.0562 3456 HidUsb - ok 08:56:40.0640 3456 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 08:56:40.0656 3456 hpn - ok 08:56:40.0734 3456 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 08:56:40.0750 3456 HSF_DPV - ok 08:56:40.0828 3456 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 08:56:40.0828 3456 HSXHWAZL - ok 08:56:40.0906 3456 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 08:56:40.0906 3456 HTTP - ok 08:56:40.0968 3456 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 08:56:40.0968 3456 i2omgmt - ok 08:56:41.0000 3456 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 08:56:41.0015 3456 i2omp - ok 08:56:41.0078 3456 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 08:56:41.0078 3456 i8042prt - ok 08:56:41.0140 3456 ICAM3NT5 (7e9dce459be666ab54f67e77cb7d1297) C:\WINDOWS\system32\Drivers\Icam3.sys 08:56:41.0156 3456 ICAM3NT5 - ok 08:56:41.0203 3456 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 08:56:41.0203 3456 Imapi - ok 08:56:41.0250 3456 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 08:56:41.0296 3456 ini910u - ok 08:56:41.0359 3456 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 08:56:41.0359 3456 IntelIde - ok 08:56:41.0453 3456 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 08:56:41.0453 3456 intelppm - ok 08:56:41.0484 3456 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 08:56:41.0500 3456 Ip6Fw - ok 08:56:41.0515 3456 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 08:56:41.0546 3456 IpFilterDriver - ok 08:56:41.0578 3456 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 08:56:41.0578 3456 IpInIp - ok 08:56:41.0625 3456 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 08:56:41.0625 3456 IpNat - ok 08:56:41.0687 3456 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 08:56:41.0687 3456 IPSec - ok 08:56:41.0765 3456 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 08:56:41.0765 3456 IRENUM - ok 08:56:41.0812 3456 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 08:56:41.0828 3456 isapnp - ok 08:56:41.0843 3456 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 08:56:41.0843 3456 Kbdclass - ok 08:56:41.0875 3456 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 08:56:41.0875 3456 kbdhid - ok 08:56:41.0906 3456 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 08:56:41.0906 3456 kmixer - ok 08:56:41.0968 3456 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 08:56:41.0984 3456 KSecDD - ok 08:56:42.0062 3456 lbrtfdc - ok 08:56:42.0109 3456 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 08:56:42.0125 3456 mdmxsdk - ok 08:56:42.0140 3456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 08:56:42.0171 3456 mnmdd - ok 08:56:42.0250 3456 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 08:56:42.0250 3456 Modem - ok 08:56:42.0265 3456 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 08:56:42.0296 3456 Mouclass - ok 08:56:42.0375 3456 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 08:56:42.0375 3456 mouhid - ok 08:56:42.0406 3456 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 08:56:42.0421 3456 MountMgr - ok 08:56:42.0468 3456 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 08:56:42.0484 3456 mraid35x - ok 08:56:42.0531 3456 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 08:56:42.0546 3456 MRxDAV - ok 08:56:42.0625 3456 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 08:56:42.0671 3456 MRxSmb - ok 08:56:42.0796 3456 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 08:56:42.0828 3456 Msfs - ok 08:56:42.0859 3456 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 08:56:42.0875 3456 MSKSSRV - ok 08:56:42.0921 3456 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 08:56:42.0921 3456 MSPCLOCK - ok 08:56:42.0953 3456 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 08:56:42.0953 3456 MSPQM - ok 08:56:43.0015 3456 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 08:56:43.0015 3456 mssmbios - ok 08:56:43.0093 3456 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 08:56:43.0109 3456 MSTEE - ok 08:56:43.0156 3456 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 08:56:43.0187 3456 Mup - ok 08:56:43.0234 3456 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 08:56:43.0250 3456 NABTSFEC - ok 08:56:43.0281 3456 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 08:56:43.0296 3456 NDIS - ok 08:56:43.0312 3456 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 08:56:43.0328 3456 NdisIP - ok 08:56:43.0437 3456 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 08:56:43.0453 3456 NdisTapi - ok 08:56:43.0500 3456 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 08:56:43.0531 3456 Ndisuio - ok 08:56:43.0546 3456 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 08:56:43.0562 3456 NdisWan - ok 08:56:43.0625 3456 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 08:56:47.0125 3456 NDProxy - ok 08:56:47.0234 3456 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 08:56:47.0250 3456 NetBIOS - ok 08:56:47.0281 3456 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 08:56:47.0296 3456 NetBT - ok 08:56:47.0343 3456 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 08:56:47.0343 3456 NIC1394 - ok 08:56:47.0406 3456 npf (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys 08:56:47.0406 3456 npf - ok 08:56:47.0437 3456 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 08:56:47.0453 3456 Npfs - ok 08:56:47.0546 3456 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 08:56:47.0593 3456 Ntfs - ok 08:56:47.0625 3456 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 08:56:47.0640 3456 Null - ok 08:56:47.0812 3456 nv (5796a04ccc99542fdfb43f2accd803df) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 08:56:47.0953 3456 nv - ok 08:56:48.0046 3456 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 08:56:48.0062 3456 NwlnkFlt - ok 08:56:48.0093 3456 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 08:56:48.0109 3456 NwlnkFwd - ok 08:56:48.0171 3456 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 08:56:48.0171 3456 ohci1394 - ok 08:56:48.0218 3456 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 08:56:48.0218 3456 Parport - ok 08:56:48.0250 3456 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 08:56:48.0265 3456 PartMgr - ok 08:56:48.0328 3456 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 08:56:48.0359 3456 ParVdm - ok 08:56:48.0390 3456 PBADRV (6ef25fb20cd269e3e51d8ca54935fff2) C:\WINDOWS\system32\drivers\pbadrv.sys 08:56:48.0406 3456 PBADRV - ok 08:56:48.0453 3456 PCASp50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\WINDOWS\system32\Drivers\PCASp50.sys 08:56:48.0468 3456 PCASp50 - ok 08:56:48.0562 3456 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 08:56:48.0562 3456 PCI - ok 08:56:48.0609 3456 PCIDump - ok 08:56:48.0640 3456 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 08:56:48.0671 3456 PCIIde - ok 08:56:48.0703 3456 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 08:56:48.0703 3456 Pcmcia - ok 08:56:48.0718 3456 PDCOMP - ok 08:56:48.0734 3456 PDFRAME - ok 08:56:48.0765 3456 PDRELI - ok 08:56:48.0781 3456 PDRFRAME - ok 08:56:48.0828 3456 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 08:56:48.0828 3456 perc2 - ok 08:56:48.0875 3456 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 08:56:48.0875 3456 perc2hib - ok 08:56:48.0953 3456 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 08:56:48.0968 3456 PptpMiniport - ok 08:56:49.0062 3456 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 08:56:49.0062 3456 Ptilink - ok 08:56:49.0109 3456 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 08:56:49.0125 3456 PxHelp20 - ok 08:56:49.0187 3456 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 08:56:49.0203 3456 ql1080 - ok 08:56:49.0234 3456 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 08:56:49.0234 3456 Ql10wnt - ok 08:56:49.0312 3456 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 08:56:49.0328 3456 ql12160 - ok 08:56:49.0359 3456 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 08:56:49.0406 3456 ql1240 - ok 08:56:49.0453 3456 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 08:56:49.0484 3456 ql1280 - ok 08:56:49.0515 3456 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 08:56:49.0531 3456 RasAcd - ok 08:56:49.0625 3456 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 08:56:49.0640 3456 Rasl2tp - ok 08:56:49.0671 3456 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 08:56:49.0703 3456 RasPppoe - ok 08:56:49.0734 3456 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 08:56:49.0750 3456 Raspti - ok 08:56:49.0781 3456 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 08:56:49.0781 3456 Rdbss - ok 08:56:49.0812 3456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 08:56:49.0812 3456 RDPCDD - ok 08:56:49.0906 3456 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 08:56:49.0921 3456 rdpdr - ok 08:56:49.0984 3456 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 08:56:50.0015 3456 RDPWD - ok 08:56:50.0062 3456 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 08:56:50.0078 3456 redbook - ok 08:56:50.0140 3456 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys 08:56:50.0140 3456 RimUsb - ok 08:56:50.0218 3456 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 08:56:50.0218 3456 RimVSerPort - ok 08:56:50.0250 3456 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 08:56:50.0265 3456 ROOTMODEM - ok 08:56:50.0312 3456 s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys 08:56:50.0343 3456 s24trans - ok 08:56:50.0421 3456 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 08:56:50.0437 3456 Secdrv - ok 08:56:50.0562 3456 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 08:56:50.0593 3456 serenum - ok 08:56:50.0640 3456 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 08:56:50.0640 3456 Serial - ok 08:56:50.0671 3456 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 08:56:50.0687 3456 Sfloppy - ok 08:56:50.0703 3456 Simbad - ok 08:56:50.0765 3456 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 08:56:50.0765 3456 sisagp - ok 08:56:50.0828 3456 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 08:56:50.0828 3456 SLIP - ok 08:56:50.0890 3456 SoC PC-Camera Service (a3d484ebd8c1f6db3739e892a6304951) C:\WINDOWS\system32\DRIVERS\pfc027.sys 08:56:50.0890 3456 SoC PC-Camera Service - ok 08:56:50.0968 3456 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 08:56:50.0984 3456 Sparrow - ok 08:56:51.0031 3456 SPC610NC (4d5edc58542fe46801f6856f5a43e0d9) C:\WINDOWS\system32\DRIVERS\SPC610NC.SYS 08:56:51.0046 3456 SPC610NC - ok 08:56:51.0109 3456 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 08:56:51.0125 3456 splitter - ok 08:56:51.0187 3456 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 08:56:51.0187 3456 sr - ok 08:56:51.0281 3456 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 08:56:51.0296 3456 Srv - ok 08:56:51.0375 3456 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys 08:56:51.0406 3456 STHDA - ok 08:56:51.0531 3456 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 08:56:51.0531 3456 streamip - ok 08:56:51.0562 3456 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 08:56:51.0578 3456 swenum - ok 08:56:51.0609 3456 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 08:56:51.0625 3456 swmidi - ok 08:56:51.0671 3456 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 08:56:51.0671 3456 symc810 - ok 08:56:51.0718 3456 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 08:56:51.0734 3456 symc8xx - ok 08:56:51.0812 3456 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 08:56:51.0843 3456 sym_hi - ok 08:56:51.0859 3456 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 08:56:51.0875 3456 sym_u3 - ok 08:56:51.0937 3456 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 08:56:51.0937 3456 sysaudio - ok 08:56:52.0015 3456 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 08:56:52.0062 3456 Tcpip - ok 08:56:52.0171 3456 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 08:56:52.0171 3456 TDPIPE - ok 08:56:52.0203 3456 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 08:56:52.0203 3456 TDTCP - ok 08:56:52.0234 3456 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 08:56:52.0250 3456 TermDD - ok 08:56:52.0296 3456 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 08:56:52.0312 3456 TosIde - ok 08:56:52.0343 3456 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 08:56:52.0375 3456 Udfs - ok 08:56:52.0453 3456 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 08:56:52.0468 3456 ultra - ok 08:56:52.0531 3456 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 08:56:52.0562 3456 Update - ok 08:56:52.0828 3456 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 08:56:52.0843 3456 usbccgp - ok 08:56:52.0921 3456 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys 08:56:52.0937 3456 USBCCID - ok 08:56:52.0984 3456 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 08:56:53.0000 3456 usbehci - ok 08:56:53.0046 3456 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 08:56:53.0062 3456 usbhub - ok 08:56:53.0093 3456 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 08:56:53.0093 3456 usbprint - ok 08:56:53.0171 3456 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 08:56:53.0187 3456 usbscan - ok 08:56:53.0265 3456 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 08:56:53.0265 3456 USBSTOR - ok 08:56:53.0281 3456 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 08:56:53.0296 3456 usbuhci - ok 08:56:53.0328 3456 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 08:56:53.0343 3456 VgaSave - ok 08:56:53.0406 3456 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 08:56:53.0421 3456 viaagp - ok 08:56:53.0500 3456 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 08:56:53.0500 3456 ViaIde - ok 08:56:53.0562 3456 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 08:56:53.0578 3456 VolSnap - ok 08:56:53.0593 3456 vqvhha - ok 08:56:53.0687 3456 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys 08:56:53.0734 3456 w39n51 - ok 08:56:53.0828 3456 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 08:56:53.0828 3456 Wanarp - ok 08:56:53.0890 3456 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 08:56:53.0953 3456 Wdf01000 - ok 08:56:53.0968 3456 WDICA - ok 08:56:54.0031 3456 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 08:56:54.0046 3456 wdmaud - ok 08:56:54.0109 3456 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 08:56:54.0140 3456 winachsf - ok 08:56:54.0281 3456 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 08:56:54.0328 3456 WpdUsb - ok 08:56:54.0343 3456 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 08:56:54.0359 3456 WS2IFSL - ok 08:56:54.0421 3456 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 08:56:54.0437 3456 WSTCODEC - ok 08:56:54.0515 3456 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 08:56:54.0546 3456 WudfPf - ok 08:56:54.0609 3456 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 08:56:54.0625 3456 WudfRd - ok 08:56:54.0687 3456 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 08:56:54.0906 3456 \Device\Harddisk0\DR0 - ok 08:56:54.0906 3456 Boot (0x1200) (17412757af2f8f331ed49ba180a9ccdc) \Device\Harddisk0\DR0\Partition0 08:56:54.0906 3456 \Device\Harddisk0\DR0\Partition0 - ok 08:56:54.0906 3456 ============================================================ 08:56:54.0906 3456 Scan finished 08:56:54.0906 3456 ============================================================ 08:56:54.0937 3448 Detected object count: 2 08:56:54.0937 3448 Actual detected object count: 2 09:01:53.0781 3448 Backup copy found, using it.. 09:01:53.0953 3448 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot 09:01:53.0953 3448 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure 09:01:54.0218 3448 Backup copy found, using it.. 09:01:54.0437 3448 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot 09:01:56.0843 3448 AFD ( Rootkit.Win32.ZAccess.k ) - User select action: Cure 09:02:46.0296 3328 Deinitialize success Thanks Again, will be thrilled when all is right again.
  12. bobmmp
    Good morning and thank you very much for your help. Here are the scan. MBAM Scan and the DDS Scan. At the end of this, I am going post some previous MBAM, TDSSKiller Scans where I have cleaned the computer and reinfection seems to appear. My security center and ESET still seem to be affected by what ever happened. ******************************************* MBAM ******************************************* Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 911122308 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/23/2011 9:48:30 AM mbam-log-2011-12-23 (09-48-30).txt Scan type: Quick scan Objects scanned: 228630 Time elapsed: 15 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ***************************************** Current DDS Scan ***************************************** . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30 Run by Bob at 10:23:55 on 2011-12-23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.342 [GMT -7:00] . AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\snmp.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\NOTEPAD.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mail.adigitalm.com/ uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe" IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: mswsock.dll DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://webcam.innonfifth.com:8080/VatDec.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151685220046 DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://64.84.107.59/activex/AMC.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://80.59.219.32:86/activex/AxisCamControl.cab DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - hxxp://www.trendmicro.com/spyware-scan/as4web.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam5.hrz.tu-darmstadt.de/activex/AMC.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5F922AB0-1979-4C86-9178-78ED53B12405} : DhcpNameServer = 192.168.0.1 AppInit_DLLs: wxvault.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\6h5kru6m.default\ FF - prefs.js: browser.search.selectedEngine - Live Search FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592] S0 vqvhha;vqvhha;c:\windows\system32\drivers\btqjcpn.sys --> c:\windows\system32\drivers\btqjcpn.sys [?] S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-3-15 34064] S3 SPC610NC;SPC 610NC Laptop Camera;c:\windows\system32\drivers\SPC610NC.sys [2006-12-23 156800] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000] . =============== Created Last 30 ================ . 2011-12-13 21:48:50 1692968 ----a-w- C:\avg_remover_stf_x86_2012_1796.exe 2011-12-13 21:13:05 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2011-12-13 21:13:05 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys 2011-11-29 19:33:37 -------- d-----w- C:\123AB . ==================== Find3M ==================== . 2011-12-14 16:05:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys 2011-12-14 16:05:06 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-11-30 17:33:26 89680 ----a-w- c:\documents and settings\bob\MSSSerif120.fon 2011-11-30 15:11:23 3714 --sha-w- c:\windows\system32\KGyGaAvL.sys 2011-11-12 00:56:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-10 12:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 10:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll . ============= FINISH: 10:25:57.85 =============== Thanks again, looking forward to getting this all healthy again!
  13. bobmmp
    Over the past several months I have had repeat infections. malwarebytes has detected and reported clean. Then scan again later and bam, here we go again. Now Ping.exe keeps showing up in the sys tray. I kill it and it starts again. Also, Mal. detected and cleaned cdrom.sys, now cd rom/dvd does not work. Here is a combined MBAM log and dds.txt Any help getting rid of this for good is appreciated! Oh, did not see an edit feature for the post, but ESET runs in hide mode so cannot temp disable it? Might effects scans? dds.txt MBAMcombined.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.