-
Posts
78 -
Joined
Content Type
Events
Profiles
Forums
Posts posted by TeraBytes
-
-
I still can't access Safe mode and agqCPQ.sys is still the last file in the scroll. (which file is supposed to be last ?)
Is it because ComboFix is recovering files from an SP2 Recovery Console (ERDNT) to an SP3 Windows OS ?
-
ComboFix 11-01-28.03 - Waheb 01/29/2011 23:52:40.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1256.966.1033.18.1013.339 [GMT 3:00]
Running from: c:\documents and settings\Waheb\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Waheb\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\windows\system32\drivers\agqCPQ.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
.
2011-01-27 17:55 . 2011-01-27 17:55 -------- d-----w- c:\documents and settings\Waheb\Application Data\Hoyle FaceCreator
2011-01-27 17:55 . 2011-01-27 17:55 -------- d-----w- c:\documents and settings\Waheb\Application Data\Hoyle
2011-01-27 17:54 . 2008-03-05 12:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-01-27 11:50 . 2011-01-27 11:53 -------- d-----w- c:\program files\fsumfrontend-1.5.5.1-bin
2011-01-26 21:05 . 2011-01-26 21:05 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\WinZip Courier
2011-01-26 20:26 . 2011-01-26 20:26 -------- d-----w- c:\windows\system32\NtmsData
2011-01-26 18:29 . 2010-12-20 15:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 18:29 . 2011-01-26 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-26 18:29 . 2010-12-20 15:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 17:18 . 2011-01-25 17:18 -------- d-----w- c:\program files\IObit
2011-01-25 17:18 . 2011-01-25 17:18 -------- d-----w- c:\documents and settings\Waheb\Application Data\IObit
2011-01-25 12:01 . 2011-01-25 12:01 -------- d-----w- c:\documents and settings\Administrator
2011-01-24 19:03 . 2011-01-24 19:03 -------- d-----w- c:\documents and settings\Waheb\Application Data\Avira
2011-01-24 18:56 . 2010-12-13 05:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-24 18:56 . 2010-12-13 05:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-24 18:56 . 2010-06-17 11:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-01-24 18:56 . 2010-06-17 11:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-01-24 18:56 . 2011-01-24 18:56 -------- d-----w- c:\program files\Avira
2011-01-24 18:56 . 2011-01-24 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-01-24 17:32 . 2011-01-24 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipEC
2011-01-24 17:32 . 2011-01-24 17:32 -------- d-----w- c:\program files\WinZip Courier
2011-01-24 17:20 . 2011-01-24 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipSE
2011-01-24 17:20 . 2011-01-24 17:20 -------- d-----w- c:\program files\WinZip Self-Extractor
2011-01-23 10:37 . 2011-01-23 10:37 -------- d-----w- c:\windows\lhsp
2011-01-23 10:36 . 2011-01-23 10:36 -------- d-----w- c:\windows\speech
2011-01-23 10:36 . 2011-01-23 10:36 -------- d-----w- c:\program files\QFIT
2011-01-23 08:29 . 2011-01-23 08:29 -------- d-----w- c:\documents and settings\Waheb\Application Data\TreeCardGames
2011-01-23 08:28 . 2011-01-23 08:29 -------- d-----w- c:\program files\Sudoku Up
2011-01-23 07:58 . 2011-01-27 07:31 -------- d-----w- c:\documents and settings\Waheb\Application Data\MahJong Suite
2011-01-23 07:57 . 2011-01-23 09:12 -------- d-----w- c:\program files\MahJong Suite
2011-01-23 07:51 . 2011-01-23 07:51 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\WinZip
2011-01-23 06:48 . 2011-01-23 06:50 -------- d-----w- c:\documents and settings\Waheb\Application Data\avidemux
2011-01-23 06:48 . 2011-01-23 06:48 -------- d-----w- c:\program files\Avidemux 2.5
2011-01-23 05:07 . 2011-01-24 16:11 -------- d-----w- c:\program files\e-Sword
2011-01-23 05:07 . 2011-01-23 05:07 -------- d-----w- c:\program files\Common Files\EzTools
2011-01-23 05:07 . 2011-01-23 05:07 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\Downloaded Installations
2011-01-19 17:31 . 2011-01-19 17:31 -------- d-----w- c:\documents and settings\Waheb\Application Data\Microsoft FxCop
2011-01-19 17:15 . 2011-01-19 17:15 -------- d-----w- c:\program files\Microsoft FxCop 1.36
2011-01-19 17:03 . 2011-01-19 17:03 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\assembly
2011-01-19 17:03 . 2011-01-19 17:03 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\Deployment
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-17 13:02 . 2010-12-17 13:02 100843 ----a-w- c:\windows\SVCFilterDesign Uninstaller.exe
2010-12-17 13:02 . 2010-12-17 13:02 141567 ----a-w- c:\windows\PIEL Uninstaller.exe
2010-12-17 13:01 . 2010-12-17 13:01 126948 ----a-w- c:\windows\MeterBasic Uninstaller.exe
2010-12-17 13:01 . 2010-12-17 13:01 173041 ----a-w- c:\windows\Helical Uninstaller.exe
2010-12-17 13:01 . 2010-12-17 13:01 219975 ----a-w- c:\windows\Diplexer Uninstaller.exe
2010-12-08 08:13 . 2010-12-08 06:55 2478272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-12-08 06:56 . 2010-12-08 06:56 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-12-01 10:44 . 2010-12-01 10:44 100560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-12-01 10:44 . 2010-12-10 20:26 143248 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-12-01 10:44 . 2010-12-10 20:26 41936 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-12-01 10:44 . 2010-12-01 10:44 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-12-01 10:44 . 2010-12-01 10:44 111504 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-11-29 13:25 . 2010-11-29 13:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-29 13:25 . 2010-10-23 16:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-26 20:30 . 2010-11-26 19:04 67 ----a-w- c:\documents and settings\Waheb\update.bat
2010-11-22 11:30 . 2010-10-23 16:09 31744 ----a-w- c:\windows\system32\maplec.dll
2010-11-22 11:30 . 2010-10-23 16:09 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-11-22 11:30 . 2010-10-23 16:09 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-11-18 18:12 . 2010-05-16 21:59 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-11 10:48 . 2010-11-11 10:48 70768 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-11-11 10:48 . 2010-11-11 10:48 854128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-11-11 10:48 . 2010-12-10 23:07 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-11-11 10:48 . 2010-12-10 23:07 404080 ----a-w- c:\windows\system32\vmnat.exe
2010-11-11 10:47 . 2010-12-10 23:07 760432 ----a-w- c:\windows\system32\vnetlib.dll
2010-11-11 10:47 . 2010-12-10 23:06 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-11-11 10:46 . 2010-11-11 10:46 51312 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-11-11 10:46 . 2010-11-11 10:46 32752 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-11-11 10:46 . 2010-12-10 23:07 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-11-11 09:31 . 2010-11-11 09:31 32368 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-11-11 09:04 . 2010-11-11 09:04 252528 ----a-w- c:\windows\system32\vmnc.dll
2010-11-11 07:04 . 2010-11-11 07:04 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2010-11-11 07:04 . 2010-11-11 07:04 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-11-11 07:04 . 2010-11-11 07:04 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-11-11 07:04 . 2010-11-11 07:04 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-11-09 14:52 . 2010-05-17 08:40 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-07 17:17 . 2010-10-23 16:48 333840 ----a-w- c:\windows\system32\mltcpip32.mlp
2010-11-07 17:17 . 2010-10-23 16:48 93712 ----a-w- c:\windows\system32\mltcp32.mlp
2010-11-07 17:17 . 2010-10-23 16:48 88080 ----a-w- c:\windows\system32\mlshm32.mlp
2010-11-07 17:17 . 2010-10-23 16:48 167952 ----a-w- c:\windows\system32\mlmodule32.dll
2010-11-07 17:17 . 2010-10-23 16:48 79376 ----a-w- c:\windows\system32\mlmap32.mlp
2010-11-07 17:16 . 2010-10-23 16:48 369680 ----a-w- c:\windows\system32\ml32i3.dll
2010-11-07 17:16 . 2010-10-23 16:48 260112 ----a-w- c:\windows\system32\ml32i2.dll
2010-11-07 17:16 . 2010-10-23 16:48 253968 ----a-w- c:\windows\system32\ml32i1.dll
2010-11-06 00:26 . 2010-05-17 08:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2010-05-17 08:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2010-05-17 08:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2010-05-17 08:40 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2010-05-17 08:40 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-11-01 11:27 . 2010-11-01 11:27 217088 ----a-w- c:\windows\system32\DownloadXPro.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-16 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-16 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]
"PLFSetL"="c:\windows\PLFSetL.exe" [2010-02-12 99712]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2010-02-12 202112]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2010-02-12 30080]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-04-13 248440]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-10-29 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-12 607584]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Hyperappel du Petit Larousse 2010.lnk - c:\program files\Larousse\Petit Larousse 2010\bin\Hyperappel.exe [2010-10-23 237568]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Maple 13\\jre\\bin\\maple.exe"=
"c:\\Program Files\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Maple 13\\jre\\bin\\java.exe"=
"c:\\Program Files\\Maxima-5.22.1\\bin\\xmaxima.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Maple 14\\jre\\bin\\maple.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\WinWrapIDE.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.com"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\JRE\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\math.exe"=
"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=
"c:\\Program Files\\Le Petit Robert 2009 (3.2)\\RobertHA.exe"=
"c:\\Program Files\\Le Petit Robert 2009 (3.2)\\prnet.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\math.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [12/10/2010 23:26 143248]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [12/10/2010 23:26 41936]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/24/2011 21:56 135336]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [5/17/2010 11:40 312400]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/26/2011 21:29 363344]
R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [5/17/2010 02:33 243232]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11/11/2010 13:48 70768]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11/11/2010 12:31 539248]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [5/17/2010 11:40 60456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/26/2011 21:29 20952]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/1/2010 13:44 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/1/2010 13:44 111504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2010 17:22 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 05:46 288112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/17/2010 02:11 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 17:51 30963576]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11/13/2010 23:29 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11/13/2010 23:29 8320]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 20:37 4640000]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [1/13/2009 03:00 451456]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 13:37 517096]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [12/8/2009 21:24 48128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/23/2009 06:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 03:23 366936]
.
Contents of the 'Scheduled Tasks' folder
2011-01-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8287896517.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]
2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 14:22]
2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 14:22]
2011-01-29 c:\windows\Tasks\Minitab Software Update Manager.job
- c:\program files\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [2010-03-25 06:45]
2011-01-14 c:\windows\Tasks\WebReg 20110114134107.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-05 22:01]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0401&m=em350&r=0xph1010n125l0484wum5r46n2r739
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: ????? ??? &???? Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ????? ??? Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Waheb\Application Data\Mozilla\Firefox\Profiles\7rc0ftad.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-30 00:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3132)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\btmmhook.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\vmnat.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-30 00:35:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-29 21:35
ComboFix2.txt 2011-01-29 19:36
ComboFix3.txt 2011-01-29 12:18
ComboFix4.txt 2011-01-26 22:49
ComboFix5.txt 2011-01-29 20:50
Pre-Run: 51,508,670,464 bytes free
Post-Run: 51,495,178,240 bytes free
- - End Of File - - DFE4CCCFD1545C63C2350BAA2838A6D5
-
Yes, agqCPQ.sys is still the last file.
-
File name: DownloadXPro.dll
Submission date: 2011-01-29 20:18:30 (UTC)
Current status: queued (#83) queued (#83) analysing finished
Result: 0/ 43 (0.0%)
Antivirus Version Last Update Result
AhnLab-V3 2011.01.27.01 2011.01.27 -
AntiVir 7.11.2.31 2011.01.28 -
Antiy-AVL 2.0.3.7 2011.01.28 -
Avast 4.8.1351.0 2011.01.29 -
Avast5 5.0.677.0 2011.01.29 -
AVG 10.0.0.1190 2011.01.29 -
BitDefender 7.2 2011.01.29 -
CAT-QuickHeal 11.00 2011.01.29 -
ClamAV 0.96.4.0 2011.01.29 -
Commtouch 5.2.11.5 2011.01.29 -
Comodo 7531 2011.01.29 -
DrWeb 5.0.2.03300 2011.01.29 -
Emsisoft 5.1.0.1 2011.01.29 -
eSafe 7.0.17.0 2011.01.27 -
eTrust-Vet 36.1.8126 2011.01.28 -
F-Prot 4.6.2.117 2011.01.29 -
F-Secure 9.0.16160.0 2011.01.29 -
Fortinet 4.2.254.0 2011.01.29 -
GData 21 2011.01.29 -
Ikarus T3.1.1.97.0 2011.01.29 -
Jiangmin 13.0.900 2011.01.29 -
K7AntiVirus 9.78.3680 2011.01.29 -
Kaspersky 7.0.0.125 2011.01.29 -
McAfee 5.400.0.1158 2011.01.29 -
McAfee-GW-Edition 2010.1C 2011.01.29 -
Microsoft 1.6502 2011.01.29 -
NOD32 5830 2011.01.29 -
Norman 6.06.12 2011.01.29 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.3.5 2011.01.29 -
PCTools 7.0.3.5 2011.01.29 -
Prevx 3.0 2011.01.29 -
Rising 23.42.04.06 2011.01.28 -
Sophos 4.61.0 2011.01.29 -
SUPERAntiSpyware 4.40.0.1006 2011.01.29 -
Symantec 20101.3.0.103 2011.01.29 -
TheHacker 6.7.0.1.120 2011.01.26 -
TrendMicro 9.120.0.1004 2011.01.29 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.29 -
VBA32 3.12.14.3 2011.01.29 -
VIPRE 8241 2011.01.29 -
ViRobot 2011.1.29.4282 2011.01.29 -
VirusBuster 13.6.171.1 2011.01.29 -
Additional informationShow all
MD5 : 81442cb75cdee12fd0aff730379678e6
SHA1 : 383e55bd0847b0f0c2f64118545cbe797a79711f
SHA256: 723f9ffaee38415c4e31afdf27a75ee09e3e901417bb01379e82b22e9ee674f4
ssdeep: 6144:kjPWcQDyL7y+HtY7Vyh2y2+Pz18XlaFPcEgZV1twHH:kjfMOI7Vyh23+bQWPMqn
File size : 217088 bytes
First seen: 2010-11-11 07:47:01
Last seen : 2011-01-29 20:18:30
TrID:
DirectShow filter (50.8%)
Windows OCX File (31.1%)
Win32 Executable MS Visual C++ (generic) (9.5%)
Windows Screen Saver (3.3%)
Win32 Executable Generic (2.1%)
sigcheck:
publisher....: DownloadXCtrl.com
copyright....: Copyright © 2010 DownloadXCtrl.com. All rights reserved.
product......: DownloadX ActiveX Download Control
description..: DownloadX ActiveX Download Control
original name: DownloadXPro.dll
internal name: DownloadXPro.dll
file version.: 1.5.2.0
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: Armadillo v1.xx - v2.xx
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x2321D
timedatestamp....: 0x4CCEC048 (Mon Nov 01 13:27:36 2010)
machinetype......: 0x14c (I386)
[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x222CC, 0x23000, 6.31, 01792f3dd0b268a2b825cccdbe14008e
.rdata, 0x24000, 0x3AA9, 0x4000, 5.48, 2792e8f4a18f6083df37c741158d5395
.data, 0x28000, 0x4354, 0x5000, 3.53, fed1da01b6b1762e8f8e3358c0b6e4a2
.rsrc, 0x2D000, 0x3AC0, 0x4000, 4.67, cf61d6ae95a000ef0f7613dcab24c5f7
.reloc, 0x31000, 0x33EC, 0x4000, 5.83, aa71e8ebe13ffbb3f0646fc2d423a57b
[[ 14 import(s) ]]
KERNEL32.dll: GetCurrentProcess, FlushInstructionCache, VirtualAlloc, VirtualFree, GlobalAlloc, GlobalLock, GlobalUnlock, lstrlenW, CreateEventW, GetModuleHandleA, GetModuleFileNameW, InterlockedIncrement, InterlockedDecrement, DisableThreadLibraryCalls, SetEvent, MoveFileExW, SetFilePointerEx, ResetEvent, WaitForMultipleObjects, SetFilePointer, FlushFileBuffers, SetEndOfFile, GetTempPathW, FindFirstFileW, DeleteFileW, FindNextFileW, FindClose, ResumeThread, Sleep, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetLocalTime, SystemTimeToFileTime, CreateDirectoryW, CloseHandle, ReadFile, WriteFile, CreateFileW, GetLocaleInfoW, GetNumberFormatW, CompareStringW, GetStringTypeW, GetLastError, GetTickCount, FreeLibrary, LoadLibraryW, GetProcAddress, LocalFree, LocalAlloc, MultiByteToWideChar
USER32.dll: SetWindowPos, EnableWindow, CreateWindowExW, ShowWindow, GetWindowRect, SendMessageW, PeekMessageW, TranslateMessage, DispatchMessageW, CharLowerBuffW, CharUpperBuffW, PostMessageW, GetKeyState, UpdateWindow, InvalidateRect, IsWindow, SetFocus, IsChild, GetFocus, GetParent, MessageBoxW, DestroyWindow, GetWindowLongW, GetSysColor, KillTimer, SetTimer, RedrawWindow, SetWindowLongW, IsWindowVisible, BeginPaint, GetClientRect, EndPaint, IntersectRect, EqualRect, OffsetRect, SetWindowRgn, UnionRect, PtInRect, FillRect, DefWindowProcW, RegisterWindowMessageW, GetSystemMetrics, CallWindowProcW
GDI32.dll: GetDeviceCaps, DeleteObject, CreateSolidBrush, CreateRectRgnIndirect, DeleteMetaFile, CloseMetaFile, SetWindowExtEx, SetWindowOrgEx, SaveDC, CreateMetaFileW, DeleteDC, SetViewportOrgEx, SetMapMode, RestoreDC, LPtoDP
comdlg32.dll: GetSaveFileNameW
SHELL32.dll: SHBrowseForFolderW, SHGetPathFromIDListW, SHGetMalloc
ole32.dll: CoTaskMemFree, CreateDataAdviseHolder, CoTaskMemAlloc, OleRegGetUserType, OleRegEnumVerbs, CoCreateInstance, OleRegGetMiscStatus, CreateOleAdviseHolder
OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -
WS2_32.dll: -, -, -, -, -, -, -, -, -, -
WININET.dll: InternetQueryOptionW
COMCTL32.dll: ImageList_Destroy, InitCommonControlsEx, ImageList_LoadImageW
ATL.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
MSVCP60.dll: __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@ABV01@IIABV_$allocator@G@1@@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, _erase@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@II@Z, _resize@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEXI@Z, _find@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGII@Z, _insert@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IPBGI@Z, __9std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@0@Z, _find_first_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGII@Z, _npos@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@2IB, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z, __Freeze@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXXZ, _replace@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IIPBGI@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, __C@_1___Nullstr@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@CAPBGXZ@4GB, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@PBGABV_$allocator@G@1@@Z, _c_str@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEPBGXZ, __Tidy@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEX_N@Z, __Freeze@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z, _c_str@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEPBDXZ, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z, __1_Winit@std@@QAE@XZ, __0_Winit@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __0Init@ios_base@std@@QAE@XZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, _resize@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXI@Z, _find_last_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGII@Z, _substr@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBE_AV12@II@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@ABV10@0@Z, _length@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIXZ, __8std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@0@Z, __9std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@PBG@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IG@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@ABV01@@Z, _rfind@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGII@Z
CRYPT32.dll: CertGetNameStringW, CertDuplicateCertificateContext, CertVerifyTimeValidity, CertCloseStore, CertFindCertificateInStore, CertOpenSystemStoreW, CertFindChainInStore, CertVerifyCertificateChainPolicy, CertGetCertificateChain, CertFreeCertificateContext
MSVCRT.dll: wcstombs, _purecall, memmove, mbstowcs, wcscmp, _CxxThrowException, floor, ceil, _ftol, _vsnwprintf, _beginthreadex, qsort, memcmp, free, realloc, malloc, strtok, sscanf, __1type_info@@UAE@XZ, __dllonexit, _onexit, _initterm, _adjust_fdiv, wcscpy, strcat, wcsncpy, _snprintf, wcslen, strncpy, strstr, atoi, strcpy, strlen, __2@YAPAXI@Z, memcpy, memset
[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 143360
Comments:
CompanyName: DownloadXCtrl.com
EntryPoint: 0x2321d
FileDescription: DownloadX ActiveX Download Control
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 212 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 1.5.2.0
FileVersionNumber: 1.5.2.0
ImageVersion: 0.0
InitializedDataSize: 69632
InternalName: DownloadXPro.dll
LanguageCode: English (U.S.)
LegalCopyright: Copyright © 2010 DownloadXCtrl.com. All rights reserved.
LegalTrademarks:
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OLESelfRegister:
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: DownloadXPro.dll
PEType: PE32
PrivateBuild:
ProductName: DownloadX ActiveX Download Control
ProductVersion: 1, 5, 2, 0
ProductVersionNumber: 1.5.2.0
SpecialBuild:
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:11:01 14:27:36+01:00
UninitializedDataSize: 0
-
Is there a way to capture the BSoD ?
-
Still can't access Safe mode.
-
bleepingcomputer tells me to let you know that I have submitted the file.
-
ComboFix 11-01-28.03 - Waheb 01/29/2011 21:52:46.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1256.966.1033.18.1013.302 [GMT 3:00]
Running from: c:\documents and settings\Waheb\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Waheb\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
file zipped: c:\windows\system32\BD7EBD1C.exe
file zipped: c:\windows\system32\F9551908.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\BD7EBD1C.exe
c:\windows\system32\F9551908.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_2A0D8282
-------\Legacy_A80FD0CE
-------\Legacy_BD7EBD1C
-------\Service_2A0D8282
-------\Service_A80FD0CE
-------\Service_BD7EBD1C
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
.
2011-01-27 17:55 . 2011-01-27 17:55 -------- d-----w- c:\documents and settings\Waheb\Application Data\Hoyle FaceCreator
2011-01-27 17:55 . 2011-01-27 17:55 -------- d-----w- c:\documents and settings\Waheb\Application Data\Hoyle
2011-01-27 17:54 . 2008-03-05 12:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-01-27 11:50 . 2011-01-27 11:53 -------- d-----w- c:\program files\fsumfrontend-1.5.5.1-bin
2011-01-26 21:05 . 2011-01-26 21:05 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\WinZip Courier
2011-01-26 20:26 . 2011-01-26 20:26 -------- d-----w- c:\windows\system32\NtmsData
2011-01-26 18:29 . 2010-12-20 15:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 18:29 . 2011-01-26 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-26 18:29 . 2010-12-20 15:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 17:18 . 2011-01-25 17:18 -------- d-----w- c:\program files\IObit
2011-01-25 17:18 . 2011-01-25 17:18 -------- d-----w- c:\documents and settings\Waheb\Application Data\IObit
2011-01-25 12:01 . 2011-01-25 12:01 -------- d-----w- c:\documents and settings\Administrator
2011-01-24 19:03 . 2011-01-24 19:03 -------- d-----w- c:\documents and settings\Waheb\Application Data\Avira
2011-01-24 18:56 . 2010-12-13 05:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-24 18:56 . 2010-12-13 05:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-24 18:56 . 2010-06-17 11:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-01-24 18:56 . 2010-06-17 11:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-01-24 18:56 . 2011-01-24 18:56 -------- d-----w- c:\program files\Avira
2011-01-24 18:56 . 2011-01-24 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-01-24 17:32 . 2011-01-24 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipEC
2011-01-24 17:32 . 2011-01-24 17:32 -------- d-----w- c:\program files\WinZip Courier
2011-01-24 17:20 . 2011-01-24 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipSE
2011-01-24 17:20 . 2011-01-24 17:20 -------- d-----w- c:\program files\WinZip Self-Extractor
2011-01-23 10:37 . 2011-01-23 10:37 -------- d-----w- c:\windows\lhsp
2011-01-23 10:36 . 2011-01-23 10:36 -------- d-----w- c:\windows\speech
2011-01-23 10:36 . 2011-01-23 10:36 -------- d-----w- c:\program files\QFIT
2011-01-23 08:29 . 2011-01-23 08:29 -------- d-----w- c:\documents and settings\Waheb\Application Data\TreeCardGames
2011-01-23 08:28 . 2011-01-23 08:29 -------- d-----w- c:\program files\Sudoku Up
2011-01-23 07:58 . 2011-01-27 07:31 -------- d-----w- c:\documents and settings\Waheb\Application Data\MahJong Suite
2011-01-23 07:57 . 2011-01-23 09:12 -------- d-----w- c:\program files\MahJong Suite
2011-01-23 07:51 . 2011-01-23 07:51 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\WinZip
2011-01-23 06:48 . 2011-01-23 06:50 -------- d-----w- c:\documents and settings\Waheb\Application Data\avidemux
2011-01-23 06:48 . 2011-01-23 06:48 -------- d-----w- c:\program files\Avidemux 2.5
2011-01-23 05:07 . 2011-01-24 16:11 -------- d-----w- c:\program files\e-Sword
2011-01-23 05:07 . 2011-01-23 05:07 -------- d-----w- c:\program files\Common Files\EzTools
2011-01-23 05:07 . 2011-01-23 05:07 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\Downloaded Installations
2011-01-19 17:31 . 2011-01-19 17:31 -------- d-----w- c:\documents and settings\Waheb\Application Data\Microsoft FxCop
2011-01-19 17:15 . 2011-01-19 17:15 -------- d-----w- c:\program files\Microsoft FxCop 1.36
2011-01-19 17:03 . 2011-01-19 17:03 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\assembly
2011-01-19 17:03 . 2011-01-19 17:03 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\Deployment
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-17 13:02 . 2010-12-17 13:02 100843 ----a-w- c:\windows\SVCFilterDesign Uninstaller.exe
2010-12-17 13:02 . 2010-12-17 13:02 141567 ----a-w- c:\windows\PIEL Uninstaller.exe
2010-12-17 13:01 . 2010-12-17 13:01 126948 ----a-w- c:\windows\MeterBasic Uninstaller.exe
2010-12-17 13:01 . 2010-12-17 13:01 173041 ----a-w- c:\windows\Helical Uninstaller.exe
2010-12-17 13:01 . 2010-12-17 13:01 219975 ----a-w- c:\windows\Diplexer Uninstaller.exe
2010-12-08 08:13 . 2010-12-08 06:55 2478272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-12-08 06:56 . 2010-12-08 06:56 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-12-01 10:44 . 2010-12-01 10:44 100560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-12-01 10:44 . 2010-12-10 20:26 143248 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-12-01 10:44 . 2010-12-10 20:26 41936 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-12-01 10:44 . 2010-12-01 10:44 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-12-01 10:44 . 2010-12-01 10:44 111504 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-11-29 13:25 . 2010-11-29 13:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-29 13:25 . 2010-10-23 16:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-26 20:30 . 2010-11-26 19:04 67 ----a-w- c:\documents and settings\Waheb\update.bat
2010-11-22 11:30 . 2010-10-23 16:09 31744 ----a-w- c:\windows\system32\maplec.dll
2010-11-22 11:30 . 2010-10-23 16:09 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-11-22 11:30 . 2010-10-23 16:09 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-11-18 18:12 . 2010-05-16 21:59 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-11 10:48 . 2010-11-11 10:48 70768 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-11-11 10:48 . 2010-11-11 10:48 854128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-11-11 10:48 . 2010-12-10 23:07 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-11-11 10:48 . 2010-12-10 23:07 404080 ----a-w- c:\windows\system32\vmnat.exe
2010-11-11 10:47 . 2010-12-10 23:07 760432 ----a-w- c:\windows\system32\vnetlib.dll
2010-11-11 10:47 . 2010-12-10 23:06 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-11-11 10:46 . 2010-11-11 10:46 51312 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-11-11 10:46 . 2010-11-11 10:46 32752 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-11-11 10:46 . 2010-12-10 23:07 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-11-11 09:31 . 2010-11-11 09:31 32368 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-11-11 09:04 . 2010-11-11 09:04 252528 ----a-w- c:\windows\system32\vmnc.dll
2010-11-11 07:04 . 2010-11-11 07:04 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2010-11-11 07:04 . 2010-11-11 07:04 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-11-11 07:04 . 2010-11-11 07:04 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-11-11 07:04 . 2010-11-11 07:04 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-11-09 14:52 . 2010-05-17 08:40 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-07 17:17 . 2010-10-23 16:48 333840 ----a-w- c:\windows\system32\mltcpip32.mlp
2010-11-07 17:17 . 2010-10-23 16:48 93712 ----a-w- c:\windows\system32\mltcp32.mlp
2010-11-07 17:17 . 2010-10-23 16:48 88080 ----a-w- c:\windows\system32\mlshm32.mlp
2010-11-07 17:17 . 2010-10-23 16:48 167952 ----a-w- c:\windows\system32\mlmodule32.dll
2010-11-07 17:17 . 2010-10-23 16:48 79376 ----a-w- c:\windows\system32\mlmap32.mlp
2010-11-07 17:16 . 2010-10-23 16:48 369680 ----a-w- c:\windows\system32\ml32i3.dll
2010-11-07 17:16 . 2010-10-23 16:48 260112 ----a-w- c:\windows\system32\ml32i2.dll
2010-11-07 17:16 . 2010-10-23 16:48 253968 ----a-w- c:\windows\system32\ml32i1.dll
2010-11-06 00:26 . 2010-05-17 08:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2010-05-17 08:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2010-05-17 08:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2010-05-17 08:40 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2010-05-17 08:40 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-11-01 11:27 . 2010-11-01 11:27 217088 ----a-w- c:\windows\system32\DownloadXPro.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-16 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-16 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]
"PLFSetL"="c:\windows\PLFSetL.exe" [2010-02-12 99712]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2010-02-12 202112]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2010-02-12 30080]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-04-13 248440]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-10-29 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-12 607584]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Hyperappel du Petit Larousse 2010.lnk - c:\program files\Larousse\Petit Larousse 2010\bin\Hyperappel.exe [2010-10-23 237568]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Maple 13\\jre\\bin\\maple.exe"=
"c:\\Program Files\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Maple 13\\jre\\bin\\java.exe"=
"c:\\Program Files\\Maxima-5.22.1\\bin\\xmaxima.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Maple 14\\jre\\bin\\maple.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\WinWrapIDE.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.com"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\JRE\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\math.exe"=
"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=
"c:\\Program Files\\Le Petit Robert 2009 (3.2)\\RobertHA.exe"=
"c:\\Program Files\\Le Petit Robert 2009 (3.2)\\prnet.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\math.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [12/10/2010 23:26 143248]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [12/10/2010 23:26 41936]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/24/2011 21:56 135336]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [5/17/2010 11:40 312400]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/26/2011 21:29 363344]
R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [5/17/2010 02:33 243232]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11/11/2010 13:48 70768]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11/11/2010 12:31 539248]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [5/17/2010 11:40 60456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/26/2011 21:29 20952]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/1/2010 13:44 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/1/2010 13:44 111504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2010 17:22 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 05:46 288112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/17/2010 02:11 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 17:51 30963576]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11/13/2010 23:29 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11/13/2010 23:29 8320]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 20:37 4640000]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [1/13/2009 03:00 451456]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 13:37 517096]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [12/8/2009 21:24 48128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/23/2009 06:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 03:23 366936]
.
Contents of the 'Scheduled Tasks' folder
2011-01-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8287896517.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]
2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 14:22]
2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 14:22]
2011-01-29 c:\windows\Tasks\Minitab Software Update Manager.job
- c:\program files\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [2010-03-25 06:45]
2011-01-14 c:\windows\Tasks\WebReg 20110114134107.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-05 22:01]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0401&m=em350&r=0xph1010n125l0484wum5r46n2r739
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: ????? ??? &???? Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ????? ??? Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Waheb\Application Data\Mozilla\Firefox\Profiles\7rc0ftad.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 22:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1312)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\btmmhook.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\vmnat.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\msiexec.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-29 22:36:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-29 19:36
ComboFix2.txt 2011-01-29 12:18
ComboFix3.txt 2011-01-26 22:49
ComboFix4.txt 2011-01-26 17:06
Pre-Run: 51,611,131,904 bytes free
Post-Run: 51,499,290,624 bytes free
- - End Of File - - 45998DA4CA27C87928BA04FD3E4C46A1
-
do I include the website in the code or was it a mistake on your part ?
-
File name: BD7EBD1C.exe
Submission date: 2011-01-29 18:15:14 (UTC)
Current status: queued (#86) queued (#87) analysing finished
Result: 3/ 43 (7.0%)
Antivirus Version Last Update Result
AhnLab-V3 2011.01.27.01 2011.01.27 -
AntiVir 7.11.2.31 2011.01.28 -
Antiy-AVL 2.0.3.7 2011.01.28 -
Avast 4.8.1351.0 2011.01.29 -
Avast5 5.0.677.0 2011.01.29 -
AVG 10.0.0.1190 2011.01.29 -
BitDefender 7.2 2011.01.29 -
CAT-QuickHeal 11.00 2011.01.29 -
ClamAV 0.96.4.0 2011.01.29 -
Commtouch 5.2.11.5 2011.01.28 -
Comodo 7531 2011.01.29 -
DrWeb 5.0.2.03300 2011.01.29 -
Emsisoft 5.1.0.1 2011.01.29 -
eSafe 7.0.17.0 2011.01.27 -
eTrust-Vet 36.1.8126 2011.01.28 -
F-Prot 4.6.2.117 2011.01.29 -
F-Secure 9.0.16160.0 2011.01.29 -
Fortinet 4.2.254.0 2011.01.29 W32/CodecPack.GX!tr.dldr
GData 21 2011.01.29 -
Ikarus T3.1.1.97.0 2011.01.29 -
Jiangmin 13.0.900 2011.01.29 -
K7AntiVirus 9.78.3680 2011.01.29 -
Kaspersky 7.0.0.125 2011.01.29 Trojan-Downloader.Win32.CodecPack.sjt
McAfee 5.400.0.1158 2011.01.29 -
McAfee-GW-Edition 2010.1C 2011.01.29 -
Microsoft 1.6502 2011.01.29 -
NOD32 5830 2011.01.29 -
Norman 6.06.12 2011.01.29 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.3.5 2011.01.29 Suspicious file
PCTools 7.0.3.5 2011.01.27 -
Prevx 3.0 2011.01.29 -
Rising 23.42.04.06 2011.01.28 -
Sophos 4.61.0 2011.01.29 -
SUPERAntiSpyware 4.40.0.1006 2011.01.29 -
Symantec 20101.3.0.103 2011.01.29 -
TheHacker 6.7.0.1.120 2011.01.26 -
TrendMicro 9.120.0.1004 2011.01.29 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.29 -
VBA32 3.12.14.3 2011.01.29 -
VIPRE 8240 2011.01.29 -
ViRobot 2011.1.29.4282 2011.01.29 -
VirusBuster 13.6.171.1 2011.01.29 -
Additional informationShow all
MD5 : 2f5b3d5bcab8eaec43263edf7a45a918
SHA1 : 377b704b6a99f784ff2e2f24e8789ee5d1ba019f
SHA256: a9e4ce36ca738ec265db23a2eeec643bdc256df0686062b69cf4660ad4bbeaea
ssdeep: 96:nPUW2eBXPNBxBWtY1ZuC1PS8A28e9lZGC0e:nc4l58Y17jA2XeBe
File size : 6656 bytes
First seen: 2010-02-08 10:29:15
Last seen : 2011-01-29 18:15:14
TrID:
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x1C0C
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)
[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0xCB8, 0xE00, 5.94, f838ddf4b795968e326b06b0e42fb162
DATA, 0x2000, 0x8, 0x200, 0.04, 532dd4aa9cd9b1a3dad1f0b610d1d6cc
BSS, 0x3000, 0xA2321, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.idata, 0xA6000, 0x284, 0x400, 3.23, 31e8b75f00ee72119e8f0d98f58a0573
.reloc, 0xA7000, 0x110, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rsrc, 0xA8000, 0x200, 0x200, 0.08, 793d208c86af793cc8cd917d5a9d29e0
[[ 3 import(s) ]]
advapi32.dll: RegisterServiceCtrlHandlerW, SetServiceStatus, StartServiceCtrlDispatcherW
kernel32.dll: VirtualProtectEx, Sleep, SetErrorMode, LocalUnlock, LocalReAlloc, LocalLock, LocalFree, LocalAlloc, HeapFree, HeapAlloc, GetVolumeInformationW, GetProcessHeap, GetModuleHandleW, GetCommandLineW, FindFirstFileExW, FindClose, ExitProcess
ntdll.dll: ZwQueryInformationFile, ZwCreateFile, ZwClose, RtlInitUnicodeString
ExifTool:
file metadata
CodeSize: 3584
EntryPoint: 0x1c0c
FileSize: 6.5 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 2560
LinkerVersion: 2.25
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 1.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1992:06:20 00:22:17+02:00
UninitializedDataSize: 0
-
File name: F9551908.exe
Submission date: 2011-01-29 18:11:27 (UTC)
Current status: queued queued analysing finished
Result: 3/ 43 (7.0%)
Antivirus Version Last Update Result
AhnLab-V3 2011.01.27.01 2011.01.27 -
AntiVir 7.11.2.31 2011.01.28 -
Antiy-AVL 2.0.3.7 2011.01.28 -
Avast 4.8.1351.0 2011.01.29 -
Avast5 5.0.677.0 2011.01.29 -
AVG 10.0.0.1190 2011.01.29 -
BitDefender 7.2 2011.01.29 -
CAT-QuickHeal 11.00 2011.01.29 -
ClamAV 0.96.4.0 2011.01.29 -
Commtouch 5.2.11.5 2011.01.28 -
Comodo 7531 2011.01.29 -
DrWeb 5.0.2.03300 2011.01.29 -
Emsisoft 5.1.0.1 2011.01.29 -
eSafe 7.0.17.0 2011.01.27 -
eTrust-Vet 36.1.8126 2011.01.28 -
F-Prot 4.6.2.117 2011.01.28 -
F-Secure 9.0.16160.0 2011.01.29 -
Fortinet 4.2.254.0 2011.01.29 W32/CodecPack.GX!tr.dldr
GData 21 2011.01.29 -
Ikarus T3.1.1.97.0 2011.01.29 -
Jiangmin 13.0.900 2011.01.29 -
K7AntiVirus 9.78.3680 2011.01.29 -
Kaspersky 7.0.0.125 2011.01.29 Trojan-Downloader.Win32.CodecPack.sjt
McAfee 5.400.0.1158 2011.01.29 -
McAfee-GW-Edition 2010.1C 2011.01.29 -
Microsoft 1.6502 2011.01.29 -
NOD32 5830 2011.01.29 -
Norman 6.06.12 2011.01.29 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.3.5 2011.01.29 Suspicious file
PCTools 7.0.3.5 2011.01.27 -
Prevx 3.0 2011.01.29 -
Rising 23.42.04.06 2011.01.28 -
Sophos 4.61.0 2011.01.29 -
SUPERAntiSpyware 4.40.0.1006 2011.01.29 -
Symantec 20101.3.0.103 2011.01.29 -
TheHacker 6.7.0.1.120 2011.01.26 -
TrendMicro 9.120.0.1004 2011.01.29 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.29 -
VBA32 3.12.14.3 2011.01.29 -
VIPRE 8240 2011.01.29 -
ViRobot 2011.1.29.4282 2011.01.29 -
VirusBuster 13.6.171.1 2011.01.29 -
Additional informationShow all
MD5 : 2f5b3d5bcab8eaec43263edf7a45a918
SHA1 : 377b704b6a99f784ff2e2f24e8789ee5d1ba019f
SHA256: a9e4ce36ca738ec265db23a2eeec643bdc256df0686062b69cf4660ad4bbeaea
ssdeep: 96:nPUW2eBXPNBxBWtY1ZuC1PS8A28e9lZGC0e:nc4l58Y17jA2XeBe
File size : 6656 bytes
First seen: 2010-02-08 10:29:15
Last seen : 2011-01-29 18:11:27
TrID:
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x1C0C
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)
[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0xCB8, 0xE00, 5.94, f838ddf4b795968e326b06b0e42fb162
DATA, 0x2000, 0x8, 0x200, 0.04, 532dd4aa9cd9b1a3dad1f0b610d1d6cc
BSS, 0x3000, 0xA2321, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.idata, 0xA6000, 0x284, 0x400, 3.23, 31e8b75f00ee72119e8f0d98f58a0573
.reloc, 0xA7000, 0x110, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rsrc, 0xA8000, 0x200, 0x200, 0.08, 793d208c86af793cc8cd917d5a9d29e0
[[ 3 import(s) ]]
advapi32.dll: RegisterServiceCtrlHandlerW, SetServiceStatus, StartServiceCtrlDispatcherW
kernel32.dll: VirtualProtectEx, Sleep, SetErrorMode, LocalUnlock, LocalReAlloc, LocalLock, LocalFree, LocalAlloc, HeapFree, HeapAlloc, GetVolumeInformationW, GetProcessHeap, GetModuleHandleW, GetCommandLineW, FindFirstFileExW, FindClose, ExitProcess
ntdll.dll: ZwQueryInformationFile, ZwCreateFile, ZwClose, RtlInitUnicodeString
ExifTool:
file metadata
CodeSize: 3584
EntryPoint: 0x1c0c
FileSize: 6.5 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 2560
LinkerVersion: 2.25
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 1.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1992:06:20 00:22:17+02:00
UninitializedDataSize: 0
-
Does the computer store the BSoD that have occured somewhere where we can we read them later; like in a log file or something ?
-
ComboFix 11-01-28.03 - Waheb 01/29/2011 14:43:10.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1256.966.1033.18.1013.274 [GMT 3:00]
Running from: c:\documents and settings\Waheb\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Waheb\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
.
2011-01-28 14:10 . 2011-01-28 14:10 6656 ----a-w- c:\windows\system32\F9551908.exe
2011-01-28 10:24 . 2011-01-28 10:24 6656 ----a-w- c:\windows\system32\BD7EBD1C.exe
2011-01-27 17:55 . 2011-01-27 17:55 -------- d-----w- c:\documents and settings\Waheb\Application Data\Hoyle FaceCreator
2011-01-27 17:55 . 2011-01-27 17:55 -------- d-----w- c:\documents and settings\Waheb\Application Data\Hoyle
2011-01-27 17:54 . 2008-03-05 12:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-01-27 11:50 . 2011-01-27 11:53 -------- d-----w- c:\program files\fsumfrontend-1.5.5.1-bin
2011-01-26 21:05 . 2011-01-26 21:05 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\WinZip Courier
2011-01-26 20:26 . 2011-01-26 20:26 -------- d-----w- c:\windows\system32\NtmsData
2011-01-26 18:29 . 2010-12-20 15:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 18:29 . 2011-01-26 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-26 18:29 . 2010-12-20 15:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 17:18 . 2011-01-25 17:18 -------- d-----w- c:\program files\IObit
2011-01-25 17:18 . 2011-01-25 17:18 -------- d-----w- c:\documents and settings\Waheb\Application Data\IObit
2011-01-25 12:01 . 2011-01-25 12:01 -------- d-----w- c:\documents and settings\Administrator
2011-01-24 19:03 . 2011-01-24 19:03 -------- d-----w- c:\documents and settings\Waheb\Application Data\Avira
2011-01-24 18:56 . 2010-12-13 05:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-24 18:56 . 2010-12-13 05:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-24 18:56 . 2010-06-17 11:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-01-24 18:56 . 2010-06-17 11:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-01-24 18:56 . 2011-01-24 18:56 -------- d-----w- c:\program files\Avira
2011-01-24 18:56 . 2011-01-24 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-01-24 17:32 . 2011-01-24 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipEC
2011-01-24 17:32 . 2011-01-24 17:32 -------- d-----w- c:\program files\WinZip Courier
2011-01-24 17:20 . 2011-01-24 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipSE
2011-01-24 17:20 . 2011-01-24 17:20 -------- d-----w- c:\program files\WinZip Self-Extractor
2011-01-23 10:37 . 2011-01-23 10:37 -------- d-----w- c:\windows\lhsp
2011-01-23 10:36 . 2011-01-23 10:36 -------- d-----w- c:\windows\speech
2011-01-23 10:36 . 2011-01-23 10:36 -------- d-----w- c:\program files\QFIT
2011-01-23 08:29 . 2011-01-23 08:29 -------- d-----w- c:\documents and settings\Waheb\Application Data\TreeCardGames
2011-01-23 08:28 . 2011-01-23 08:29 -------- d-----w- c:\program files\Sudoku Up
2011-01-23 07:58 . 2011-01-27 07:31 -------- d-----w- c:\documents and settings\Waheb\Application Data\MahJong Suite
2011-01-23 07:57 . 2011-01-23 09:12 -------- d-----w- c:\program files\MahJong Suite
2011-01-23 07:51 . 2011-01-23 07:51 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\WinZip
2011-01-23 06:48 . 2011-01-23 06:50 -------- d-----w- c:\documents and settings\Waheb\Application Data\avidemux
2011-01-23 06:48 . 2011-01-23 06:48 -------- d-----w- c:\program files\Avidemux 2.5
2011-01-23 05:07 . 2011-01-24 16:11 -------- d-----w- c:\program files\e-Sword
2011-01-23 05:07 . 2011-01-23 05:07 -------- d-----w- c:\program files\Common Files\EzTools
2011-01-23 05:07 . 2011-01-23 05:07 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\Downloaded Installations
2011-01-19 17:31 . 2011-01-19 17:31 -------- d-----w- c:\documents and settings\Waheb\Application Data\Microsoft FxCop
2011-01-19 17:15 . 2011-01-19 17:15 -------- d-----w- c:\program files\Microsoft FxCop 1.36
2011-01-19 17:03 . 2011-01-19 17:03 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\assembly
2011-01-19 17:03 . 2011-01-19 17:03 -------- d-----w- c:\documents and settings\Waheb\Local Settings\Application Data\Deployment
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-17 13:02 . 2010-12-17 13:02 100843 ----a-w- c:\windows\SVCFilterDesign Uninstaller.exe
2010-12-17 13:02 . 2010-12-17 13:02 141567 ----a-w- c:\windows\PIEL Uninstaller.exe
2010-12-17 13:01 . 2010-12-17 13:01 126948 ----a-w- c:\windows\MeterBasic Uninstaller.exe
2010-12-17 13:01 . 2010-12-17 13:01 173041 ----a-w- c:\windows\Helical Uninstaller.exe
2010-12-17 13:01 . 2010-12-17 13:01 219975 ----a-w- c:\windows\Diplexer Uninstaller.exe
2010-12-08 08:13 . 2010-12-08 06:55 2478272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-12-08 06:56 . 2010-12-08 06:56 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-12-01 10:44 . 2010-12-01 10:44 100560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-12-01 10:44 . 2010-12-10 20:26 143248 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-12-01 10:44 . 2010-12-10 20:26 41936 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-12-01 10:44 . 2010-12-01 10:44 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-12-01 10:44 . 2010-12-01 10:44 111504 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-11-29 13:25 . 2010-11-29 13:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-29 13:25 . 2010-10-23 16:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-26 20:30 . 2010-11-26 19:04 67 ----a-w- c:\documents and settings\Waheb\update.bat
2010-11-22 11:30 . 2010-10-23 16:09 31744 ----a-w- c:\windows\system32\maplec.dll
2010-11-22 11:30 . 2010-10-23 16:09 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-11-22 11:30 . 2010-10-23 16:09 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-11-18 18:12 . 2010-05-16 21:59 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-11 10:48 . 2010-11-11 10:48 70768 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-11-11 10:48 . 2010-11-11 10:48 854128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-11-11 10:48 . 2010-12-10 23:07 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-11-11 10:48 . 2010-12-10 23:07 404080 ----a-w- c:\windows\system32\vmnat.exe
2010-11-11 10:47 . 2010-12-10 23:07 760432 ----a-w- c:\windows\system32\vnetlib.dll
2010-11-11 10:47 . 2010-12-10 23:06 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-11-11 10:46 . 2010-11-11 10:46 51312 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-11-11 10:46 . 2010-11-11 10:46 32752 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-11-11 10:46 . 2010-12-10 23:07 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-11-11 09:31 . 2010-11-11 09:31 32368 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-11-11 09:04 . 2010-11-11 09:04 252528 ----a-w- c:\windows\system32\vmnc.dll
2010-11-11 07:04 . 2010-11-11 07:04 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2010-11-11 07:04 . 2010-11-11 07:04 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-11-11 07:04 . 2010-11-11 07:04 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-11-11 07:04 . 2010-11-11 07:04 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-11-09 14:52 . 2010-05-17 08:40 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-07 17:17 . 2010-10-23 16:48 333840 ----a-w- c:\windows\system32\mltcpip32.mlp
2010-11-07 17:17 . 2010-10-23 16:48 93712 ----a-w- c:\windows\system32\mltcp32.mlp
2010-11-07 17:17 . 2010-10-23 16:48 88080 ----a-w- c:\windows\system32\mlshm32.mlp
2010-11-07 17:17 . 2010-10-23 16:48 167952 ----a-w- c:\windows\system32\mlmodule32.dll
2010-11-07 17:17 . 2010-10-23 16:48 79376 ----a-w- c:\windows\system32\mlmap32.mlp
2010-11-07 17:16 . 2010-10-23 16:48 369680 ----a-w- c:\windows\system32\ml32i3.dll
2010-11-07 17:16 . 2010-10-23 16:48 260112 ----a-w- c:\windows\system32\ml32i2.dll
2010-11-07 17:16 . 2010-10-23 16:48 253968 ----a-w- c:\windows\system32\ml32i1.dll
2010-11-06 00:26 . 2010-05-17 08:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2010-05-17 08:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2010-05-17 08:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2010-05-17 08:40 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2010-05-17 08:40 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-11-01 11:27 . 2010-11-01 11:27 217088 ----a-w- c:\windows\system32\DownloadXPro.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-26_16.59.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-29 00:19 . 2011-01-29 00:19 16384 c:\windows\temp\Perflib_Perfdata_eac.dat
+ 2011-01-29 00:20 . 2011-01-29 00:20 16384 c:\windows\temp\Perflib_Perfdata_e54.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-16 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-16 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]
"PLFSetL"="c:\windows\PLFSetL.exe" [2010-02-12 99712]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2010-02-12 202112]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2010-02-12 30080]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-04-13 248440]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-10-29 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-12 607584]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Hyperappel du Petit Larousse 2010.lnk - c:\program files\Larousse\Petit Larousse 2010\bin\Hyperappel.exe [2010-10-23 237568]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Maple 13\\jre\\bin\\maple.exe"=
"c:\\Program Files\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Maple 13\\jre\\bin\\java.exe"=
"c:\\Program Files\\Maxima-5.22.1\\bin\\xmaxima.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Maple 14\\jre\\bin\\maple.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\WinWrapIDE.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.com"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\JRE\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\math.exe"=
"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=
"c:\\Program Files\\Le Petit Robert 2009 (3.2)\\RobertHA.exe"=
"c:\\Program Files\\Le Petit Robert 2009 (3.2)\\prnet.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\math.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [12/10/2010 23:26 143248]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [12/10/2010 23:26 41936]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/24/2011 21:56 135336]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [5/17/2010 11:40 312400]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/26/2011 21:29 363344]
R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [5/17/2010 02:33 243232]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11/11/2010 13:48 70768]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11/11/2010 12:31 539248]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [5/17/2010 11:40 60456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/26/2011 21:29 20952]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/1/2010 13:44 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/1/2010 13:44 111504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2010 17:22 135664]
S3 2A0D8282;2A0D8282;c:\windows\system32\2A0D8282.exe --> c:\windows\system32\2A0D8282.exe [?]
S3 A80FD0CE;A80FD0CE;c:\windows\system32\A80FD0CE.exe --> c:\windows\system32\A80FD0CE.exe [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 05:46 288112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/17/2010 02:11 1691480]
S3 BD7EBD1C;BD7EBD1C;c:\windows\system32\BD7EBD1C.exe [1/28/2011 13:24 6656]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 17:51 30963576]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11/13/2010 23:29 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11/13/2010 23:29 8320]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 20:37 4640000]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [1/13/2009 03:00 451456]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 13:37 517096]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [12/8/2009 21:24 48128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/23/2009 06:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 03:23 366936]
.
Contents of the 'Scheduled Tasks' folder
2011-01-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8287896517.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]
2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 14:22]
2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 14:22]
2011-01-28 c:\windows\Tasks\Minitab Software Update Manager.job
- c:\program files\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [2010-03-25 06:45]
2011-01-14 c:\windows\Tasks\WebReg 20110114134107.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-05 22:01]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0401&m=em350&r=0xph1010n125l0484wum5r46n2r739
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: ????? ??? &???? Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ????? ??? Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Waheb\Application Data\Mozilla\Firefox\Profiles\7rc0ftad.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 15:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2076)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-29 15:17:59
ComboFix-quarantined-files.txt 2011-01-29 12:17
ComboFix2.txt 2011-01-26 22:49
ComboFix3.txt 2011-01-26 17:06
Pre-Run: 51,697,356,800 bytes free
Post-Run: 51,681,259,520 bytes free
- - End Of File - - 937D0D77AE9C1C557EFB71B3F0BAAA49
-
I thought you might want to look at a log from Antivir before ComboFix potentialy modifies anything:
Avira AntiVir Personal
Report file date: Saturday, January 29, 2011 03:58
Scanning for 2435637 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Waheb
Computer name : EMACHINE-70C055
Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 07/01/32 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 07/01/32 05:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 17/04/31 09:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 07/01/32 05:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 26/02/31 20:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 19/11/30 14:33:40
VBASE001.VDF : 7.11.0.0 13342208 Bytes 08/01/32 14:33:40
VBASE002.VDF : 7.11.0.1 2048 Bytes 08/01/32 14:33:40
VBASE003.VDF : 7.11.0.2 2048 Bytes 08/01/32 14:33:40
VBASE004.VDF : 7.11.0.3 2048 Bytes 08/01/32 14:33:40
VBASE005.VDF : 7.11.0.4 2048 Bytes 08/01/32 14:33:40
VBASE006.VDF : 7.11.0.5 2048 Bytes 08/01/32 14:33:40
VBASE007.VDF : 7.11.0.6 2048 Bytes 08/01/32 14:33:40
VBASE008.VDF : 7.11.0.7 2048 Bytes 08/01/32 14:33:40
VBASE009.VDF : 7.11.0.8 2048 Bytes 08/01/32 14:33:40
VBASE010.VDF : 7.11.0.9 2048 Bytes 08/01/32 14:33:40
VBASE011.VDF : 7.11.0.10 2048 Bytes 08/01/32 14:33:40
VBASE012.VDF : 7.11.0.11 2048 Bytes 08/01/32 14:33:40
VBASE013.VDF : 7.11.0.52 128000 Bytes 10/01/32 14:33:40
VBASE014.VDF : 7.11.0.91 226816 Bytes 14/01/32 14:33:40
VBASE015.VDF : 7.11.0.122 136192 Bytes 15/01/32 14:33:40
VBASE016.VDF : 7.11.0.156 122880 Bytes 18/01/32 14:33:40
VBASE017.VDF : 7.11.0.185 146944 Bytes 21/01/32 14:33:40
VBASE018.VDF : 7.11.0.228 132608 Bytes 24/01/32 14:33:40
VBASE019.VDF : 7.11.1.5 148480 Bytes 28/01/32 14:33:40
VBASE020.VDF : 7.11.1.37 156672 Bytes 02/02/32 14:33:40
VBASE021.VDF : 7.11.1.65 140800 Bytes 05/02/32 14:33:40
VBASE022.VDF : 7.11.1.87 225280 Bytes 06/02/32 14:33:40
VBASE023.VDF : 7.11.1.124 125440 Bytes 09/02/32 14:33:40
VBASE024.VDF : 7.11.1.155 132096 Bytes 12/02/32 14:33:40
VBASE025.VDF : 7.11.1.189 451072 Bytes 15/02/32 14:33:40
VBASE026.VDF : 7.11.1.230 138752 Bytes 19/02/32 14:33:40
VBASE027.VDF : 7.11.2.12 164352 Bytes 22/02/32 07:22:19
VBASE028.VDF : 7.11.2.13 2048 Bytes 22/02/32 07:22:20
VBASE029.VDF : 7.11.2.14 2048 Bytes 22/02/32 07:22:20
VBASE030.VDF : 7.11.2.15 2048 Bytes 22/02/32 07:22:22
VBASE031.VDF : 7.11.2.31 71168 Bytes 23/02/32 16:45:49
Engineversion : 8.2.4.150
AEVDF.DLL : 8.1.2.1 106868 Bytes 19/02/32 14:33:38
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 19/02/32 14:33:38
AESCN.DLL : 8.1.7.2 127349 Bytes 19/02/32 14:33:38
AESBX.DLL : 8.1.3.2 254324 Bytes 19/02/32 14:33:38
AERDL.DLL : 8.1.9.2 635252 Bytes 19/02/32 14:33:38
AEPACK.DLL : 8.2.4.8 512374 Bytes 19/02/32 14:33:38
AEOFFICE.DLL : 8.1.1.15 205178 Bytes 19/02/32 14:33:38
AEHEUR.DLL : 8.1.2.68 3178870 Bytes 19/02/32 14:33:38
AEHELP.DLL : 8.1.16.0 246136 Bytes 19/02/32 14:33:36
AEGEN.DLL : 8.1.5.2 397683 Bytes 19/02/32 14:33:36
AEEMU.DLL : 8.1.3.0 393589 Bytes 19/02/32 14:33:36
AECORE.DLL : 8.1.19.2 196983 Bytes 19/02/32 14:33:36
AEBB.DLL : 8.1.1.0 53618 Bytes 19/02/32 14:33:36
AVWINLL.DLL : 10.0.0.0 19304 Bytes 07/01/32 05:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 07/01/32 05:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 21/02/32 18:05:10
AVREG.DLL : 10.0.3.2 53096 Bytes 07/01/32 05:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 07/01/32 05:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 07/01/32 05:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 07/01/32 05:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 06/07/31 11:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 07/01/32 05:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 06/07/31 11:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 13/02/31 10:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 07/01/32 05:40:20
Configuration settings for the scan:
Jobname.............................: Scan for Rootkits and active malware
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 99
Smart extensions....................: on
Deviating archive types.............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO,
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Start of the scan: Saturday, January 29, 2011 03:58
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware\schedulerqueue
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'avcenter.exe' - '76' Module(s) have been scanned
Scan process 'avscan.exe' - '65' Module(s) have been scanned
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '62' Module(s) have been scanned
Scan process 'dllhost.exe' - '48' Module(s) have been scanned
Scan process 'vssvc.exe' - '51' Module(s) have been scanned
Scan process 'unsecapp.exe' - '39' Module(s) have been scanned
Scan process 'LMworker.exe' - '20' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '43' Module(s) have been scanned
Scan process 'btwdins.exe' - '23' Module(s) have been scanned
Scan process 'vmnetdhcp.exe' - '15' Module(s) have been scanned
Scan process 'vmware-authd.exe' - '63' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '38' Module(s) have been scanned
Scan process 'vmnat.exe' - '20' Module(s) have been scanned
Scan process 'vmware-usbarbitrator.exe' - '24' Module(s) have been scanned
Scan process 'UpdaterService.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '30' Module(s) have been scanned
Scan process 'mbamservice.exe' - '50' Module(s) have been scanned
Scan process 'jqs.exe' - '35' Module(s) have been scanned
Scan process 'hasplms.exe' - '40' Module(s) have been scanned
Scan process 'dsiwmis.exe' - '41' Module(s) have been scanned
Scan process 'hpotdd01.exe' - '36' Module(s) have been scanned
Scan process 'hpohmr08.exe' - '32' Module(s) have been scanned
Scan process 'BTTray.exe' - '50' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'avgnt.exe' - '54' Module(s) have been scanned
Scan process 'jusched.exe' - '23' Module(s) have been scanned
Scan process 'Apntex.exe' - '22' Module(s) have been scanned
Scan process 'Acrotray.exe' - '28' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '25' Module(s) have been scanned
Scan process 'vsnp325.exe' - '21' Module(s) have been scanned
Scan process 'Apoint.exe' - '42' Module(s) have been scanned
Scan process 'snuvcdsm.exe' - '20' Module(s) have been scanned
Scan process 'LManager.exe' - '65' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '25' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '38' Module(s) have been scanned
Scan process 'iaanotif.exe' - '40' Module(s) have been scanned
Scan process 'igfxpers.exe' - '25' Module(s) have been scanned
Scan process 'hkcmd.exe' - '28' Module(s) have been scanned
Scan process 'Explorer.EXE' - '112' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'spoolsv.exe' - '68' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '170' Module(s) have been scanned
Scan process 'SbieSvc.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'avshadow.exe' - '28' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'lsass.exe' - '61' Module(s) have been scanned
Scan process 'services.exe' - '29' Module(s) have been scanned
Scan process 'winlogon.exe' - '68' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting to scan executable files (registry).
The registry was scanned ( '547' files ).
Starting the file scan:
Begin scan in 'C:' <OS>
C:\Program Files\LibreOffice 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar
[0] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
[WARNING] Internal error!
End of the scan: Saturday, January 29, 2011 08:51
Used time: 4:53:13 Hour(s)
The scan has been done completely.
55896 Scanned directories
2312791 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2312791 Files not concerned
17921 Archives were scanned
2 Warnings
0 Notes
1155440 Objects were scanned with rootkit scan
1 Hidden objects were found
-
I still can't enter any of the three available Safe modes.
However, I have caught a glimpse of the word "buffer" from the lightning-fast BSoD.
-
chkdsk returned "volume is clean."
In normal Windows, I downloaded a randomized PrevX installation file, PrevX installed itself in a random path and I closed a VMWare tray icon ... PrevX completed its scan and came up with two "Medium Risk Malware infections" that I have on other computers since a very long time. I have never had problelms entering Safe Mode on those computers.
The concerned files are:
- mwxpcpanelctrlsx4x3.ocx ( c:\program files\matlab\r2010a\toolbox\rtw\targets\xpc\xpc\xpcmngr\ocx\ )
- mwxpcpanelctrlsx4x2.ocx ( c:\program files\matlab\r2010a\toolbox\rtw\targets\xpc\xpc\xpcmngr\ocx\ )
-
While I was waiting for your reply, I took the liberty to run a full (all files, maximum archive recursion thing, high heuristic, etc..) rootkit scan using the latest antivir engine with latest definitions.
It's stuck on this file:
c:\windows\wlan\setup_iss\xp_iss\driver_only\install\setup.iss
Harddrive light isn't blinking as it usually does during scans and CPU usage according to Task Manager is 4%
==> I think it's hung.
I will abort this scan and carry out chkdsk.
-
PrevX never gets to finish it's scan ... it detects 2 infections then immediately crashes.
Regarding chkdsk, I'm talking about the files that scroll down the black screen right after I select Safemode.
-
What are we looking for ? Rootkit ?
Could it be that the files are corrupt and I need to run that chkdsk thing ?
-
What are we going to do about the RkU and Prevx3.0 detections ?
-
Done...
Now what ?
-
oops sorry !!!
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000004
Kernel Drivers (total 195):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7CBF000 \WINDOWS\system32\KDCOM.DLL
0xF7BCF000 \WINDOWS\system32\BOOTVID.dll
0xF7770000 ACPI.sys
0xF7CC1000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF775F000 pci.sys
0xF77BF000 isapnp.sys
0xF7BD3000 compbatt.sys
0xF7BD7000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7D87000 pciide.sys
0xF7A3F000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7CC3000 aliide.sys
0xF7CC5000 intelide.sys
0xF7CC7000 toside.sys
0xF7CC9000 viaide.sys
0xF7CCB000 cmdide.sys
0xF77CF000 MountMgr.sys
0xF7740000 ftdisk.sys
0xF7A47000 PartMgr.sys
0xF7BDB000 ACPIEC.sys
0xF7D88000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF77DF000 VolSnap.sys
0xF7BDF000 cpqarray.sys
0xF7728000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF764E000 iaStor.sys
0xF7636000 atapi.sys
0xF7BE3000 aha154x.sys
0xF7A4F000 sparrow.sys
0xF7BE7000 symc810.sys
0xF77EF000 aic78xx.sys
0xF7BEB000 dac960nt.sys
0xF77FF000 ql10wnt.sys
0xF7BEF000 amsint.sys
0xF7A57000 asc.sys
0xF7BF3000 asc3550.sys
0xF7A5F000 mraid35x.sys
0xF7A67000 i2omp.sys
0xF7BF7000 ini910u.sys
0xF780F000 ql1240.sys
0xF781F000 aic78u2.sys
0xF7A6F000 symc8xx.sys
0xF7A77000 sym_hi.sys
0xF7A7F000 sym_u3.sys
0xF7A87000 ABP480N5.SYS
0xF7A8F000 asc3350p.sys
0xF7CCD000 cd20xrnt.sys
0xF782F000 ultra.sys
0xF761D000 adpu160m.sys
0xF7A97000 dpti2o.sys
0xF783F000 ql1080.sys
0xF784F000 ql1280.sys
0xF785F000 ql12160.sys
0xF7A9F000 perc2.sys
0xF7CCF000 perc2hib.sys
0xF7AA7000 hpn.sys
0xF7BFB000 cbidf2k.sys
0xF75F1000 dac2w2k.sys
0xF786F000 disk.sys
0xF787F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF75D1000 fltMgr.sys
0xF75BF000 sr.sys
0xF788F000 PxHelp20.sys
0xF75A8000 KSecDD.sys
0xF7595000 WudfPf.sys
0xF7508000 Ntfs.sys
0xF74DB000 NDIS.sys
0xF789F000 sisagp.sys
0xF78AF000 viaagp.sys
0xF74C1000 Mup.sys
0xF78BF000 alim1541.sys
0xF78CF000 amdagp.sys
0xF78DF000 agp440.sys
0xF78EF000 agpCPQ.sys
0xF7CB7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF799F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF554A000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF5536000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF550E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF54FD000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
0xF5377000 \SystemRoot\system32\DRIVERS\athw.sys
0xF7AFF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5353000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7B07000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7CBB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7B0F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7B17000 \??\C:\WINDOWS\system32\drivers\VMkbd.sys
0xF5311000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF79BF000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF52A0000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF7B1F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6585000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF51AF000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF516E000 \SystemRoot\system32\drivers\srs_sscfilter_i386.sys
0xF514B000 \SystemRoot\system32\drivers\ks.sys
0xF7E3B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF79CF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6581000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5134000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF79DF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF79EF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7B27000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5123000 \SystemRoot\system32\DRIVERS\psched.sys
0xF79FF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7B2F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7B37000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF510C000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0xF7A0F000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF50F2000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0xF7D21000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5094000 \SystemRoot\system32\DRIVERS\update.sys
0xF656D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6569000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0xF6565000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0xF5746000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF793F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7D51000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA584F000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA582B000 \SystemRoot\system32\drivers\portcls.sys
0xF794F000 \SystemRoot\system32\drivers\drmk.sys
0xA9E25000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA1B01000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF7D6D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7E04000 \SystemRoot\System32\Drivers\Null.SYS
0xF7D6F000 \SystemRoot\System32\Drivers\Beep.SYS
0xA3F10000 \SystemRoot\System32\drivers\vga.sys
0xF7D71000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7D73000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA3F08000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA3F00000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA9E21000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9EC29000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9EBD0000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9EBA8000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9EB82000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9EB4A000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xA581B000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA1AE1000 \SystemRoot\system32\DRIVERS\Ip6Fw.sys
0x9EB28000 \SystemRoot\System32\drivers\afd.sys
0xA1AD1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA1AC1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA1AB1000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x9EB06000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x9EACF000 \SystemRoot\System32\drivers\truecrypt.sys
0xA283E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA1AA1000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x9EA54000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9E9BC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA1A71000 \SystemRoot\System32\Drivers\Fips.SYS
0x9E80E000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xA134B000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xA2836000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x9E7E8000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7D5D000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xA568F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0x9B96F000 \SystemRoot\System32\drivers\Dxapi.sys
0xA3F30000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7EAD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF059000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E9000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9B37E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9EA50000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0x9B30D000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
0xF593E000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x9B33A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B218000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9B1DB000 \SystemRoot\system32\drivers\wdmaud.sys
0xA50F3000 \SystemRoot\system32\drivers\sysaudio.sys
0xA1A91000 \??\C:\WINDOWS\system32\drivers\hcmon.sys
0xF6A24000 \??\C:\WINDOWS\system32\Drivers\vmci.sys
0x9ABB7000 \??\C:\WINDOWS\system32\Drivers\vmx86.sys
0x9AA09000 \SystemRoot\System32\Drivers\adfs.SYS
0x9A9AE000 \??\C:\WINDOWS\system32\drivers\aksfridge.sys
0x9A80D000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0x9A7C8000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9A5E0000 \SystemRoot\system32\DRIVERS\srv.sys
0x9EE7F000 \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys
0x99D7A000 \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
0x99936000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x995B0000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7B4F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9AD7E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9933B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9A99E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x991C5000 \SystemRoot\system32\drivers\kmixer.sys
0xA3F20000 \SystemRoot\System32\drivers\pxkbf.sys
0x99074000 \SystemRoot\System32\drivers\pxrts.sys
0xF7AEF000 \SystemRoot\System32\drivers\pxscan.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 63):
0 System Idle Process
4 System
876 C:\WINDOWS\system32\smss.exe
924 csrss.exe
948 C:\WINDOWS\system32\winlogon.exe
992 C:\WINDOWS\system32\services.exe
1004 C:\WINDOWS\system32\lsass.exe
1172 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1508 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1656 C:\WINDOWS\system32\svchost.exe
1704 svchost.exe
148 C:\Program Files\Sandboxie\SbieSvc.exe
184 C:\WINDOWS\system32\svchost.exe
368 C:\WINDOWS\system32\svchost.exe
456 svchost.exe
624 svchost.exe
1200 C:\WINDOWS\system32\spoolsv.exe
1248 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1320 svchost.exe
2016 C:\WINDOWS\explorer.exe
492 C:\WINDOWS\system32\hkcmd.exe
500 C:\WINDOWS\system32\igfxpers.exe
532 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
576 C:\WINDOWS\system32\igfxsrvc.exe
580 C:\WINDOWS\RTHDCPL.EXE
828 C:\Program Files\Launch Manager\LManager.exe
968 C:\WINDOWS\snuvcdsm.exe
1068 C:\Program Files\Apoint2K\Apoint.exe
1384 C:\WINDOWS\vsnp325.exe
1472 C:\Program Files\Apoint2K\ApMsgFwd.exe
1756 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
1800 C:\Program Files\Apoint2K\ApntEx.exe
1784 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1796 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
2080 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2536 C:\WINDOWS\system32\ctfmon.exe
2880 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2900 C:\Program Files\Launch Manager\dsiwmis.exe
2932 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
3028 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
3108 C:\WINDOWS\system32\hasplms.exe
3356 C:\Program Files\Java\jre6\bin\jqs.exe
3796 sqlservr.exe
3832 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
864 C:\WINDOWS\system32\svchost.exe
2372 C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
2784 C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
3244 C:\WINDOWS\system32\vmnat.exe
668 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2640 C:\WINDOWS\system32\vmnetdhcp.exe
452 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
3884 wmiprvse.exe
2928 alg.exe
2860 C:\Program Files\Launch Manager\LMworker.exe
4048 C:\WINDOWS\system32\wbem\unsecapp.exe
3828 C:\WINDOWS\system32\BD7EBD1C.exe
2236 C:\Program Files\Internet Explorer\iexplore.exe
636 C:\WINDOWS\system32\vsjitdebugger.exe
2172 C:\WINDOWS\system32\vsjitdebugger.exe
2204 C:\WINDOWS\system32\vsjitdebugger.exe
2228 C:\WINDOWS\system32\wscntfy.exe
3300 C:\Program Files\Prevx\prevx.exe
2728 C:\Documents and Settings\Waheb\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`c0100000 (NTFS)
PhysicalDrive0 Model Number: WDCWD1600BEVT-22A23T0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
-
For Your information:
I have run the latest Prevx and it crashed a couple of seconds after detecting two infections somewhere in the c:/Programs ... (scanning was going very fast)
-
2011/01/28 20:15:09.0390 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/28 20:15:09.0390 ================================================================================
2011/01/28 20:15:09.0390 SystemInfo:
2011/01/28 20:15:09.0390
2011/01/28 20:15:09.0390 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/28 20:15:09.0390 Product type: Workstation
2011/01/28 20:15:09.0390 ComputerName: EMACHINE-70C055
2011/01/28 20:15:09.0390 UserName: Waheb
2011/01/28 20:15:09.0390 Windows directory: C:\WINDOWS
2011/01/28 20:15:09.0390 System windows directory: C:\WINDOWS
2011/01/28 20:15:09.0390 Processor architecture: Intel x86
2011/01/28 20:15:09.0390 Number of processors: 2
2011/01/28 20:15:09.0390 Page size: 0x1000
2011/01/28 20:15:09.0390 Boot type: Normal boot
2011/01/28 20:15:09.0406 ================================================================================
2011/01/28 20:15:10.0312 Initialize success
2011/01/28 20:15:14.0000 ================================================================================
2011/01/28 20:15:14.0000 Scan started
2011/01/28 20:15:14.0000 Mode: Manual;
2011/01/28 20:15:14.0000 ================================================================================
2011/01/28 20:15:16.0031 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/28 20:15:16.0109 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/28 20:15:16.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/28 20:15:16.0265 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
2011/01/28 20:15:16.0343 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/28 20:15:16.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/28 20:15:16.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/28 20:15:16.0625 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/01/28 20:15:16.0703 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/28 20:15:16.0750 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/28 20:15:16.0781 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/28 20:15:16.0828 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/28 20:15:16.0875 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/28 20:15:16.0968 aksfridge (45f65f2f7ae28e5e56ab64e3ac61bd52) C:\WINDOWS\system32\drivers\aksfridge.sys
2011/01/28 20:15:17.0093 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/28 20:15:17.0140 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/28 20:15:17.0250 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/01/28 20:15:17.0359 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/28 20:15:17.0437 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/28 20:15:17.0562 ApfiltrService (10b2c784163208693248af6241c011ff) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/01/28 20:15:17.0703 AR5416 (e6d433868e1c0b1dead8d5f64bb2af9f) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/01/28 20:15:17.0843 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/28 20:15:17.0906 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/28 20:15:17.0968 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/28 20:15:18.0078 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/28 20:15:18.0125 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/28 20:15:18.0250 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/28 20:15:18.0343 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/28 20:15:18.0531 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/01/28 20:15:18.0593 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/01/28 20:15:18.0640 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/01/28 20:15:18.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/28 20:15:18.0937 BTKRNL (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/01/28 20:15:19.0109 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/28 20:15:19.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/28 20:15:19.0218 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/28 20:15:19.0281 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/28 20:15:19.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/28 20:15:19.0421 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/28 20:15:19.0531 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/28 20:15:19.0671 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/28 20:15:19.0703 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/28 20:15:19.0750 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/28 20:15:19.0843 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/28 20:15:19.0921 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/28 20:15:19.0968 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/28 20:15:20.0046 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/28 20:15:20.0140 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/28 20:15:20.0218 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/28 20:15:20.0265 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/28 20:15:20.0343 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/28 20:15:20.0421 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/28 20:15:20.0515 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/28 20:15:20.0656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/28 20:15:20.0750 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/28 20:15:20.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/28 20:15:20.0859 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/28 20:15:20.0937 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/28 20:15:21.0000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/28 20:15:21.0093 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/28 20:15:21.0203 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/28 20:15:21.0312 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\WINDOWS\system32\drivers\hardlock.sys
2011/01/28 20:15:21.0437 hcmon (9f40fc2a562dc9f4d9e10943586d9ed1) C:\WINDOWS\system32\drivers\hcmon.sys
2011/01/28 20:15:21.0531 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/28 20:15:21.0656 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/28 20:15:21.0750 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/28 20:15:21.0843 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/01/28 20:15:21.0890 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/01/28 20:15:21.0953 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/01/28 20:15:22.0062 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/28 20:15:22.0156 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/28 20:15:22.0203 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/28 20:15:22.0296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/28 20:15:22.0484 ialm (0e501525f2b67aa17fe143d7c5e6a649) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/01/28 20:15:22.0671 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\drivers\iaStor.sys
2011/01/28 20:15:22.0765 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/28 20:15:22.0859 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/28 20:15:23.0171 IntcAzAudAddService (f574d00ab0319d8ab38fff0739c8659b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/01/28 20:15:23.0406 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/28 20:15:23.0500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/28 20:15:23.0546 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/28 20:15:23.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/28 20:15:23.0656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/28 20:15:23.0718 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/28 20:15:23.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/28 20:15:23.0828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/28 20:15:23.0906 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/28 20:15:23.0953 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/28 20:15:24.0015 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/28 20:15:24.0046 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/28 20:15:24.0140 L1c (d99d73fb21394f2cba4b6f34361f88fa) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2011/01/28 20:15:24.0281 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2011/01/28 20:15:24.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/28 20:15:24.0515 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/28 20:15:24.0609 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/01/28 20:15:24.0718 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/28 20:15:24.0812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/28 20:15:24.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/28 20:15:24.0968 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/28 20:15:25.0015 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/28 20:15:25.0078 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/28 20:15:25.0156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/28 20:15:25.0218 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/28 20:15:25.0312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/28 20:15:25.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/28 20:15:25.0437 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/28 20:15:25.0500 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/28 20:15:25.0593 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/28 20:15:25.0671 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/28 20:15:25.0750 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/28 20:15:25.0796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/28 20:15:25.0843 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/28 20:15:25.0890 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/28 20:15:25.0921 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/28 20:15:26.0000 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/28 20:15:26.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/28 20:15:26.0078 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/28 20:15:26.0218 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/01/28 20:15:26.0296 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/01/28 20:15:26.0375 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2011/01/28 20:15:26.0546 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2011/01/28 20:15:26.0640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/28 20:15:26.0718 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/28 20:15:26.0812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/28 20:15:26.0875 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/28 20:15:26.0937 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/28 20:15:27.0078 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/28 20:15:27.0109 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/28 20:15:27.0171 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/28 20:15:27.0234 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/01/28 20:15:27.0343 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/28 20:15:27.0468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/28 20:15:27.0531 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/28 20:15:27.0734 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/28 20:15:27.0781 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/28 20:15:27.0937 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/28 20:15:27.0984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/28 20:15:28.0031 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/28 20:15:28.0109 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/28 20:15:28.0156 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/28 20:15:28.0234 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/28 20:15:28.0281 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/28 20:15:28.0312 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/28 20:15:28.0359 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/28 20:15:28.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/28 20:15:28.0546 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/28 20:15:28.0609 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/28 20:15:28.0656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/28 20:15:28.0734 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/28 20:15:28.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/28 20:15:28.0875 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/28 20:15:28.0953 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/28 20:15:29.0078 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/28 20:15:29.0218 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
2011/01/28 20:15:29.0406 SbieDrv (0e37b22d506d09f349885049db34f0dc) C:\Program Files\Sandboxie\SbieDrv.sys
2011/01/28 20:15:29.0671 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/01/28 20:15:29.0765 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/28 20:15:29.0859 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/28 20:15:29.0984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/28 20:15:30.0140 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/28 20:15:30.0218 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/28 20:15:30.0390 SNP2UVC (fa8a150623ed0e99b8e4f5cc3d57968b) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/01/28 20:15:30.0515 SNP325 (b3cc5a8cbe6f2bc3c764ee98101f427d) C:\WINDOWS\system32\DRIVERS\snp325.sys
2011/01/28 20:15:30.0609 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/28 20:15:30.0703 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/28 20:15:30.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/28 20:15:30.0968 SRS_SSCFilter (25ecea986742275ecb23a1cb6bc87a61) C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
2011/01/28 20:15:31.0062 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/28 20:15:31.0203 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/01/28 20:15:31.0312 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/28 20:15:31.0406 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/28 20:15:31.0562 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/28 20:15:31.0625 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/28 20:15:31.0687 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/28 20:15:31.0750 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/28 20:15:31.0781 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/28 20:15:31.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/28 20:15:31.0953 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/28 20:15:32.0031 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/01/28 20:15:32.0125 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/28 20:15:32.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/28 20:15:32.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/28 20:15:32.0359 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/28 20:15:32.0484 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys
2011/01/28 20:15:32.0562 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/01/28 20:15:32.0640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/28 20:15:32.0734 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/28 20:15:32.0796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/28 20:15:32.0906 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/01/28 20:15:33.0015 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/28 20:15:33.0062 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/28 20:15:33.0109 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/28 20:15:33.0187 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/28 20:15:33.0281 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/28 20:15:33.0390 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/01/28 20:15:33.0453 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/01/28 20:15:33.0578 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/28 20:15:33.0671 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/28 20:15:33.0734 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/01/28 20:15:33.0812 VBoxDrv (7be10a4eaf9c7475a28c6fafdf756499) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
2011/01/28 20:15:33.0921 VBoxNetAdp (a1989b6f174ad6ee1c3de55cb942c91f) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
2011/01/28 20:15:33.0984 VBoxNetFlt (19ba977f1714d51b9fad6b188989ea03) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
2011/01/28 20:15:34.0093 VBoxUSBMon (779744e022f3733c2d36014036ed74c2) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
2011/01/28 20:15:34.0140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/28 20:15:34.0250 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/28 20:15:34.0312 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/28 20:15:34.0437 vmci (c9561dcbeda5b700752e3f7049b2d6f2) C:\WINDOWS\system32\Drivers\vmci.sys
2011/01/28 20:15:34.0515 vmkbd (dcd2f4a14795e8a8114a7cae2a9b9465) C:\WINDOWS\system32\drivers\VMkbd.sys
2011/01/28 20:15:34.0562 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
2011/01/28 20:15:34.0625 VMnetBridge (af55d6a291f99146c9b6419028fed844) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
2011/01/28 20:15:34.0687 VMnetuserif (ecbe41a85c852bcd2fd12281e8f9d833) C:\WINDOWS\system32\drivers\vmnetuserif.sys
2011/01/28 20:15:34.0750 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\WINDOWS\system32\Drivers\vmusb.sys
2011/01/28 20:15:34.0890 vmx86 (626d103ef74b9c2e9f7b5d3be9007fba) C:\WINDOWS\system32\Drivers\vmx86.sys
2011/01/28 20:15:35.0015 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/28 20:15:35.0265 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
2011/01/28 20:15:35.0421 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
2011/01/28 20:15:35.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/28 20:15:35.0687 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/01/28 20:15:35.0812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/28 20:15:36.0000 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/28 20:15:36.0125 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/01/28 20:15:36.0203 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/28 20:15:36.0281 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/28 20:15:36.0343 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/28 20:15:36.0406 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/28 20:15:36.0609 ================================================================================
2011/01/28 20:15:36.0609 Scan finished
2011/01/28 20:15:36.0609 ================================================================================
Backdoor.Bot ==> taskbar and networking issues
in Resolved Malware Removal Logs
Posted
SFC.exe finished the scan without detecting nor requesting anything.
I immediately went to Windows Update and it doesn't have any High Priority Updates.