Alton

Members

View Profile See their activity

Posts
6
Joined
May 11, 2011
Last visited
May 19, 2011

Reputation

0 Neutral

Having Malware Issues

Alton replied to Alton's topic in Resolved Malware Removal Logs

Oh wow, that was a really fast reply! I was in the process of making sure everything was working alright, and it seems like everything except Mozilla Firefox is running smoothly. Is this as a result of uninstalling that Java RUntime program? Or could it just be that I need to download an updated version of the program? Anyway, thanks for all the help. I've got to go to work now, but I'll definitely download the programs you mentioned for battling spyware. Oh, also, you mentioned that MSN and Yahoo! Chat have vulnerabilities. I don't use either of those programs, but I do use Skype regularly. Are there any vulnerabilites that Skype has that I should avoid exacerbating in the future? Thanks again, Alton
- May 17, 2011
- 12 replies
Having Malware Issues

Alton replied to Alton's topic in Resolved Malware Removal Logs

COMBOFIX LOG: ComboFix 11-05-13.02 - Alton 05/16/2011 22:09:39.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2455 [GMT -7:00] Running from: c:\documents and settings\Alton\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Alton\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\0f06eb576931c20a224f67e57d013a09 c:\0f06eb576931c20a224f67e57d013a09\1025\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1025\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1028\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1028\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1029\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1029\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1030\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1030\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1031\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1031\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1032\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1032\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1033\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1033\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1035\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1035\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1036\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1036\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1037\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1037\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1038\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1038\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1040\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1040\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1041\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1041\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1042\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1042\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1043\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1043\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1044\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1044\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1045\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1045\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1046\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1046\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1049\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1049\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1053\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1053\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\1055\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\1055\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\2052\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\2052\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\2070\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\2070\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\3076\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\3076\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\3082\eula.rtf c:\0f06eb576931c20a224f67e57d013a09\3082\HotFixInstallerUI.dll c:\0f06eb576931c20a224f67e57d013a09\DHtmlHeader.html c:\0f06eb576931c20a224f67e57d013a09\header.bmp c:\0f06eb576931c20a224f67e57d013a09\HotFixInstaller.exe c:\0f06eb576931c20a224f67e57d013a09\NDP20SP2-KB2446704.msp c:\0f06eb576931c20a224f67e57d013a09\ParameterInfo.xml c:\0f06eb576931c20a224f67e57d013a09\Thumbs.db c:\0f06eb576931c20a224f67e57d013a09\watermark.bmp C:\33eb6f99a1baf6cb15d9d069 c:\33eb6f99a1baf6cb15d9d069\mrt.exe._p c:\33eb6f99a1baf6cb15d9d069\mrtstub.exe C:\7cec38b2894e9eec52f5f156bb c:\7cec38b2894e9eec52f5f156bb\mrt.exe._p c:\7cec38b2894e9eec52f5f156bb\mrtstub.exe C:\eb1269ec251a9d539f3ecec0 c:\eb1269ec251a9d539f3ecec0\MRT.exe c:\eb1269ec251a9d539f3ecec0\mrt.exe._p c:\eb1269ec251a9d539f3ecec0\mrtstub.exe . . ((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 ))))))))))))))))))))))))))))))) . . 2011-05-09 05:35 . 2011-05-17 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2011-05-03 15:30 . 2011-05-03 15:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-05-02 23:12 . 2011-05-02 23:12 -------- d-----w- c:\program files\NT Registry Optimizer 2011-05-02 21:18 . 2011-05-02 21:18 70656 --sha-r- c:\windows\system32\mplay328.dll 2011-04-28 16:36 . 2011-04-28 16:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-04-26 03:10 . 2008-10-16 14:43 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-04-26 03:10 . 2008-10-16 14:43 138496 ----a-w- c:\windows\system32\dllcache\afd.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-07 05:33 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2005-08-16 09:18 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2005-08-16 09:18 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2006-05-23 20:45 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2006-05-23 20:45 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2009-08-07 19:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-10-14 06:28 . 2010-09-12 22:51 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576] "Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-08-08 311350] "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-23 24576] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-02-23 06:05 135664 ----atw- c:\documents and settings\Alton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Dynex Wireless Service"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "AOL ACS"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.1.9806-to-3.1.1.9835-enUS-downloader.exe"= "c:\\Program Files\\Diablo II\\Diablo II.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Apprentice\\Appr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [9/12/2010 3:51 PM 84072] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/14/2010 2:20 PM 203280] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/12/2010 3:51 PM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [9/12/2010 3:51 PM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [9/12/2010 3:51 PM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [9/12/2010 3:51 PM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [9/12/2010 3:51 PM 55840] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [9/12/2010 3:51 PM 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [9/12/2010 3:51 PM 88544] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Alton\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Alton\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Alton\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\Alton\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [9/12/2010 3:51 PM 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/12/2010 3:51 PM 84264] S3 SASENUM;SASENUM;\??\c:\docume~1\Alton\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\Alton\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?] S4 Dynex Wireless Service;Dynex Wireless G Adapter WLService;c:\program files\Dynex Wireless G Adapter\WLService.exe [11/12/2006 3:48 PM 49152] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2011-05-17 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-10 05:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Alton\Application Data\Mozilla\Firefox\Profiles\zo7sibpz.default\ user_pref(security.warn_viewing_mixed,false); user_pref(security.warn_viewing_mixed.show_once,false); FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false user_pref(security.warn_submit_insecure,false); FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-16 22:23 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3628359471-1193362266-3388734377-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
- May 17, 2011
- 12 replies
Having Malware Issues

Alton replied to Alton's topic in Resolved Malware Removal Logs

Okay! I've gotten everything done; here's the results: I deleted all five of the programs mentioned: UTorrent, Java 2 Runtime Environment, Viewpoint Manager, Viewpoint Media Player, and WildTangent Web Driver. The computer seems to be running much faster than it was before; there are also no suspicious processes running like there were before. Mozilla Firefox still does not work at all; nothing at all happens when I click the program icon on the Desktop, the toolbar by the Start button, or in the Programs list. Other than that it looks pretty good. Here are the logs: -------------------------------------------------------- TDSSKiller: 2011/05/13 21:00:58.0991 2604 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29 2011/05/13 21:00:59.0679 2604 ================================================================================ 2011/05/13 21:00:59.0679 2604 SystemInfo: 2011/05/13 21:00:59.0679 2604 2011/05/13 21:00:59.0679 2604 OS Version: 5.1.2600 ServicePack: 3.0 2011/05/13 21:00:59.0679 2604 Product type: Workstation 2011/05/13 21:00:59.0679 2604 ComputerName: COMPUTER 2011/05/13 21:00:59.0679 2604 UserName: Alton 2011/05/13 21:00:59.0679 2604 Windows directory: C:\WINDOWS 2011/05/13 21:00:59.0679 2604 System windows directory: C:\WINDOWS 2011/05/13 21:00:59.0679 2604 Processor architecture: Intel x86 2011/05/13 21:00:59.0679 2604 Number of processors: 2 2011/05/13 21:00:59.0679 2604 Page size: 0x1000 2011/05/13 21:00:59.0679 2604 Boot type: Normal boot 2011/05/13 21:00:59.0679 2604 ================================================================================ 2011/05/13 21:00:59.0929 2604 Initialize success 2011/05/13 21:01:13.0069 2692 ================================================================================ 2011/05/13 21:01:13.0069 2692 Scan started 2011/05/13 21:01:13.0069 2692 Mode: Manual; 2011/05/13 21:01:13.0069 2692 ================================================================================ 2011/05/13 21:01:13.0537 2692 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/05/13 21:01:13.0600 2692 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/05/13 21:01:13.0647 2692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/05/13 21:01:13.0678 2692 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/05/13 21:01:13.0725 2692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/05/13 21:01:13.0787 2692 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/05/13 21:01:13.0865 2692 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/05/13 21:01:13.0897 2692 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/05/13 21:01:13.0943 2692 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/05/13 21:01:13.0975 2692 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/05/13 21:01:14.0053 2692 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/05/13 21:01:14.0131 2692 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/05/13 21:01:14.0193 2692 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/05/13 21:01:14.0272 2692 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/05/13 21:01:14.0365 2692 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/05/13 21:01:14.0412 2692 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/05/13 21:01:14.0475 2692 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/05/13 21:01:14.0537 2692 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/05/13 21:01:14.0584 2692 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/05/13 21:01:14.0662 2692 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2011/05/13 21:01:14.0756 2692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/05/13 21:01:14.0818 2692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/05/13 21:01:14.0928 2692 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/05/13 21:01:14.0990 2692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/05/13 21:01:15.0131 2692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/05/13 21:01:15.0178 2692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/05/13 21:01:15.0271 2692 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/05/13 21:01:15.0287 2692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/05/13 21:01:15.0334 2692 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/05/13 21:01:15.0365 2692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/05/13 21:01:15.0443 2692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/05/13 21:01:15.0521 2692 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/05/13 21:01:15.0600 2692 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys 2011/05/13 21:01:15.0678 2692 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/05/13 21:01:15.0740 2692 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/05/13 21:01:15.0818 2692 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/05/13 21:01:15.0850 2692 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/05/13 21:01:15.0881 2692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/05/13 21:01:15.0943 2692 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/05/13 21:01:15.0975 2692 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/05/13 21:01:15.0990 2692 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS 2011/05/13 21:01:16.0021 2692 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/05/13 21:01:16.0053 2692 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/05/13 21:01:16.0068 2692 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/05/13 21:01:16.0100 2692 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 2011/05/13 21:01:16.0131 2692 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/05/13 21:01:16.0146 2692 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/05/13 21:01:16.0209 2692 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/05/13 21:01:16.0303 2692 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/05/13 21:01:16.0459 2692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/05/13 21:01:16.0553 2692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/05/13 21:01:16.0631 2692 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/05/13 21:01:16.0693 2692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/05/13 21:01:16.0709 2692 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/05/13 21:01:16.0803 2692 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/05/13 21:01:16.0850 2692 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/05/13 21:01:16.0896 2692 e1express (5b75bbf89d8341f424171df7ad9dc465) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/05/13 21:01:16.0990 2692 ELacpi (1976fedf6d7f87135c9b7f5cb4c8c868) C:\WINDOWS\system32\DRIVERS\ELacpi.sys 2011/05/13 21:01:17.0068 2692 ELhid (ae65c02444907966378454138b9f99f0) C:\WINDOWS\system32\DRIVERS\ELhid.sys 2011/05/13 21:01:17.0100 2692 ELkbd (e485c3ba1daddeef3e14fea1e8fda6e1) C:\WINDOWS\system32\DRIVERS\ELkbd.sys 2011/05/13 21:01:17.0115 2692 ELmon (0d87cb825ed6cb2ebcc147a10a42f1d6) C:\WINDOWS\system32\DRIVERS\ELmon.sys 2011/05/13 21:01:17.0131 2692 ELmou (a4add3847b67bacab6fc851a2b60fdb3) C:\WINDOWS\system32\DRIVERS\ELmou.sys 2011/05/13 21:01:17.0240 2692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/05/13 21:01:17.0303 2692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/05/13 21:01:17.0365 2692 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/05/13 21:01:17.0428 2692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/05/13 21:01:17.0490 2692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/05/13 21:01:17.0521 2692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/05/13 21:01:17.0553 2692 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/05/13 21:01:17.0615 2692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/05/13 21:01:17.0678 2692 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys 2011/05/13 21:01:17.0740 2692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/05/13 21:01:17.0803 2692 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/05/13 21:01:17.0865 2692 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/05/13 21:01:17.0912 2692 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 2011/05/13 21:01:17.0974 2692 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 2011/05/13 21:01:18.0099 2692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/05/13 21:01:18.0162 2692 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/05/13 21:01:18.0256 2692 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/05/13 21:01:18.0303 2692 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/05/13 21:01:18.0365 2692 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys 2011/05/13 21:01:18.0459 2692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/05/13 21:01:18.0506 2692 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/05/13 21:01:18.0553 2692 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/05/13 21:01:18.0599 2692 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/05/13 21:01:18.0646 2692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/05/13 21:01:18.0709 2692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/05/13 21:01:18.0771 2692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/05/13 21:01:18.0834 2692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/05/13 21:01:18.0865 2692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/05/13 21:01:18.0928 2692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/05/13 21:01:19.0006 2692 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/05/13 21:01:19.0099 2692 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/05/13 21:01:19.0162 2692 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/05/13 21:01:19.0193 2692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/05/13 21:01:19.0240 2692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/05/13 21:01:19.0412 2692 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/05/13 21:01:19.0552 2692 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys 2011/05/13 21:01:19.0615 2692 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys 2011/05/13 21:01:19.0662 2692 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys 2011/05/13 21:01:19.0740 2692 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys 2011/05/13 21:01:19.0834 2692 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys 2011/05/13 21:01:19.0912 2692 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2011/05/13 21:01:19.0927 2692 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2011/05/13 21:01:19.0974 2692 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys 2011/05/13 21:01:20.0037 2692 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys 2011/05/13 21:01:20.0115 2692 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys 2011/05/13 21:01:20.0177 2692 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys 2011/05/13 21:01:20.0256 2692 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/05/13 21:01:20.0334 2692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/05/13 21:01:20.0427 2692 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/05/13 21:01:20.0443 2692 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2011/05/13 21:01:20.0474 2692 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/05/13 21:01:20.0552 2692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/05/13 21:01:20.0599 2692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/05/13 21:01:20.0631 2692 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/05/13 21:01:20.0677 2692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/05/13 21:01:20.0802 2692 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/05/13 21:01:20.0881 2692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/05/13 21:01:20.0943 2692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/05/13 21:01:20.0959 2692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/05/13 21:01:20.0974 2692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/05/13 21:01:21.0021 2692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/05/13 21:01:21.0068 2692 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/05/13 21:01:21.0099 2692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/05/13 21:01:21.0130 2692 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/05/13 21:01:21.0193 2692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/05/13 21:01:21.0224 2692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/05/13 21:01:21.0302 2692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/05/13 21:01:21.0396 2692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/05/13 21:01:21.0412 2692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/05/13 21:01:21.0521 2692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/05/13 21:01:21.0724 2692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/05/13 21:01:21.0787 2692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/05/13 21:01:21.0865 2692 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/05/13 21:01:21.0959 2692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/05/13 21:01:21.0990 2692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/05/13 21:01:22.0068 2692 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/05/13 21:01:22.0099 2692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/05/13 21:01:22.0146 2692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/05/13 21:01:22.0177 2692 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/05/13 21:01:22.0255 2692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/05/13 21:01:22.0318 2692 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/05/13 21:01:22.0459 2692 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/05/13 21:01:22.0505 2692 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/05/13 21:01:22.0584 2692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/05/13 21:01:22.0615 2692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/05/13 21:01:22.0646 2692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/05/13 21:01:22.0662 2692 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/05/13 21:01:22.0709 2692 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/05/13 21:01:22.0755 2692 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/05/13 21:01:22.0787 2692 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/05/13 21:01:22.0818 2692 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/05/13 21:01:22.0849 2692 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/05/13 21:01:22.0880 2692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/05/13 21:01:22.0943 2692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/05/13 21:01:23.0037 2692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/05/13 21:01:23.0068 2692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/05/13 21:01:23.0177 2692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/05/13 21:01:23.0208 2692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/05/13 21:01:23.0271 2692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/05/13 21:01:23.0333 2692 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/05/13 21:01:23.0380 2692 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/05/13 21:01:23.0505 2692 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys 2011/05/13 21:01:23.0802 2692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/05/13 21:01:23.0880 2692 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/05/13 21:01:23.0927 2692 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/05/13 21:01:23.0990 2692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/05/13 21:01:24.0083 2692 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/05/13 21:01:24.0146 2692 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/05/13 21:01:24.0208 2692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/05/13 21:01:24.0287 2692 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/05/13 21:01:24.0365 2692 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/05/13 21:01:24.0490 2692 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys 2011/05/13 21:01:24.0537 2692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/05/13 21:01:24.0599 2692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/05/13 21:01:24.0693 2692 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/05/13 21:01:24.0724 2692 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/05/13 21:01:24.0880 2692 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/05/13 21:01:24.0912 2692 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/05/13 21:01:24.0990 2692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/05/13 21:01:25.0083 2692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/05/13 21:01:25.0115 2692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/05/13 21:01:25.0146 2692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/05/13 21:01:25.0208 2692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/05/13 21:01:25.0271 2692 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/05/13 21:01:25.0333 2692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/05/13 21:01:25.0380 2692 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/05/13 21:01:25.0443 2692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/05/13 21:01:25.0583 2692 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/05/13 21:01:25.0646 2692 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/05/13 21:01:25.0661 2692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/05/13 21:01:25.0693 2692 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/05/13 21:01:25.0724 2692 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/05/13 21:01:25.0802 2692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/05/13 21:01:25.0833 2692 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/05/13 21:01:25.0849 2692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/05/13 21:01:25.0911 2692 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/05/13 21:01:25.0958 2692 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/05/13 21:01:26.0005 2692 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/05/13 21:01:26.0052 2692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/05/13 21:01:26.0177 2692 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/05/13 21:01:26.0224 2692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/05/13 21:01:26.0318 2692 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/05/13 21:01:26.0458 2692 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/05/13 21:01:26.0536 2692 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/05/13 21:01:26.0568 2692 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/05/13 21:01:26.0677 2692 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/05/13 21:01:26.0677 2692 ================================================================================ 2011/05/13 21:01:26.0677 2692 Scan finished 2011/05/13 21:01:26.0677 2692 ================================================================================ 2011/05/13 21:01:26.0708 3980 Detected object count: 1 2011/05/13 21:01:44.0941 3980 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/05/13 21:01:44.0941 3980 \HardDisk0 - ok 2011/05/13 21:01:44.0941 3980 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/05/13 21:02:10.0393 3804 Deinitialize success -------------------------------------------------------- ComboFix Log: ComboFix 11-05-13.02 - Alton 05/13/2011 21:21:06.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2500 [GMT -7:00] Running from: c:\documents and settings\Alton\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Alton\Local Settings\Application Data\{D3D54192-D4AA-4891-BA0C-B8852D3C1446} c:\documents and settings\Alton\Local Settings\Application Data\{D3D54192-D4AA-4891-BA0C-B8852D3C1446}\chrome.manifest c:\documents and settings\Alton\Local Settings\Application Data\{D3D54192-D4AA-4891-BA0C-B8852D3C1446}\chrome\content\_cfg.js c:\documents and settings\Alton\Local Settings\Application Data\{D3D54192-D4AA-4891-BA0C-B8852D3C1446}\chrome\content\overlay.xul c:\documents and settings\Alton\Local Settings\Application Data\{D3D54192-D4AA-4891-BA0C-B8852D3C1446}\install.rdf c:\documents and settings\Alton\WINDOWS c:\windows\aqibamom.dll c:\windows\system32\logs c:\windows\system32\Thumbs.db c:\windows\system32\win.ini . . ((((((((((((((((((((((((( Files Created from 2011-04-14 to 2011-05-14 ))))))))))))))))))))))))))))))) . . 2011-05-14 03:48 . 2011-05-14 03:50 -------- d-----w- C:\33eb6f99a1baf6cb15d9d069 2011-05-12 03:55 . 2011-05-12 03:56 -------- d-----w- C:\eb1269ec251a9d539f3ecec0 2011-05-09 05:35 . 2011-05-14 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2011-05-03 15:30 . 2011-05-03 15:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-05-02 23:12 . 2011-05-02 23:12 -------- d-----w- c:\program files\NT Registry Optimizer 2011-05-02 21:18 . 2011-05-02 21:18 70656 --sha-r- c:\windows\system32\mplay328.dll 2011-04-28 16:36 . 2011-04-28 16:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-04-26 03:28 . 2011-04-29 04:30 -------- d-----w- C:\0f06eb576931c20a224f67e57d013a09 2011-04-26 03:19 . 2011-04-26 03:20 -------- d-----w- C:\7cec38b2894e9eec52f5f156bb 2011-04-26 03:10 . 2008-10-16 14:43 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-04-26 03:10 . 2008-10-16 14:43 138496 ----a-w- c:\windows\system32\dllcache\afd.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-07 05:33 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2005-08-16 09:18 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2005-08-16 09:18 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2006-05-23 20:45 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2006-05-23 20:45 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2009-08-07 19:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2005-08-16 09:18 290432 ----a-w- c:\windows\system32\atmfd.dll 2010-10-14 06:28 . 2010-09-12 22:51 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576] "Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-08-08 311350] "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-23 24576] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-02-23 06:05 135664 ----atw- c:\documents and settings\Alton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Dynex Wireless Service"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "AOL ACS"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.1.9806-to-3.1.1.9835-enUS-downloader.exe"= "c:\\Program Files\\Diablo II\\Diablo II.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Apprentice\\Appr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [9/12/2010 3:51 PM 84072] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/14/2010 2:20 PM 203280] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/12/2010 3:51 PM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [9/12/2010 3:51 PM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [9/12/2010 3:51 PM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [9/12/2010 3:51 PM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [9/12/2010 3:51 PM 55840] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [9/12/2010 3:51 PM 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [9/12/2010 3:51 PM 88544] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Alton\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Alton\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Alton\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\Alton\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [9/12/2010 3:51 PM 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/12/2010 3:51 PM 84264] S3 SASENUM;SASENUM;\??\c:\docume~1\Alton\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\Alton\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?] S4 Dynex Wireless Service;Dynex Wireless G Adapter WLService;c:\program files\Dynex Wireless G Adapter\WLService.exe [11/12/2006 3:48 PM 49152] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2011-05-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-10 05:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Alton\Application Data\Mozilla\Firefox\Profiles\zo7sibpz.default\ user_pref(security.warn_viewing_mixed,false); user_pref(security.warn_viewing_mixed.show_once,false); FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false user_pref(security.warn_submit_insecure,false); FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . HKLM-Run-Rhexucadotex - c:\windows\aqibamom.dll HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe SharedTaskScheduler-{32c65579-24c5-4cc9-9a83-895d3c3ae4f7} - c:\windows\system32\gafuyowo.dll SharedTaskScheduler-{153df2a2-29b6-4986-8fec-8e6c4dfa048b} - c:\windows\system32\savohofu.dll SharedTaskScheduler-{6296c3b7-5f1f-4138-928d-340caa1fd8bb} - c:\windows\system32\kalahavi.dll SharedTaskScheduler-{f24e8733-fdca-49d4-b91a-10582adffca0} - c:\windows\system32\pufajahe.dll SharedTaskScheduler-{e2d46306-c77d-4493-ab1d-05350e988d4a} - c:\windows\system32\hebedogu.dll SharedTaskScheduler-{869ccf18-723a-43af-bce4-921481322091} - c:\windows\system32\layepezo.dll SharedTaskScheduler-{10898321-aa71-49c0-8567-67ea7b6b9faf} - c:\windows\system32\pawajinu.dll SSODL-zirebuyap-{32c65579-24c5-4cc9-9a83-895d3c3ae4f7} - c:\windows\system32\gafuyowo.dll SSODL-zoperufop-{153df2a2-29b6-4986-8fec-8e6c4dfa048b} - c:\windows\system32\savohofu.dll SSODL-nuyajidur-{6296c3b7-5f1f-4138-928d-340caa1fd8bb} - c:\windows\system32\kalahavi.dll SSODL-jumozowoy-{f24e8733-fdca-49d4-b91a-10582adffca0} - c:\windows\system32\pufajahe.dll SSODL-nidididij-{e2d46306-c77d-4493-ab1d-05350e988d4a} - c:\windows\system32\hebedogu.dll SSODL-lifunuvuw-{869ccf18-723a-43af-bce4-921481322091} - c:\windows\system32\layepezo.dll SSODL-rehayilav-{10898321-aa71-49c0-8567-67ea7b6b9faf} - c:\windows\system32\pawajinu.dll MSConfigStartUp-RoxioAudioCentral - c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe MSConfigStartUp-RoxioDragToDisc - c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe MSConfigStartUp-RoxioEngineUtility - c:\program files\Common Files\Roxio Shared\System\EngUtil.exe AddRemove-Dell Game Console - c:\program files\Dell Games\Dell Game Console\Uninstall.exe AddRemove-ESPNMotion - c:\progra~1\ESPNMO~1\UNWISE.EXE AddRemove-StreetPlugin - c:\program files\Learn2.com\StRunner\stuninst.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-13 21:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3628359471-1193362266-3388734377-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
- May 14, 2011
- 12 replies
Having Malware Issues

Alton replied to Alton's topic in Resolved Malware Removal Logs

Here, hopefully they got attached this time. Thanks again, ark.zip Alton
- May 12, 2011
- 12 replies
Having Malware Issues

Alton replied to Alton's topic in Resolved Malware Removal Logs

Whoops! I did follow the instructions in that post, and I ran all the programs and saved their respective logs, but I must have forgotten to upload the zip folder as an attachment to the post. I probably just forgot to click the Attach button. I'll do that as soon as I get home; I'm not on that computer right now. Thanks for a swift reply, Alton
- May 11, 2011
- 12 replies
Having Malware Issues

Alton posted a topic in Resolved Malware Removal Logs

Hello, I've been having serious issues with malware that seems to be too tricky for me to remove using the usual methods (McAfee Total Protection, Malwarebytes Anti-Malware Free Version), so I've come to you for help. Hopefully you'll be able to figure out what sort of bug is in there. Here's a rundown of generic information about the computer, as well as some background information; I don't know how much of it is relevant, but I figure it can't hurt: Dell XPS400 Desktop PC Windows XP Media Center Edition Purchased in June 2006 Currently installed: McAfee Total Protection, Malwarebytes Anti-Malware (Free Version), among other things. Pinpointing exactly how and why I got infected probably isn't too hard. This is a family computer, and my father isn't the most tech-savvy guy in the world. He's often going to websites that he probably shouldn't be going to, but I can't know for sure if that's what's caused the problems, because we've also used UTorrent before, and I know that's a likely possibility as well. It could simply have been something as simple as karma coming back and biting me in the ass. The "Curse Client" for downloading add-ons for the game World of Warcraft has also been on the computer in the past, but not for at least a year. (I bring this up because I had a friend who was a WoW addict; his account was hacked because of something in that Curse Client thing.) I also want to mention that right before I started having malware problems, the computer was having an issue connecting to the internet. When the computer was attempting to connect, it became stuck on the "Acquiring Network Address" step, and when I clicked on the "Repair" button, it gave me an error message saying that "Renewing your IP address cannot be completed." It showed the IP address as 0.0.0.0. This problem seems to have fixed itself after about a week, but two days later, my father told me that the computer was running very slowly, and that he was getting popus and redirects when he was trying to browse. This is where I'm at now. The computer is still barely functional, and I am currently using it to type this post, but it is running incredibly slowly. Another oddity I should mention is that both Google Chrome and Mozilla Firefox seem to be not working. I'm using Internet Explorer 8 right now; it's the only browser I have left on here, so hopefully it doesn't conk out. If for some reason I'm unable to use it to post on this forum, I do have a laptop that I can use to access the internet. I should be able to check this topic at least three times during the day. I really hope that you can help me out. I'll post the logs from the programs at the bottom. Thanks in advance, Alton DeHaan --------------------------- MBAM LOG: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6493 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/8/2011 10:59:47 PM mbam-log-2011-05-08 (22-59-47).txt Scan type: Quick scan Objects scanned: 162806 Time elapsed: 6 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\Temp\n.exn (Trojan.Dropper) -> Quarantined and deleted successfully. ----------------------------- DDS LOG: DDS (Ver_11-03-05.01) - NTFSx86 Run by Alton at 23:02:39.54 on Sun 05/08/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2356 [GMT -7:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Documents and Settings\Alton\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com uSearch Bar = hxxp://www.yahoo.com/search/ie.html uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101109020924.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\alton\local settings\application data\google\update\GoogleUpdate.exe" /c uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/534.13_(KHTML,_like_Gecko)_Chrome/9.0.597.98_Safari/534.13" -"http://www.pbs.org/wgbh/aso/tryit/tectonics/shockwave.html" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [<NO NAME>] mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\j2re1.4.2_03\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Rhexucadotex] rundll32.exe "c:\windows\aqibamom.dll",Startup mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\july 09 mba-m\mbam.exe" /runcleanupscript dRun: [R8388QA8U8] c:\windows\temp\Bbh.exe dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: musicmatch.com\online DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: c:\windows\system32\gafuyowo.dll c:\windows\system32\robuteza.dll c:\windows\system32\savohofu.dll c:\windows\system32\kalahavi.dll c:\windows\system32\pufajahe.dll c:\windows\system32\hebedogu.dll c:\windows\system32\layepezo.dll, linanotu.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: zirebuyap - {32c65579-24c5-4cc9-9a83-895d3c3ae4f7} - c:\windows\system32\gafuyowo.dll SSODL: zoperufop - {153df2a2-29b6-4986-8fec-8e6c4dfa048b} - c:\windows\system32\savohofu.dll SSODL: nuyajidur - {6296c3b7-5f1f-4138-928d-340caa1fd8bb} - c:\windows\system32\kalahavi.dll SSODL: jumozowoy - {f24e8733-fdca-49d4-b91a-10582adffca0} - c:\windows\system32\pufajahe.dll SSODL: nidididij - {e2d46306-c77d-4493-ab1d-05350e988d4a} - c:\windows\system32\hebedogu.dll SSODL: lifunuvuw - {869ccf18-723a-43af-bce4-921481322091} - c:\windows\system32\layepezo.dll SSODL: rehayilav - {10898321-aa71-49c0-8567-67ea7b6b9faf} - c:\windows\system32\pawajinu.dll STS: gahurihor: {32c65579-24c5-4cc9-9a83-895d3c3ae4f7} - c:\windows\system32\gafuyowo.dll STS: jugezatag: {153df2a2-29b6-4986-8fec-8e6c4dfa048b} - c:\windows\system32\savohofu.dll STS: kupuhivus: {6296c3b7-5f1f-4138-928d-340caa1fd8bb} - c:\windows\system32\kalahavi.dll STS: kupuhivus: {f24e8733-fdca-49d4-b91a-10582adffca0} - c:\windows\system32\pufajahe.dll STS: gahurihor: {e2d46306-c77d-4493-ab1d-05350e988d4a} - c:\windows\system32\hebedogu.dll STS: gahurihor: {869ccf18-723a-43af-bce4-921481322091} - c:\windows\system32\layepezo.dll STS: mujuzedij: {10898321-aa71-49c0-8567-67ea7b6b9faf} - c:\windows\system32\pawajinu.dll LSA: Notification Packages = scecli wakozawa.dll mASetup: {12B5B5A9-C3B2-491F-8E36-91DB518CC4FF} - rundll32.exe "c:\documents and settings\alton\application data\sun\ixokfmgyl68.dll", UnregisterDll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\alton\applic~1\mozilla\firefox\profiles\zo7sibpz.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\program files\mozilla firefox\components\Scriptff.dll FF - plugin: c:\documents and settings\alton\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor FF - Ext: XULRunner: {D3D54192-D4AA-4891-BA0C-B8852D3C1446} - c:\documents and settings\alton\local settings\application data\{D3D54192-D4AA-4891-BA0C-B8852D3C1446} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ---- FIREFOX POLICIES ---- user_pref(security.warn_viewing_mixed,false); user_pref(security.warn_viewing_mixed.show_once,false); FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false user_pref(security.warn_submit_insecure,false); FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 386840] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-12 84072] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-5-14 203280] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-12 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-12 271480] R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-12 271480] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-12 171168] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-12 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-12 141792] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-10 24652] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-12 55840] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-4-14 152960] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-4-14 52104] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-12 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-12 88544] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\alton\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\alton\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\alton\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\alton\locals~1\temp\sas_selfextract\SASKUTIL.sys [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-12 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-12 84264] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-4-14 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-4-14 40552] S3 SASENUM;SASENUM;\??\c:\docume~1\alton\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\alton\locals~1\temp\sas_selfextract\SASENUM.SYS [?] S4 Dynex Wireless Service;Dynex Wireless G Adapter WLService;c:\program files\dynex wireless g adapter\WLService.exe [2006-11-12 49152] . =============== Created Last 30 ================ . 2011-05-09 06:00:02 54016 ----a-w- c:\windows\system32\drivers\jxjtdxhn.sys 2011-05-02 23:12:15 -------- d-----w- c:\program files\NT Registry Optimizer 2011-05-02 21:18:12 70656 --sha-r- c:\windows\system32\mplay328.dll 2011-04-28 16:27:38 -------- d-----w- c:\docume~1\alton\locals~1\applic~1\{D3D54192-D4AA-4891-BA0C-B8852D3C1446} 2011-04-26 03:28:08 -------- d-----w- C:\0f06eb576931c20a224f67e57d013a09 2011-04-26 03:19:56 -------- d-----w- C:\7cec38b2894e9eec52f5f156bb 2011-04-26 03:10:36 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-04-26 03:10:36 138496 ----a-w- c:\windows\system32\dllcache\afd.sys . ==================== Find3M ==================== . 2011-03-29 15:43:02 3402 --sha-w- c:\windows\system32\KGyGaAvL.sys 2011-03-29 15:43:00 88 --sh--r- c:\windows\system32\B2FD98D34D.sys 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe 2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll . ============= FINISH: 23:05:00.36 ===============
- May 11, 2011
- 12 replies

Sign In

Alton

Posts

Joined

Last visited

Reputation

Having Malware Issues

Having Malware Issues

Having Malware Issues

Having Malware Issues

Having Malware Issues

Having Malware Issues

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information