Jump to content

treb

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Everything posted by treb

  1. I get at least a dozen new topic e-mails a day, can someone please tell me how to stop this!
  2. Please tell me how to remove myself from malwarebytes forum
  3. Hi, Negster: sorry for the delayed response, took the PC to the Tech shop, it went crazy when I uninstalled Comodo! They found 8 assorted viruses and rootkits, couldn't fix them all, recommended a clean install which I am in the middle of now. Will contact you after I get back online.(using a friend's PC right now) Treb
  4. OK: 1. They're all free, unregistered programs! 2. as to the AV's, I got rid of Ad-Aware, but at a loss re: Comodo vs MSE, please advise. Or could you suggest a better program(like the one you use perhaps?) I don't mind paying, I've just never bothered. 3. I kept Mbam and uninstalled the other four.
  5. Deleted Bonjour, theres also a Bonjour Print Services, they both came with my Kodak printer. Should I uninstall it also? Checkup.txt: Results of screen317's Security Check version 0.99.6 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 Trend Micro RUBotted Microsoft Security Essentials Microsoft Security Essentials successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware CCleaner Java 6 Update 22 Adobe Flash Player 10.1.102.64 Adobe Reader X Mozilla Firefox (3.6.13) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Ad-Aware AAWService.exe Ad-Aware AAWTray.exe WinPatrol winpatrol.exe Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe Microsoft Security Essentials msseces.exe Acronis OnlineBackupStandalone TrueImageMonitor.exe BillP Studios WinPatrol WinPatrol.exe Trend Micro RUBotted TMRUBotted.exe Trend Micro RUBotted TMRUBottedTray.exe ```````````````````````````````` DNS Vulnerability Check: Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?) ``````````End of Log```````````` DDS.txt: DDS (Ver_10-12-12.02) - NTFSx86 Run by Eric at 17:49:07.57 on Sun 12/12/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.2504 [GMT -7:00] AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: COMODO Firewall *Disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs c:\Program Files\Microsoft Security Essentials\MsMpEng.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files\COMODO\Time Machine\ClientService.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\COMODO\Time Machine\CTMTRAY.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files\Secunia\PSI\psi.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Documents and Settings\Eric\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - SingleInstance Class TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File uRun: [Google Update] "c:\documents and settings\eric\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [Conime] %windir%\system32\conime.exe mRun: [COMODO_TimeMachine] "c:\program files\comodo\time machine\CTMTRAY.exe" mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe" mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe" mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [sAOB Monitor] c:\program files\acronis\onlinebackupstandalone\TrueImageMonitor.exe mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\eric\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Notify: igfxcui - igfxdev.dll SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\gnfkpn3n.default\ FF - plugin: c:\documents and settings\eric\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} FF - Ext: Team Cymru's MHR: mhr@team.cymru - %profile%\extensions\mhr@team.cymru ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== R0 CTMFLT;COMODO Time Machine Bus Driver;c:\windows\system32\drivers\CTMFLT.sys [2010-8-3 2097152] R0 CTMMOUNT;COMODO Time Machine Mount Manager Driver;c:\windows\system32\drivers\CTMMOUNT.sys [2010-8-3 2097152] R0 CTMSHD;COMODO Time Machine Disk Filter Driver;c:\windows\system32\drivers\CTMSHD.sys [2010-8-3 2097152] R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-10-14 26248] R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-10-14 20616] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-14 64288] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2010-11-18 752128] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-6-1 15592] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 239240] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 25240] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216] R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-8-11 3975088] R2 ClientService;COMODO Time Machine Client Service;c:\program files\comodo\time machine\ClientService.exe [2010-7-20 280888] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1901056] R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-10-13 582992] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-8-11 163232] R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-10-14 122504] R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1389400] R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-10-13 206608] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656] S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-11-1 13192] S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-10-14 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-11-1 8456] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904] S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-10-13 206608] =============== Created Last 30 ================ UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 7/23/2010 12:10:51 AM System Uptime: 12/12/2010 2:06:27 PM (0 hours ago) Motherboard: Intel Corporation | | D945GCNL Processor: Intel® Core2 CPU 4300 @ 1.80GHz | LGA 775 | 1795/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 233 GiB total, 214.774 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP96: 9/14/2010 4:41:06 PM - Software Distribution Service 3.0 RP97: 9/14/2010 5:57:52 PM - Software Distribution Service 3.0 RP98: 9/14/2010 8:27:19 PM - Installed Windows XP KB2347290. RP99: 9/15/2010 6:16:16 PM - Software Distribution Service 3.0 RP100: 9/16/2010 7:10:52 PM - Installed Windows XP KB981322. RP101: 9/17/2010 12:11:22 PM - Software Distribution Service 3.0 RP102: 9/17/2010 2:10:41 PM - Revo Uninstaller's restore point - Ashampoo WinOptimizer 7.11 RP103: 9/17/2010 2:13:22 PM - Revo Uninstaller's restore point - Ashampoo WinOptimizer 7.11 RP104: 9/18/2010 1:07:55 PM - Software Distribution Service 3.0 RP105: 9/18/2010 8:28:59 PM - Software Distribution Service 3.0 RP106: 9/20/2010 3:08:04 PM - Software Distribution Service 3.0 RP107: 9/21/2010 3:44:02 PM - Software Distribution Service 3.0 RP108: 9/22/2010 4:09:22 PM - System Checkpoint RP109: 9/23/2010 5:11:03 PM - Software Distribution Service 3.0 RP110: 9/24/2010 5:26:57 PM - System Checkpoint RP111: 9/25/2010 9:02:19 PM - Software Distribution Service 3.0 RP112: 9/26/2010 9:13:23 PM - Software Distribution Service 3.0 RP113: 9/27/2010 9:14:25 PM - Software Distribution Service 3.0 RP114: 9/28/2010 5:26:46 PM - Software Distribution Service 3.0 RP115: 9/29/2010 4:13:33 PM - Software Distribution Service 3.0 RP116: 9/30/2010 5:03:11 PM - Software Distribution Service 3.0 RP117: 10/1/2010 3:30:20 PM - Software Distribution Service 3.0 RP118: 10/1/2010 5:28:52 PM - Installed Windows XP KB2362765. RP119: 10/1/2010 10:07:29 PM - Software Distribution Service 3.0 RP120: 10/3/2010 4:12:01 PM - Software Distribution Service 3.0 RP121: 10/4/2010 5:05:48 PM - System Checkpoint RP122: 10/5/2010 3:49:53 PM - Software Distribution Service 3.0 RP123: 10/5/2010 9:44:09 PM - Removed Adobe Reader 9.3.4. RP124: 10/5/2010 9:44:42 PM - Installed Adobe Reader 9.4.0. RP125: 10/5/2010 9:53:57 PM - Revo Uninstaller's restore point - McAfee Security Scan Plus RP126: 10/5/2010 9:55:07 PM - Revo Uninstaller's restore point - McAfee Security Scan Plus RP127: 10/6/2010 4:52:43 PM - Installed Windows 7 Upgrade Advisor RP128: 10/6/2010 6:01:18 PM - Software Distribution Service 3.0 RP129: 10/7/2010 6:04:44 PM - Revo Uninstaller's restore point - PC Pitstop Optimize3 3.0 RP130: 10/7/2010 6:05:39 PM - Revo Uninstaller's restore point - PC Pitstop Optimize3 3.0 RP131: 10/8/2010 11:31:46 AM - Software Distribution Service 3.0 RP132: 10/8/2010 1:29:08 PM - Installed Cloudmark DesktopOne. RP133: 10/8/2010 1:31:56 PM - Revo Uninstaller's restore point - Cloudmark DesktopOne RP134: 10/8/2010 1:32:08 PM - Removed Cloudmark DesktopOne. RP135: 10/8/2010 1:33:29 PM - Revo Uninstaller's restore point - Cloudmark DesktopOne RP136: 10/8/2010 1:34:06 PM - Revo Uninstaller's restore point - Cloudmark DesktopOne RP137: 10/9/2010 3:41:17 PM - Software Distribution Service 3.0 RP138: 10/10/2010 7:08:31 PM - Software Distribution Service 3.0 RP139: 10/11/2010 4:10:11 PM - Software Distribution Service 3.0 RP140: 10/12/2010 4:47:17 PM - System Checkpoint RP141: 10/12/2010 6:03:09 PM - Installed Java 6 Update 22 RP142: 10/12/2010 6:29:28 PM - Revo Uninstaller's restore point - Mozilla Thunderbird (3.1.4) RP143: 10/12/2010 6:32:10 PM - Revo Uninstaller's restore point - Mozilla Thunderbird (3.1.4) RP144: 10/12/2010 6:40:44 PM - Software Distribution Service 3.0 RP145: 10/12/2010 7:04:57 PM - Software Distribution Service 3.0 RP146: 10/13/2010 3:12:28 PM - Removed Java 6 Update 21 RP147: 10/13/2010 3:14:06 PM - Installed Java 6 Update 22 RP148: 10/13/2010 5:13:11 PM - Installed Trend Micro RUBotted RP149: 10/14/2010 3:36:42 PM - Software Distribution Service 3.0 RP150: 10/15/2010 4:26:31 PM - Software Distribution Service 3.0 RP151: 10/16/2010 2:48:57 PM - Software Distribution Service 3.0 RP152: 10/17/2010 6:12:17 PM - Software Distribution Service 3.0 RP153: 10/18/2010 6:48:43 PM - Software Distribution Service 3.0 RP154: 10/19/2010 4:49:42 PM - Installed Windows Windows Easy Transfer for Windows 7. RP155: 10/19/2010 4:55:12 PM - Installed Windows Windows Easy Transfer for Windows 7. RP156: 10/19/2010 4:57:43 PM - Installed Windows Windows Easy Transfer for Windows 7. RP157: 10/20/2010 5:06:02 PM - System Checkpoint RP158: 10/21/2010 4:17:37 PM - Software Distribution Service 3.0 RP159: 10/22/2010 10:48:07 PM - Software Distribution Service 3.0 RP160: 10/23/2010 5:25:58 PM - Revo Uninstaller's restore point - Hitman Pro 3.5 RP161: 10/23/2010 5:26:58 PM - Revo Uninstaller's restore point - Hitman Pro 3.5 RP162: 10/23/2010 5:27:32 PM - Revo Uninstaller's restore point - Hitman Pro 3.5 RP163: 10/24/2010 9:20:21 PM - Software Distribution Service 3.0 RP164: 10/25/2010 4:55:15 PM - Software Distribution Service 3.0 RP165: 10/26/2010 6:48:02 PM - System Checkpoint RP166: 10/27/2010 9:14:57 PM - Software Distribution Service 3.0 RP167: 10/30/2010 8:29:48 PM - Software Distribution Service 3.0 RP168: 10/31/2010 8:24:57 PM - Software Distribution Service 3.0 RP169: 11/1/2010 1:40:05 AM - Software Distribution Service 3.0 RP170: 11/2/2010 2:05:38 AM - Software Distribution Service 3.0 RP171: 11/2/2010 12:58:14 PM - Software Distribution Service 3.0 RP172: 11/3/2010 3:12:15 PM - Software Distribution Service 3.0 RP173: 11/4/2010 10:26:33 AM - Software Distribution Service 3.0 RP174: 11/5/2010 3:12:43 PM - Software Distribution Service 3.0 RP175: 11/6/2010 5:06:03 PM - Software Distribution Service 3.0 RP176: 11/7/2010 7:06:19 PM - System Checkpoint RP177: 11/8/2010 5:08:51 PM - Revo Uninstaller's restore point - Perfect Optimizer 5.2 RP178: 11/8/2010 5:10:39 PM - Revo Uninstaller's restore point - Perfect Optimizer 5.2 RP179: 11/8/2010 5:11:12 PM - Revo Uninstaller's restore point - Perfect Optimizer 5.2 RP180: 11/8/2010 5:16:19 PM - Software Distribution Service 3.0 RP181: 11/9/2010 6:21:00 PM - Software Distribution Service 3.0 RP182: 11/10/2010 4:13:00 PM - Software Distribution Service 3.0 RP183: 11/11/2010 4:45:21 PM - Software Distribution Service 3.0 RP184: 11/12/2010 7:52:58 PM - System Checkpoint RP185: 11/12/2010 8:29:46 PM - Software Distribution Service 3.0 RP186: 11/12/2010 10:22:52 PM - SYSTEM RESTORE POINT RP187: 11/12/2010 10:23:51 PM - SYSTEM RESTORE POINT RP188: 11/13/2010 4:08:01 PM - Software Distribution Service 3.0 RP189: 11/14/2010 5:45:25 PM - Software Distribution Service 3.0 RP190: 11/15/2010 1:46:18 AM - Software Distribution Service 3.0 RP191: 11/15/2010 9:56:30 PM - Software Distribution Service 3.0 RP192: 11/16/2010 8:35:48 PM - Software Distribution Service 3.0 RP193: 11/17/2010 8:36:53 PM - System Checkpoint RP194: 11/18/2010 3:39:32 AM - Software Distribution Service 3.0 RP195: 11/18/2010 5:47:12 PM - Installed Acronis
  6. Negster22: Have not heard from you since posting ARK3, did you receive it?
  7. P.S. I've been reading other Posts which refer to a conflict between Mbam & Comodo???
  8. Attachment is ARK3 because with 2 I forgot to disable Ad-Aware, I saved 2 if you want to see it. ARK3.txt
  9. GMER 1.0.15.15530 - http://www.gmer.net Rootkit quick scan 2010-12-08 17:51:33 Windows 5.1.2600 Service Pack 3 Running: dzkzsrpv.exe; Driver: C:\DOCUME~1\Eric\LOCALS~1\Temp\kxloiuog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xA8CCC768] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xA8CCC9BE] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \FileSystem\Ntfs \Ntfs CTMFLT.sys AttachedDevice \FileSystem\Ntfs \Ntfs eufs.sys (File System Filter Driver/CHENGDU YIWO Tech Development Co., Ltd) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) ---- Services - GMER 1.0.15 ---- Service C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (*** hidden *** ) [AUTO] AcrSch2Svc <-- ROOTKIT !!! Service C:\WINDOWS\system32\clipsrv.exe (*** hidden *** ) [DISABLED] ClipSrv <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] CryptSvc <-- ROOTKIT !!! Service C:\WINDOWS\system32\imapi.exe (*** hidden *** ) [MANUAL] ImapiService <-- ROOTKIT !!! Service C:\WINDOWS\system32\mnmsrvc.exe (*** hidden *** ) [MANUAL] mnmsrvc <-- ROOTKIT !!! Service C:\WINDOWS\system32\msiexec.exe (*** hidden *** ) [MANUAL] MSIServer <-- ROOTKIT !!! Service C:\WINDOWS\system32\sessmgr.exe (*** hidden *** ) [MANUAL] RDSessMgr <-- ROOTKIT !!! Service C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (*** hidden *** ) [sYSTEM] SASDIFSV <-- ROOTKIT !!! Service C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (*** hidden *** ) [sYSTEM] SASKUTIL <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] SharedAccess <-- ROOTKIT !!! Service system32\DRIVERS\tdrpman.sys (*** hidden *** ) [bOOT] tdrpman <-- ROOTKIT !!! Service C:\WINDOWS\system32\DRIVERS\timntr.sys (*** hidden *** ) [bOOT] timounter <-- ROOTKIT !!! Service C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (*** hidden *** ) [AUTO] TryAndDecideService <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] winmgmt <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- It asked me if I wanted to run a full scan because there was some activity that might indicate a rootkit, I clicked NO, was that correct? Also should I now run ERUNT?
  10. OK,1. lets start at the top: Uninstalled Uniblue's Registry Booster, cannot, for the life of me find any thing like Perfect Optimizer! 2. The ARK (GMER) was not run after a fresh reboot, should I?, if so should I download a fresh version? 3. Services.msc has nothing like: mnmsrvc.exe, sessmdr.exe, or ups.exe. I can find mnmsrvc.exe, and ups.exe by going into C:\windows\ system 32, but no sign of sessmdr.exe. 4. Regedit shows 8 of the 9 services with the following differences: TryAndDecideService is missing, and instead of tdrpman!, I have tdrpman273. 5. I have not backedup my registry with ERUNT untill I get your next response as I don't want to backup Perfect Optimizer if it's hiding somewhere. Thanks, Treb.
  11. GMER 1.0.15.15530 - http://www.gmer.net Rootkit quick scan 2010-11-30 18:45:11 Windows 5.1.2600 Service Pack 3 Running: dzkzsrpv.exe; Driver: C:\DOCUME~1\Eric\LOCALS~1\Temp\kxloiuog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xA8D2A768] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xA8D2A9BE] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \FileSystem\Ntfs \Ntfs CTMFLT.sys AttachedDevice \FileSystem\Ntfs \Ntfs eufs.sys (File System Filter Driver/CHENGDU YIWO Tech Development Co., Ltd) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) ---- Services - GMER 1.0.15 ---- Service C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (*** hidden *** ) [AUTO] AcrSch2Svc <-- ROOTKIT !!! Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [AUTO] ERSvc <-- ROOTKIT !!! Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [AUTO] helpsvc <-- ROOTKIT !!! Service C:\WINDOWS\system32\mnmsrvc.exe (*** hidden *** ) [MANUAL] mnmsrvc <-- ROOTKIT !!! Service C:\WINDOWS\system32\sessmgr.exe (*** hidden *** ) [MANUAL] RDSessMgr <-- ROOTKIT !!! Service system32\DRIVERS\tdrpman.sys (*** hidden *** ) [bOOT] tdrpman <-- ROOTKIT !!! Service C:\WINDOWS\system32\DRIVERS\timntr.sys (*** hidden *** ) [bOOT] timounter <-- ROOTKIT !!! Service C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (*** hidden *** ) [AUTO] TryAndDecideService <-- ROOTKIT !!! Service C:\WINDOWS\System32\ups.exe (*** hidden *** ) [MANUAL] UPS <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] winmgmt <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ----
  12. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - delete file error:The process cannot access the file because it is being used by another process. OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process. OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6415 # api_version=3.0.2 # EOSSerial=23f64a7f29d5ca41978fc528275b3683 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-12-07 12:14:32 # local_time=2010-12-06 05:14:32 (-0700, Mountain Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 519771 519771 0 0 # compatibility_mode=3073 16777189 80 92 0 5878431 0 0 # compatibility_mode=5891 16776869 100 100 0 21173627 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=39012 # found=10 # cleaned=10 # scan_time=7823 C:\Documents and Settings\Eric\Application Data\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Eric\Desktop\Unused Desktop Shortcuts\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Eric\My Documents\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{27777358-E789-4D49-A269-FC07666AB5DD}\RP177\A0017024.exe a variant of Win32/Adware.PerfectOptimizer application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{27777358-E789-4D49-A269-FC07666AB5DD}\RP192\A0018391.exe a variant of Win32/Adware.PerfectOptimizer application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{27777358-E789-4D49-A269-FC07666AB5DD}\RP217\A0019638.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{27777358-E789-4D49-A269-FC07666AB5DD}\RP217\A0019639.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{27777358-E789-4D49-A269-FC07666AB5DD}\RP217\A0019640.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{27777358-E789-4D49-A269-FC07666AB5DD}\RP97\A0011945.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  13. OK, I ran all 8 files on VT, they all came back clean, but I saved all the URL's if you would like to see them. while I was waiting earlier I ran a full MBAM scan and IT came back clean. I'm mystified, what do you think?
  14. negster22: please tell me how to submit one of the above 5 files to VirusTotal?
  15. OK, the wupslog.txt came up empty, The TDSSKiller log follows: 2010/12/02 14:21:19.0000 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01 2010/12/02 14:21:19.0000 ================================================================================ 2010/12/02 14:21:19.0000 SystemInfo: 2010/12/02 14:21:19.0000 2010/12/02 14:21:19.0000 OS Version: 5.1.2600 ServicePack: 3.0 2010/12/02 14:21:19.0000 Product type: Workstation 2010/12/02 14:21:19.0000 ComputerName: ERICSINTEL 2010/12/02 14:21:19.0000 UserName: Eric 2010/12/02 14:21:19.0000 Windows directory: C:\WINDOWS 2010/12/02 14:21:19.0000 System windows directory: C:\WINDOWS 2010/12/02 14:21:19.0000 Processor architecture: Intel x86 2010/12/02 14:21:19.0000 Number of processors: 2 2010/12/02 14:21:19.0000 Page size: 0x1000 2010/12/02 14:21:19.0000 Boot type: Normal boot 2010/12/02 14:21:19.0000 ================================================================================ 2010/12/02 14:21:19.0187 Initialize success 2010/12/02 14:21:30.0000 ================================================================================ 2010/12/02 14:21:30.0000 Scan started 2010/12/02 14:21:30.0000 Mode: Manual; 2010/12/02 14:21:30.0000 ================================================================================ 2010/12/02 14:21:30.0484 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/12/02 14:21:30.0515 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/12/02 14:21:30.0562 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/12/02 14:21:30.0640 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/12/02 14:21:30.0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/12/02 14:21:30.0875 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/12/02 14:21:30.0906 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/12/02 14:21:31.0031 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/12/02 14:21:31.0109 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/12/02 14:21:31.0156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/12/02 14:21:31.0203 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/12/02 14:21:31.0265 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/12/02 14:21:31.0375 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/12/02 14:21:31.0421 cmderd (5455c2a8eb379df5d55252a3827ef252) C:\WINDOWS\system32\DRIVERS\cmderd.sys 2010/12/02 14:21:31.0421 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cmderd.sys. Real md5: 5455c2a8eb379df5d55252a3827ef252, Fake md5: 7060bae48c2c122f3041cccf9ade3bf7 2010/12/02 14:21:31.0437 cmderd - detected Forged file (1) 2010/12/02 14:21:31.0468 cmdGuard (d7c17cc5038773aa717864a5555465de) C:\WINDOWS\system32\DRIVERS\cmdguard.sys 2010/12/02 14:21:31.0468 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cmdguard.sys. Real md5: d7c17cc5038773aa717864a5555465de, Fake md5: bbe9f023dfd2c4d2755da3fa47e4da08 2010/12/02 14:21:31.0468 cmdGuard - detected Forged file (1) 2010/12/02 14:21:31.0484 cmdHlp (81ceedf3501cd5ccae3dceb204af1634) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys 2010/12/02 14:21:31.0484 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cmdhlp.sys. Real md5: 81ceedf3501cd5ccae3dceb204af1634, Fake md5: 111e6755acb5f236e2465e24508f6367 2010/12/02 14:21:31.0484 cmdHlp - detected Forged file (1) 2010/12/02 14:21:31.0593 CTMFLT (11e870356b43d2241ea04b75a62b09a3) C:\WINDOWS\system32\drivers\CTMFLT.sys 2010/12/02 14:21:31.0593 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\CTMFLT.sys. md5: 11e870356b43d2241ea04b75a62b09a3 2010/12/02 14:21:31.0609 CTMFLT - detected Locked file (1) 2010/12/02 14:21:31.0703 CTMMOUNT (6da40556d17dd58a84b00b6ddaa96b36) C:\WINDOWS\system32\drivers\CTMMOUNT.sys 2010/12/02 14:21:31.0703 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\CTMMOUNT.sys. md5: 6da40556d17dd58a84b00b6ddaa96b36 2010/12/02 14:21:31.0718 CTMMOUNT - detected Locked file (1) 2010/12/02 14:21:31.0781 CTMSHD (aeeda83d0d29359d3d8fb6b1bf038cc1) C:\WINDOWS\system32\drivers\CTMSHD.sys 2010/12/02 14:21:31.0796 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\CTMSHD.sys. md5: aeeda83d0d29359d3d8fb6b1bf038cc1 2010/12/02 14:21:31.0796 CTMSHD - detected Locked file (1) 2010/12/02 14:21:31.0906 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/12/02 14:21:31.0953 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/12/02 14:21:32.0000 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/12/02 14:21:32.0078 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/12/02 14:21:32.0140 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/12/02 14:21:32.0171 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/12/02 14:21:32.0281 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/12/02 14:21:32.0328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2010/12/02 14:21:32.0406 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/12/02 14:21:32.0406 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/12/02 14:21:32.0468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/12/02 14:21:32.0546 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/12/02 14:21:32.0578 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/12/02 14:21:32.0656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/12/02 14:21:32.0718 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/12/02 14:21:32.0781 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/12/02 14:21:32.0859 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/12/02 14:21:32.0906 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/12/02 14:21:33.0062 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2010/12/02 14:21:33.0281 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/12/02 14:21:33.0359 Inspect (bf141304f251563b63e64cb3c036de74) C:\WINDOWS\system32\DRIVERS\inspect.sys 2010/12/02 14:21:33.0359 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\inspect.sys. Real md5: bf141304f251563b63e64cb3c036de74, Fake md5: 343ac4733c1e8b7ab6454178e4fcd4ad 2010/12/02 14:21:33.0359 Inspect - detected Forged file (1) 2010/12/02 14:21:33.0500 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/12/02 14:21:33.0625 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/12/02 14:21:33.0656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/12/02 14:21:33.0687 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/12/02 14:21:33.0734 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/12/02 14:21:33.0843 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/12/02 14:21:33.0859 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/12/02 14:21:33.0890 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/12/02 14:21:33.0921 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/12/02 14:21:33.0937 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/12/02 14:21:33.0968 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/12/02 14:21:34.0062 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/12/02 14:21:34.0125 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/12/02 14:21:34.0187 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/12/02 14:21:34.0203 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/12/02 14:21:34.0234 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/12/02 14:21:34.0328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/12/02 14:21:34.0390 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/12/02 14:21:34.0421 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/12/02 14:21:34.0484 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/12/02 14:21:34.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/12/02 14:21:34.0578 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/12/02 14:21:34.0640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/12/02 14:21:34.0703 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/12/02 14:21:34.0734 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/12/02 14:21:34.0765 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/12/02 14:21:34.0828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/12/02 14:21:34.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/12/02 14:21:34.0906 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/12/02 14:21:34.0921 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/12/02 14:21:34.0937 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/12/02 14:21:34.0953 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/12/02 14:21:35.0015 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/12/02 14:21:35.0046 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/12/02 14:21:35.0078 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/12/02 14:21:35.0140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/12/02 14:21:35.0187 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/12/02 14:21:35.0234 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/12/02 14:21:35.0296 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/12/02 14:21:35.0312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/12/02 14:21:35.0359 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/12/02 14:21:35.0390 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/12/02 14:21:35.0437 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/12/02 14:21:35.0515 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/12/02 14:21:35.0625 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/12/02 14:21:35.0656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/12/02 14:21:35.0703 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys 2010/12/02 14:21:35.0703 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/12/02 14:21:35.0781 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/12/02 14:21:35.0796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/12/02 14:21:35.0843 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/12/02 14:21:35.0859 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/12/02 14:21:35.0890 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/12/02 14:21:35.0921 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/12/02 14:21:35.0953 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/12/02 14:21:36.0000 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/12/02 14:21:36.0078 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2010/12/02 14:21:36.0078 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys. Real md5: bb0ae2171f08129f4f3ff9df20ffbf89, Fake md5: 40607773fecd00708354809e233823f2 2010/12/02 14:21:36.0078 RTLE8023xp - detected Forged file (1) 2010/12/02 14:21:36.0187 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2010/12/02 14:21:36.0203 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2010/12/02 14:21:36.0296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/12/02 14:21:36.0343 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/12/02 14:21:36.0359 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/12/02 14:21:36.0375 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/12/02 14:21:36.0484 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys 2010/12/02 14:21:36.0484 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\snapman.sys. Real md5: c3bf55189aa92b8f919108ef9e4accae, Fake md5: 85bada660d57bc5aef52b11cabd6d8f9 2010/12/02 14:21:36.0500 snapman - detected Forged file (1) 2010/12/02 14:21:36.0609 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/12/02 14:21:36.0609 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/12/02 14:21:36.0687 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/12/02 14:21:36.0703 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\srv.sys. Real md5: 89220b427890aa1dffd1a02648ae51c3, Fake md5: 0f6aefad3641a657e18081f52d0c15af 2010/12/02 14:21:36.0703 Srv - detected Forged file (1) 2010/12/02 14:21:36.0718 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/12/02 14:21:36.0796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/12/02 14:21:36.0875 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/12/02 14:21:36.0921 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/12/02 14:21:36.0953 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/12/02 14:21:37.0078 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/12/02 14:21:37.0125 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/12/02 14:21:37.0203 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 2010/12/02 14:21:37.0234 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys 2010/12/02 14:21:37.0296 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\timntr.sys. Real md5: 13bfe330880ac0ce8672d00aa5aff738, Fake md5: a34d7024bb7140ec785c86bc065d4f60 2010/12/02 14:21:37.0296 timounter - detected Forged file (1) 2010/12/02 14:21:37.0437 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/12/02 14:21:37.0484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/12/02 14:21:37.0515 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/12/02 14:21:37.0546 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/12/02 14:21:37.0593 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/12/02 14:21:37.0656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/12/02 14:21:37.0671 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/12/02 14:21:37.0703 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/12/02 14:21:37.0734 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/12/02 14:21:37.0781 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/12/02 14:21:37.0890 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/12/02 14:21:37.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/12/02 14:21:38.0000 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/12/02 14:21:38.0109 ================================================================================ 2010/12/02 14:21:38.0109 Scan finished 2010/12/02 14:21:38.0109 ================================================================================ 2010/12/02 14:21:38.0125 Detected object count: 11 2010/12/02 14:23:29.0718 Forged file(cmderd) - User select action: Skip 2010/12/02 14:23:29.0718 Forged file(cmdGuard) - User select action: Skip 2010/12/02 14:23:29.0718 Forged file(cmdHlp) - User select action: Skip 2010/12/02 14:23:29.0718 Locked file(CTMFLT) - User select action: Skip 2010/12/02 14:23:29.0718 Locked file(CTMMOUNT) - User select action: Skip 2010/12/02 14:23:29.0718 Locked file(CTMSHD) - User select action: Skip 2010/12/02 14:23:29.0734 Forged file(Inspect) - User select action: Skip 2010/12/02 14:23:29.0734 Forged file(RTLE8023xp) - User select action: Skip 2010/12/02 14:23:29.0734 Forged file(snapman) - User select action: Skip 2010/12/02 14:23:29.0734 Forged file(Srv) - User select action: Skip 2010/12/02 14:23:29.0734 Forged file(timounter) - User select action: Skip 2010/12/02 14:24:32.0187 ================================================================================ 2010/12/02 14:24:32.0187 Scan started 2010/12/02 14:24:32.0187 Mode: Manual; 2010/12/02 14:24:32.0187 ================================================================================ 2010/12/02 14:24:32.0546 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/12/02 14:24:32.0578 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/12/02 14:24:32.0625 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/12/02 14:24:32.0687 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/12/02 14:24:32.0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/12/02 14:24:32.0890 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/12/02 14:24:32.0921 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/12/02 14:24:32.0968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/12/02 14:24:33.0031 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/12/02 14:24:33.0078 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/12/02 14:24:33.0125 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/12/02 14:24:33.0171 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/12/02 14:24:33.0187 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/12/02 14:24:33.0250 cmderd (5455c2a8eb379df5d55252a3827ef252) C:\WINDOWS\system32\DRIVERS\cmderd.sys 2010/12/02 14:24:33.0250 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cmderd.sys. Real md5: 5455c2a8eb379df5d55252a3827ef252, Fake md5: 7060bae48c2c122f3041cccf9ade3bf7 2010/12/02 14:24:33.0250 cmderd - detected Forged file (1) 2010/12/02 14:24:33.0265 cmdGuard (d7c17cc5038773aa717864a5555465de) C:\WINDOWS\system32\DRIVERS\cmdguard.sys 2010/12/02 14:24:33.0265 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cmdguard.sys. Real md5: d7c17cc5038773aa717864a5555465de, Fake md5: bbe9f023dfd2c4d2755da3fa47e4da08 2010/12/02 14:24:33.0265 cmdGuard - detected Forged file (1) 2010/12/02 14:24:33.0296 cmdHlp (81ceedf3501cd5ccae3dceb204af1634) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys 2010/12/02 14:24:33.0296 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cmdhlp.sys. Real md5: 81ceedf3501cd5ccae3dceb204af1634, Fake md5: 111e6755acb5f236e2465e24508f6367 2010/12/02 14:24:33.0296 cmdHlp - detected Forged file (1) 2010/12/02 14:24:33.0468 CTMFLT (11e870356b43d2241ea04b75a62b09a3) C:\WINDOWS\system32\drivers\CTMFLT.sys 2010/12/02 14:24:33.0468 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\CTMFLT.sys. md5: 11e870356b43d2241ea04b75a62b09a3 2010/12/02 14:24:33.0484 CTMFLT - detected Locked file (1) 2010/12/02 14:24:33.0640 CTMMOUNT (6da40556d17dd58a84b00b6ddaa96b36) C:\WINDOWS\system32\drivers\CTMMOUNT.sys 2010/12/02 14:24:33.0640 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\CTMMOUNT.sys. md5: 6da40556d17dd58a84b00b6ddaa96b36 2010/12/02 14:24:33.0640 CTMMOUNT - detected Locked file (1) 2010/12/02 14:24:33.0687 CTMSHD (aeeda83d0d29359d3d8fb6b1bf038cc1) C:\WINDOWS\system32\drivers\CTMSHD.sys 2010/12/02 14:24:33.0687 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\CTMSHD.sys. md5: aeeda83d0d29359d3d8fb6b1bf038cc1 2010/12/02 14:24:33.0687 CTMSHD - detected Locked file (1) 2010/12/02 14:24:33.0796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/12/02 14:24:33.0843 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/12/02 14:24:33.0875 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/12/02 14:24:33.0906 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/12/02 14:24:34.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/12/02 14:24:34.0015 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/12/02 14:24:34.0125 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/12/02 14:24:34.0156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2010/12/02 14:24:34.0203 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/12/02 14:24:34.0203 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/12/02 14:24:34.0265 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/12/02 14:24:34.0296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/12/02 14:24:34.0312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/12/02 14:24:34.0328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/12/02 14:24:34.0359 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/12/02 14:24:34.0421 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/12/02 14:24:34.0484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/12/02 14:24:34.0562 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/12/02 14:24:34.0781 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2010/12/02 14:24:34.0906 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/12/02 14:24:34.0968 Inspect (bf141304f251563b63e64cb3c036de74) C:\WINDOWS\system32\DRIVERS\inspect.sys 2010/12/02 14:24:34.0968 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\inspect.sys. Real md5: bf141304f251563b63e64cb3c036de74, Fake md5: 343ac4733c1e8b7ab6454178e4fcd4ad 2010/12/02 14:24:34.0968 Inspect - detected Forged file (1) 2010/12/02 14:24:35.0109 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/12/02 14:24:35.0234 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/12/02 14:24:35.0265 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/12/02 14:24:35.0296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/12/02 14:24:35.0328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/12/02 14:24:35.0359 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/12/02 14:24:35.0468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/12/02 14:24:35.0500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/12/02 14:24:35.0531 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/12/02 14:24:35.0546 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/12/02 14:24:35.0562 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/12/02 14:24:35.0578 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/12/02 14:24:35.0656 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/12/02 14:24:35.0718 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/12/02 14:24:35.0750 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/12/02 14:24:35.0781 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/12/02 14:24:35.0828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/12/02 14:24:35.0890 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/12/02 14:24:35.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/12/02 14:24:36.0000 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/12/02 14:24:36.0031 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/12/02 14:24:36.0046 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/12/02 14:24:36.0078 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/12/02 14:24:36.0093 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/12/02 14:24:36.0109 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/12/02 14:24:36.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/12/02 14:24:36.0187 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/12/02 14:24:36.0218 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/12/02 14:24:36.0265 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/12/02 14:24:36.0265 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/12/02 14:24:36.0281 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/12/02 14:24:36.0296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/12/02 14:24:36.0328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/12/02 14:24:36.0390 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/12/02 14:24:36.0437 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/12/02 14:24:36.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/12/02 14:24:36.0531 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/12/02 14:24:36.0546 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/12/02 14:24:36.0593 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/12/02 14:24:36.0609 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/12/02 14:24:36.0671 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/12/02 14:24:36.0671 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/12/02 14:24:36.0718 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/12/02 14:24:36.0750 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/12/02 14:24:36.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/12/02 14:24:36.0906 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/12/02 14:24:36.0937 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys 2010/12/02 14:24:36.0953 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/12/02 14:24:37.0015 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/12/02 14:24:37.0062 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/12/02 14:24:37.0109 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/12/02 14:24:37.0109 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/12/02 14:24:37.0171 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/12/02 14:24:37.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/12/02 14:24:37.0218 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/12/02 14:24:37.0265 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/12/02 14:24:37.0343 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2010/12/02 14:24:37.0343 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys. Real md5: bb0ae2171f08129f4f3ff9df20ffbf89, Fake md5: 40607773fecd00708354809e233823f2 2010/12/02 14:24:37.0343 RTLE8023xp - detected Forged file (1) 2010/12/02 14:24:37.0437 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2010/12/02 14:24:37.0484 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2010/12/02 14:24:37.0562 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/12/02 14:24:37.0609 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/12/02 14:24:37.0625 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/12/02 14:24:37.0640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/12/02 14:24:37.0718 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys 2010/12/02 14:24:37.0718 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\snapman.sys. Real md5: c3bf55189aa92b8f919108ef9e4accae, Fake md5: 85bada660d57bc5aef52b11cabd6d8f9 2010/12/02 14:24:37.0718 snapman - detected Forged file (1) 2010/12/02 14:24:37.0750 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/12/02 14:24:37.0828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/12/02 14:24:37.0875 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/12/02 14:24:37.0875 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\srv.sys. Real md5: 89220b427890aa1dffd1a02648ae51c3, Fake md5: 0f6aefad3641a657e18081f52d0c15af 2010/12/02 14:24:37.0875 Srv - detected Forged file (1) 2010/12/02 14:24:37.0906 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/12/02 14:24:38.0000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/12/02 14:24:38.0062 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/12/02 14:24:38.0125 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/12/02 14:24:38.0140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/12/02 14:24:38.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/12/02 14:24:38.0203 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/12/02 14:24:38.0312 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 2010/12/02 14:24:38.0312 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys 2010/12/02 14:24:38.0328 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\timntr.sys. Real md5: 13bfe330880ac0ce8672d00aa5aff738, Fake md5: a34d7024bb7140ec785c86bc065d4f60 2010/12/02 14:24:38.0328 timounter - detected Forged file (1) 2010/12/02 14:24:38.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/12/02 14:24:38.0453 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/12/02 14:24:38.0531 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/12/02 14:24:38.0546 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/12/02 14:24:38.0546 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/12/02 14:24:38.0562 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/12/02 14:24:38.0593 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/12/02 14:24:38.0625 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/12/02 14:24:38.0656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/12/02 14:24:38.0734 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/12/02 14:24:38.0765 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/12/02 14:24:38.0796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/12/02 14:24:38.0859 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/12/02 14:24:38.0968 ================================================================================ 2010/12/02 14:24:38.0968 Scan finished 2010/12/02 14:24:38.0968 ================================================================================ 2010/12/02 14:24:38.0968 Detected object count: 11 2010/12/02 14:26:39.0000 Forged file(cmderd) - User select action: Skip 2010/12/02 14:26:39.0000 Forged file(cmdGuard) - User select action: Skip 2010/12/02 14:26:39.0000 Forged file(cmdHlp) - User select action: Skip 2010/12/02 14:26:39.0000 Locked file(CTMFLT) - User select action: Skip 2010/12/02 14:26:39.0000 Locked file(CTMMOUNT) - User select action: Skip 2010/12/02 14:26:39.0000 Locked file(CTMSHD) - User select action: Skip 2010/12/02 14:26:39.0000 Forged file(Inspect) - User select action: Skip 2010/12/02 14:26:39.0000 Forged file(RTLE8023xp) - User select action: Skip 2010/12/02 14:26:39.0000 Forged file(snapman) - User select action: Skip 2010/12/02 14:26:39.0015 Forged file(Srv) - User select action: Skip 2010/12/02 14:26:39.0015 Forged file(timounter) - User select action: Skip
  16. negster22- I apologize for my ineptness but I can't figure out how to upload those files to VirusTotal Scanner as you requested because I can't find them, they aren't in C:\Windows\ softwareDistribution\Download\......... ,I've tried copy\paste from the logs of my scans but VTS won't accept it, I'm at a loss as how to get One into VTS. I tried to copy/paste onto notepad & then to VTS, no joy! I'm so frustrated I could chew nails!Treb
  17. TO: Negstr22/ thanks for your attention/ Hope these logs give what you need- Treb
  18. ComboFix 10-11-30.02 - Eric 11/30/2010 20:59:07.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.2636 [GMT -7:00] Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((( Files Created from 2010-11-01 to 2010-12-01 ))))))))))))))))))))))))))))))) . 2010-12-01 00:55 . 2010-12-01 01:09 -------- d-----w- C:\ARK 2010-11-29 22:41 . 2010-11-29 22:41 388096 ----a-r- c:\documents and settings\Eric\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-11-25 00:23 . 2010-11-25 00:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Parallels 2010-11-22 23:38 . 2010-11-22 23:49 -------- d-----w- c:\program files\TheSage 2010-11-22 23:08 . 2010-11-22 23:08 -------- d-----w- c:\program files\Intel Corporation 2010-11-19 00:49 . 2010-11-19 00:49 -------- d-----w- c:\documents and settings\Eric\Application Data\BB0AD3B6-F851-4F30-ACAF-6AF2872244A6 2010-11-19 00:49 . 2010-11-19 00:49 -------- d-----w- c:\documents and settings\Eric\Application Data\C0F187D3-7A7F-4728-ABF3-D08E9F09A665 2010-11-19 00:48 . 2010-11-19 00:48 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys 2010-11-15 04:48 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-11-15 04:14 . 2010-11-15 04:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097} 2010-11-15 04:13 . 2010-11-15 04:13 -------- d-----w- c:\program files\Lavasoft 2010-11-15 03:58 . 2010-11-15 03:58 -------- d--h--w- c:\windows\PIF 2010-11-13 03:24 . 2010-11-13 03:27 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Temp 2010-11-13 03:24 . 2010-11-13 03:27 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Google 2010-11-13 02:05 . 2010-11-13 02:05 2470752 ----a-w- c:\windows\system32\AutoPartNt.exe 2010-11-09 23:32 . 2010-11-09 23:32 -------- d-----w- c:\program files\NoVirusThanks 2010-11-06 18:37 . 2010-11-06 18:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2010-11-02 23:04 . 2010-11-22 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate 2010-11-02 00:02 . 2010-07-15 14:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll 2010-11-02 00:02 . 2010-10-28 18:23 2217088 ----a-w- c:\windows\system32\BootMan.exe 2010-11-02 00:02 . 2010-07-15 14:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe 2010-11-02 00:02 . 2010-07-15 14:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys 2010-11-02 00:02 . 2010-07-15 14:44 13192 ----a-w- c:\windows\system32\epmntdrv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-19 00:49 . 2010-08-11 23:23 163232 ----a-w- c:\windows\system32\drivers\afcdp.sys 2010-11-19 00:48 . 2010-07-29 21:30 600928 ----a-w- c:\windows\system32\drivers\timntr.sys 2010-11-19 00:48 . 2010-07-29 21:30 170464 ----a-w- c:\windows\system32\drivers\snapman.sys 2010-11-15 04:48 . 2010-08-10 03:18 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-10-19 20:51 . 2010-08-04 23:12 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-10-13 21:14 . 2010-10-13 21:14 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-10-13 21:14 . 2010-08-01 01:02 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-28 21:13 . 2010-06-02 01:00 285480 ----a-w- c:\windows\system32\guard32.dll 2010-09-28 21:13 . 2010-06-02 01:00 91560 ----a-w- c:\windows\system32\drivers\inspect.sys 2010-09-28 21:13 . 2010-06-02 01:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-09-28 21:13 . 2010-06-02 01:00 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-09-28 21:13 . 2010-06-04 17:55 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2010-09-18 18:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-02 14:21 . 2010-10-15 22:59 131072 ----a-w- c:\windows\system32\EKIJCOINST09.dll 2010-09-02 14:17 . 2010-10-15 22:59 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll 2010-09-02 14:17 . 2010-10-15 22:59 421888 ----a-w- c:\windows\system32\EKIJ5000MON.dll 2010-07-26 17:52 . 2010-07-26 17:52 43627008 ----a-w- c:\program files\CIS_Setup.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-13 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-11 131072] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-11 131072] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-28 2500552] "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648] "COMODO_TimeMachine"="c:\program files\COMODO\Time Machine\CTMTRAY.exe" [2010-07-20 4910904] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-13 390736] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-09-13 5479424] "TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-09-02 2536440] c:\documents and settings\Eric\Start Menu\Programs\Startup\ Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^What's my computer doing.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\What's my computer doing.lnk backup=c:\windows\pss\What's my computer doing.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware.exe] 2010-11-25 00:05 1528424 ----a-w- c:\program files\Lavasoft\Ad-Aware\Ad-Aware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2007-07-11 04:07 69632 ------r- c:\windows\Alcmtr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"= "c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9322:TCP"= 9322:TCP:EKDiscovery "5353:UDP"= 5353:UDP:Bonjour Port 5353 R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [10/14/2010 4:39 PM 26248] R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [10/14/2010 4:39 PM 20616] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/14/2010 9:48 PM 64288] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [11/18/2010 5:48 PM 752128] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [6/1/2010 6:00 PM 15592] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 10:55 AM 239240] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 6:00 PM 25240] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656] R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [8/11/2010 4:22 PM 3975088] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [9/13/2010 4:18 PM 308656] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 12:46 AM 1375992] R2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [10/13/2010 4:13 PM 582992] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [8/11/2010 4:23 PM 163232] R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [10/14/2010 4:39 PM 122504] R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [10/13/2010 4:13 PM 206608] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [11/1/2010 5:02 PM 13192] S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [10/14/2010 4:39 PM 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [11/1/2010 5:02 PM 8456] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 7:05 AM 14904] S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [10/13/2010 4:13 PM 206608] . Contents of the 'Scheduled Tasks' folder 2010-12-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 00:05] 2010-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2010-11-26 c:\windows\Tasks\FileTask.job - c:\program files\FileTask\FileTask.exe [2010-09-14 01:04] 2010-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-764733703-839522115-1004Core.job - c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-13 03:24] 2010-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-764733703-839522115-1004UA.job - c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-13 03:24] 2010-12-01 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-09-15 14:25] 2010-11-26 c:\windows\Tasks\StartUp_FileTask.job - c:\program files\FileTask\FileTask.exe [2010-09-14 01:04] 2010-11-26 c:\windows\Tasks\StartUp_FileTask.job - c:\program files\FileTask\FileTask.exe [2010-09-14 01:04] 2010-11-26 c:\windows\Tasks\Update_FileTask.job - c:\program files\FileTask\FileTask.exe [2010-09-14 01:04] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\gnfkpn3n.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\gnfkpn3n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Extension: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\gnfkpn3n.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} FF - Extension: Team Cymru's MHR: mhr@team.cymru - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\gnfkpn3n.default\extensions\mhr@team.cymru ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-30 21:02 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose, ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR Disk trace: called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS c:\combofix\catchme.sys 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AC6BAB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000064[0x8ACA99E8] 5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-10[0x8AC6DD98] kernel: MBR read successfully _asm { CLI ; JMP 0xef; } user != kernel MBR !!! copy of MBR has been found in sector 22 ! copy of MBR has been found in sector 23 ! ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-436374069-764733703-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1148) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll - - - - - - - > 'lsass.exe'(1204) c:\windows\system32\guard32.dll - - - - - - - > 'explorer.exe'(3648) c:\windows\system32\WININET.dll c:\windows\system32\guard32.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2010-11-30 21:03:40 ComboFix-quarantined-files.txt 2010-12-01 04:03 ComboFix2.txt 2010-12-01 03:52 Pre-Run: 231,271,768,064 bytes free Post-Run: 231,260,385,280 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 83E7F8D3ADE78E35938341A31C12E6B7 GMER 1.0.15.15530 - http://www.gmer.net Rootkit quick scan 2010-11-30 18:45:11 Windows 5.1.2600 Service Pack 3 Running: dzkzsrpv.exe; Driver: C:\DOCUME~1\Eric\LOCALS~1\Temp\kxloiuog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xA8D2A768] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xA8D2A9BE] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \FileSystem\Ntfs \Ntfs CTMFLT.sys AttachedDevice \FileSystem\Ntfs \Ntfs eufs.sys (File System Filter Driver/CHENGDU YIWO Tech Development Co., Ltd) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) ---- Services - GMER 1.0.15 ---- Service C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (*** hidden *** ) [AUTO] AcrSch2Svc <-- ROOTKIT !!! Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [AUTO] ERSvc <-- ROOTKIT !!! Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [AUTO] helpsvc <-- ROOTKIT !!! Service C:\WINDOWS\system32\mnmsrvc.exe (*** hidden *** ) [MANUAL] mnmsrvc <-- ROOTKIT !!! Service C:\WINDOWS\system32\sessmgr.exe (*** hidden *** ) [MANUAL] RDSessMgr <-- ROOTKIT !!! Service system32\DRIVERS\tdrpman.sys (*** hidden *** ) [bOOT] tdrpman <-- ROOTKIT !!! Service C:\WINDOWS\system32\DRIVERS\timntr.sys (*** hidden *** ) [bOOT] timounter <-- ROOTKIT !!! Service C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (*** hidden *** ) [AUTO] TryAndDecideService <-- ROOTKIT !!! Service C:\WINDOWS\System32\ups.exe (*** hidden *** ) [MANUAL] UPS <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] winmgmt <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ----
  19. When I run a full scan mbam I get the Following 4 Files infected: C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msscript.ocx (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netbios.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\swmidi.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SoftwareDistribution\Download\f0887635de7e5cef708668e8841014e1\sp3gdr\wininet.dll (Trojan.Dropper) -> Quarantined and deleted successfully. When I delete, nothing shows in quarantined, contrary to the above, and they all show up the next time I run a full scan,they don't show up on Quick Scan or any other of my Malware Programs. The only other symptom I've noticed is defrag (both native windows & Smart Defrag) don"t defrag & each shows a large block of immovable files after running. I'm running WINXP Home SP3. Any insight or help will be greatly appreciated. Thank You, Treb
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.