Jump to content

SVCHOST memory leak, Adware, Freezing...the works


Recommended Posts

Hey all, recently my comps been infected pretty bad and i cant really find the source of it so im askin for some help finally

my comp is sufferin from a lot of things, but mainly these are the biggest problems:

1. SVCHOST.exe eating up too much memory

2. Adware that cant be removed (news4online.net popups?)

3. system freezing after about 5 minutes of start-up

4. GUI (explorer.exe) switching from Windows XP graphics to Windows 98 style windows spontaneously...possible memory leak?

My Malware Bytes Log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4945

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

10/25/2010 5:56:47 PM

mbam-log-2010-10-25 (17-56-47).txt

Scan type: Quick scan

Objects scanned: 174484

Time elapsed: 15 minute(s), 47 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

C:\WINDOWS\KMService.exe (RiskWare.Tool.CK) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.

C:\Documents and Settings\NetworkService\Application Data\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\pdfupd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TMWU9SGS\yueqdwc7[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

ill be uploading the GMER/DDS logs via zip file

any help is much appreciated, thanks in advance :)

Attach.zip

Link to post
Share on other sites

hola!updated here we go:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4945

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

10/27/2010 7:46:48 AM

mbam-log-2010-10-27 (07-46-48).txt

Scan type: Quick scan

Objects scanned: 175664

Time elapsed: 15 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------------------------------------------------------------------------------------------- DDS

GMER 1.0.15.15477 - http://www.gmer.net

Rootkit scan 2010-10-27 08:34:26

Windows 5.1.2600 Service Pack 3

Running: hnlhb6xu.exe; Driver: C:\DOCUME~1\Riaz\LOCALS~1\Temp\uxtoapod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF73AE360, 0x307AC7, 0xE8000020]

.rsrc C:\WINDOWS\System32\DRIVERS\omci.sys entry point in ".rsrc" section [0xF8983C74]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB000A

.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CC000A

.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CA000C

.text C:\WINDOWS\System32\svchost.exe[1088] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EA000A

.text C:\WINDOWS\system32\wuauclt.exe[1520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E2000A

.text C:\WINDOWS\system32\wuauclt.exe[1520] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E3000A

.text C:\WINDOWS\system32\wuauclt.exe[1520] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E1000C

.text C:\WINDOWS\Explorer.EXE[1648] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD000A

.text C:\WINDOWS\Explorer.EXE[1648] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BE000A

.text C:\WINDOWS\Explorer.EXE[1648] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C

.text C:\Program Files\Mozilla Firefox\firefox.exe[2980] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0129000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[2980] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 012A000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[2980] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0128000C

.text C:\Program Files\Mozilla Firefox\firefox.exe[2980] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 82DD5AEA

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 82DD5AEA

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 82DD5AEA

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 82DD5AEA

Device \FileSystem\Fastfat \Fat B8853D20

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800BB-75FRA0______________________77.07W77#4457572d414d444a303237323231_034_0_0_0_0#{5

3f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x15 0xF9 0xE0 0x0A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF0 0xD3 0xE2 0xE0 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0xC8 0xE5 0xDC ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x15 0xF9 0xE0 0x0A ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF0 0xD3 0xE2 0xE0 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0xC8 0xE5 0xDC ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 156249744 (+255): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Riaz\Local Settings\Application Data\Mozilla\Firefox\Profiles\az9090tk.Default User\Cache\3B9E1290d01 24346686 bytes

File C:\Documents and Settings\Riaz\Local Settings\Application Data\Mozilla\Firefox\Profiles\az9090tk.Default User\Cache\D8F0047Cd01 23206 bytes

File C:\WINDOWS\System32\DRIVERS\omci.sys suspicious modification; TDL3 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

what a coincidence my birthday is 3-17!

Link to post
Share on other sites

sorry i forgot to update malware bytes :) here it is again:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4963

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

10/27/2010 8:57:59 AM

mbam-log-2010-10-27 (08-57-59).txt

Scan type: Quick scan

Objects scanned: 176467

Time elapsed: 15 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

---------------------------------------------------------------------------------------------- DDS

GMER 1.0.15.15477 - http://www.gmer.net

Rootkit scan 2010-10-27 09:38:18

Windows 5.1.2600 Service Pack 3

Running: hnlhb6xu.exe; Driver: C:\DOCUME~1\Riaz\LOCALS~1\Temp\uxtoapod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7390360, 0x307AC7, 0xE8000020]

.rsrc C:\WINDOWS\System32\DRIVERS\omci.sys entry point in ".rsrc" section [0xF8973C74]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A

.text C:\WINDOWS\System32\svchost.exe[1084] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A

.text C:\WINDOWS\System32\svchost.exe[1084] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D2000C

.text C:\WINDOWS\System32\svchost.exe[1084] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E8000A

.text C:\WINDOWS\system32\wuauclt.exe[1468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0113000A

.text C:\WINDOWS\system32\wuauclt.exe[1468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0114000A

.text C:\WINDOWS\system32\wuauclt.exe[1468] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0112000C

.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A

.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CC000A

.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 82DD7AEA

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 82DD7AEA

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 82DD7AEA

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 82DD7AEA

Device \FileSystem\Fastfat \Fat B88E6D20

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800BB-75FRA0______________________77.07W77#4457572d414d444a303237323231_034_0_0_0_0#{5

3f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x15 0xF9 0xE0 0x0A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF0 0xD3 0xE2 0xE0 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0xC8 0xE5 0xDC ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x15 0xF9 0xE0 0x0A ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF0 0xD3 0xE2 0xE0 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0xC8 0xE5 0xDC ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 156249744 (+255): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SAR3HKU4\25149-30[2].htm 0 bytes

File C:\WINDOWS\System32\DRIVERS\omci.sys suspicious modification; TDL3 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

youre the boss!

2010/10/29 07:43:57.0546 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49

2010/10/29 07:43:57.0546 ================================================================================

2010/10/29 07:43:57.0546 SystemInfo:

2010/10/29 07:43:57.0546

2010/10/29 07:43:57.0546 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/29 07:43:57.0546 Product type: Workstation

2010/10/29 07:43:57.0546 ComputerName: DJJ73F41

2010/10/29 07:43:57.0546 UserName: Riaz

2010/10/29 07:43:57.0546 Windows directory: C:\WINDOWS

2010/10/29 07:43:57.0546 System windows directory: C:\WINDOWS

2010/10/29 07:43:57.0546 Processor architecture: Intel x86

2010/10/29 07:43:57.0546 Number of processors: 1

2010/10/29 07:43:57.0546 Page size: 0x1000

2010/10/29 07:43:57.0546 Boot type: Normal boot

2010/10/29 07:43:57.0546 ================================================================================

2010/10/29 07:43:58.0281 Initialize success

2010/10/29 07:44:08.0875 ================================================================================

2010/10/29 07:44:08.0875 Scan started

2010/10/29 07:44:08.0875 Mode: Manual;

2010/10/29 07:44:08.0875 ================================================================================

2010/10/29 07:44:10.0203 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

2010/10/29 07:44:10.0406 ac97intc (b6920ae5566c42f09df44e70388be78a) C:\WINDOWS\system32\drivers\ac97ich4.sys

2010/10/29 07:44:10.0625 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/29 07:44:10.0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/29 07:44:11.0000 actser (6463d1db354b13e6ced4d67f6e4910f4) C:\WINDOWS\system32\drivers\actser.sys

2010/10/29 07:44:11.0171 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

2010/10/29 07:44:11.0343 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2010/10/29 07:44:11.0546 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/29 07:44:11.0781 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/10/29 07:44:11.0984 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/29 07:44:12.0187 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys

2010/10/29 07:44:12.0375 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

2010/10/29 07:44:12.0546 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

2010/10/29 07:44:12.0703 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

2010/10/29 07:44:12.0859 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

2010/10/29 07:44:13.0031 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

2010/10/29 07:44:13.0218 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys

2010/10/29 07:44:13.0421 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys

2010/10/29 07:44:13.0562 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

2010/10/29 07:44:13.0796 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

2010/10/29 07:44:13.0953 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

2010/10/29 07:44:14.0125 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

2010/10/29 07:44:14.0359 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys

2010/10/29 07:44:14.0546 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\Aspi32.sys

2010/10/29 07:44:14.0765 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/29 07:44:14.0953 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/29 07:44:15.0250 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/29 07:44:15.0453 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/29 07:44:15.0640 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2010/10/29 07:44:16.0140 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

2010/10/29 07:44:16.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/29 07:44:16.0406 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/29 07:44:16.0562 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

2010/10/29 07:44:16.0703 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/29 07:44:16.0859 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/29 07:44:16.0984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/29 07:44:17.0296 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

2010/10/29 07:44:17.0468 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

2010/10/29 07:44:17.0671 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

2010/10/29 07:44:17.0906 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

2010/10/29 07:44:18.0125 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/29 07:44:18.0359 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/29 07:44:18.0562 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/29 07:44:18.0703 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/29 07:44:18.0875 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/29 07:44:19.0078 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

2010/10/29 07:44:19.0265 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/29 07:44:19.0656 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys

2010/10/29 07:44:19.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/29 07:44:20.0062 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/29 07:44:20.0281 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/29 07:44:20.0500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/29 07:44:20.0671 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/29 07:44:20.0906 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/29 07:44:21.0093 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/29 07:44:21.0328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/29 07:44:21.0531 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/29 07:44:21.0734 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/29 07:44:21.0937 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

2010/10/29 07:44:22.0109 HSFHWBS2 (5380253d2751f2b5d95941c09e7e42ac) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2010/10/29 07:44:22.0406 HSF_DP (e9a4c20ab168be8bd78486afebba5836) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2010/10/29 07:44:22.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/29 07:44:22.0890 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/29 07:44:23.0109 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys

2010/10/29 07:44:23.0312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/29 07:44:23.0500 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2010/10/29 07:44:23.0718 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2010/10/29 07:44:23.0875 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2010/10/29 07:44:24.0031 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2010/10/29 07:44:24.0250 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2010/10/29 07:44:24.0421 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2010/10/29 07:44:24.0609 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2010/10/29 07:44:24.0781 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2010/10/29 07:44:25.0078 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2010/10/29 07:44:25.0234 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2010/10/29 07:44:25.0484 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/10/29 07:44:25.0765 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/29 07:44:26.0125 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

2010/10/29 07:44:26.0421 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

2010/10/29 07:44:26.0656 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/29 07:44:26.0875 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/29 07:44:27.0343 IPFilter (0f42b3db32c7325755c24bc5de3fff78) C:\WINDOWS\system32\DRIVERS\IPFilter.sys

2010/10/29 07:44:27.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/29 07:44:28.0062 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/29 07:44:28.0390 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/29 07:44:28.0703 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/29 07:44:29.0015 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/29 07:44:29.0312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/29 07:44:29.0609 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/29 07:44:29.0843 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/29 07:44:30.0296 KMW_KBD (7f52061e32e4bb0905a76ef33dffa8f7) C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys

2010/10/29 07:44:30.0515 KMW_SYS (030d22f98060c6ccabb72ddb49dcc2ce) C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys

2010/10/29 07:44:30.0843 KMW_USB (196477579c1bf36cd8d2c11a8d4c6023) C:\WINDOWS\system32\DRIVERS\KMW_USB.sys

2010/10/29 07:44:31.0187 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/29 07:44:31.0796 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys

2010/10/29 07:44:32.0265 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys

2010/10/29 07:44:32.0750 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

2010/10/29 07:44:32.0875 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/10/29 07:44:33.0000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/29 07:44:33.0140 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/29 07:44:33.0250 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/29 07:44:33.0390 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/29 07:44:33.0531 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/29 07:44:33.0671 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

2010/10/29 07:44:33.0828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/29 07:44:34.0015 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/29 07:44:34.0265 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/29 07:44:34.0500 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/29 07:44:34.0703 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/29 07:44:34.0890 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/29 07:44:35.0078 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/29 07:44:35.0296 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/29 07:44:35.0500 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/29 07:44:35.0703 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/29 07:44:35.0953 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/29 07:44:36.0203 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/29 07:44:36.0390 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/29 07:44:36.0609 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/29 07:44:36.0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/29 07:44:37.0015 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/29 07:44:37.0234 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/29 07:44:37.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/29 07:44:37.0703 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys

2010/10/29 07:44:37.0890 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys

2010/10/29 07:44:38.0109 nmwcdnsu (02120406f27f5895dfce4c640e6ee237) C:\WINDOWS\system32\drivers\nmwcdnsu.sys

2010/10/29 07:44:38.0343 nmwcdnsuc (9c5de8b7cf5680307bbdf512c9258ecc) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys

2010/10/29 07:44:38.0531 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/29 07:44:38.0734 NPPTNT (074e989e9ea12230a9a44df435d30a39) C:\WINDOWS\System32\npptNT.sys

2010/10/29 07:44:39.0140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/29 07:44:39.0406 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/29 07:44:39.0906 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/29 07:44:40.0359 NVStrap (a13276329c3ae738e1dec08e3da5ce4b) C:\WINDOWS\system32\drivers\NVStrap.sys

2010/10/29 07:44:40.0531 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/29 07:44:40.0703 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/29 07:44:41.0015 omci (c063c07be039f9773e5e1dc1d33da46e) C:\WINDOWS\system32\DRIVERS\omci.sys

2010/10/29 07:44:41.0015 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\omci.sys. Real md5: c063c07be039f9773e5e1dc1d33da46e, Fake md5: 53d5f1278d9edb21689bbbcecc09108d

2010/10/29 07:44:41.0031 omci - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/10/29 07:44:41.0265 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2010/10/29 07:44:41.0468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/29 07:44:41.0687 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/29 07:44:41.0921 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/29 07:44:42.0125 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

2010/10/29 07:44:42.0328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/29 07:44:42.0656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/29 07:44:42.0875 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/29 07:44:43.0703 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

2010/10/29 07:44:43.0875 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

2010/10/29 07:44:44.0156 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/29 07:44:44.0375 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/29 07:44:44.0609 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/29 07:44:45.0046 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/29 07:44:45.0250 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2010/10/29 07:44:45.0453 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

2010/10/29 07:44:45.0625 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

2010/10/29 07:44:45.0796 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

2010/10/29 07:44:45.0953 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

2010/10/29 07:44:46.0125 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

2010/10/29 07:44:46.0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/29 07:44:46.0546 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/29 07:44:46.0750 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/29 07:44:47.0000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/29 07:44:47.0203 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/29 07:44:47.0375 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/29 07:44:47.0593 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/29 07:44:47.0812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/29 07:44:48.0031 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/29 07:44:48.0218 RivaTunerEx (8018555fb6b8d56cb86ee5eb860462c6) C:\Program Files\RivaTuner v2.0 RC 15.3 New Year Edition\RivaTunerEx.sys

2010/10/29 07:44:48.0484 rt2870 (24a0d16d170194b5812ea08542ebdb62) C:\WINDOWS\system32\DRIVERS\rt2870.sys

2010/10/29 07:44:48.0750 Scutum50 (f34c06d1c706a6d9433570b087a18b02) C:\WINDOWS\system32\Drivers\Scutum50.sys

2010/10/29 07:44:48.0968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/29 07:44:49.0171 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys

2010/10/29 07:44:49.0375 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/29 07:44:49.0593 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/29 07:44:49.0937 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2010/10/29 07:44:50.0296 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys

2010/10/29 07:44:50.0484 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/29 07:44:50.0671 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys

2010/10/29 07:44:50.0859 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2010/10/29 07:44:51.0031 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

2010/10/29 07:44:51.0234 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/29 07:44:51.0500 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\System32\Drivers\sptd.sys

2010/10/29 07:44:51.0734 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/29 07:44:51.0968 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/29 07:44:52.0218 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/29 07:44:52.0500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/29 07:44:52.0718 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/29 07:44:52.0890 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

2010/10/29 07:44:53.0046 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

2010/10/29 07:44:53.0218 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

2010/10/29 07:44:53.0390 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

2010/10/29 07:44:53.0578 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/29 07:44:53.0812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/29 07:44:54.0062 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/29 07:44:54.0234 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/29 07:44:54.0421 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/29 07:44:54.0625 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

2010/10/29 07:44:54.0828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/29 07:44:55.0062 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

2010/10/29 07:44:55.0421 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/29 07:44:55.0671 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

2010/10/29 07:44:55.0875 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/29 07:44:56.0078 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/10/29 07:44:56.0281 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/29 07:44:56.0484 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/29 07:44:56.0687 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/29 07:44:56.0890 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/29 07:44:57.0046 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/29 07:44:57.0296 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys

2010/10/29 07:44:57.0515 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

2010/10/29 07:44:57.0718 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/29 07:44:57.0921 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/29 07:44:58.0109 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/29 07:44:58.0312 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys

2010/10/29 07:44:58.0500 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

2010/10/29 07:44:58.0687 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/29 07:44:59.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/29 07:45:00.0000 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2010/10/29 07:45:00.0562 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2010/10/29 07:45:01.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/29 07:45:02.0203 winachsf (2e5bc3ddf1c44c84c3093e1148a0354e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/29 07:45:03.0156 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/29 07:45:03.0578 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/29 07:45:04.0093 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/29 07:45:04.0625 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/29 07:45:05.0156 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/29 07:45:05.0812 XIRLINK (b4e95ac2ab88edf1d7ab49b7226af8f4) C:\WINDOWS\system32\DRIVERS\ucdnt.sys

2010/10/29 07:45:06.0531 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys

2010/10/29 07:45:06.0953 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys

2010/10/29 07:45:07.0234 ================================================================================

2010/10/29 07:45:07.0234 Scan finished

2010/10/29 07:45:07.0234 ================================================================================

2010/10/29 07:45:07.0281 Detected object count: 1

2010/10/29 07:45:17.0296 omci (c063c07be039f9773e5e1dc1d33da46e) C:\WINDOWS\system32\DRIVERS\omci.sys

2010/10/29 07:45:17.0296 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\omci.sys. Real md5: c063c07be039f9773e5e1dc1d33da46e, Fake md5: 53d5f1278d9edb21689bbbcecc09108d

2010/10/29 07:45:19.0812 Backup copy not found, trying to cure infected file..

2010/10/29 07:45:19.0812 Cure success, using it..

2010/10/29 07:45:21.0515 C:\WINDOWS\system32\DRIVERS\omci.sys - will be cured after reboot

2010/10/29 07:45:21.0515 Rootkit.Win32.TDSS.tdl3(omci) - User select action: Cure

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

system seems to be working just fine now, i think the rootkit solved the svchost cpu usage problem, thanks a bundle for the help i tried to solve this for quite some time now

here are the logs, im pretty sure i failed that security check tho-i need to update a few things :)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f45c72f002134441a7157a6f7a49c884

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-10-31 03:08:08

# local_time=2010-10-31 11:08:08 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 61620616 61620616 0 0

# compatibility_mode=768 16777215 100 0 117653217 117653217 0 0

# compatibility_mode=1024 16777215 100 0 7574731 7574731 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16777214 0 13 163095585 163095587 0 0

# scanned=133506

# found=9

# cleaned=9

# scan_time=9402

C:\w7lxe.exe a variant of Win32/HackKMS.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PZX65LYP\duevhpxtiwgl[1].pdf JS/Exploit.Pdfka.OIU.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PZX65LYP\iubpflaniocwhl[1].jar a variant of Java/TrojanDownloader.OpenStream.NAU trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Freecorder\crack.exe probably a variant of Win32/Agent.KXXNMUO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP905\A0111812.exe a variant of Win32/HackKMS.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP933\A0115715.exe a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP952\A0209372.exe a variant of Win32/HackKMS.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP955\A0217192.exe a variant of Win32/HackKMS.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP955\A0217193.exe probably a variant of Win32/Agent.KXXNMUO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_10-10-21.02) - NTFSx86

Run by Riaz at 11:11:37.51 on Sun 10/31/2010

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.246 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\WINDOWS\system32\kmw_run.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\KMW_SHOW.EXE

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\D-Link\SharePort Utility\Connect.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Riaz\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.dell4me.com/myway

uStart Page =

mDefault_Page_URL = hxxp://www.dell4me.com/myway

mStart Page = hxxp://www.dell4me.com/myway

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com

mSearchAssistant = hxxp://www.google.com

uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - c:\program files\d-link toolbar\dlinktb.dll

TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - c:\program files\d-link toolbar\dlinktb.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmesus.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [nwiz] nwiz.exe /install

mRun: [POINTER] point32.exe

mRun: [kmw_run.exe] kmw_run.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

StartupFolder: c:\docume~1\riaz\startm~1\programs\startup\sharep~1.lnk - c:\program files\d-link\shareport utility\Connect.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - /105

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll

IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

Trusted Zone: intuit.com\ttlc

Trusted Zone: yahoo.com\mail

Trusted Zone: yahoo.com\www

DPF: Microsoft XML Parser for Java

DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab

DPF: {00000055-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhgax.CAB

DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://www.phgenit.com/plugin/awarewebplayer/download/smart/cab/awswaxf.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204

DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/US/install.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://www.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} - hxxp://www.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab

DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab

DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - hxxp://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab

DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab

DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://gameadvisor.futuremark.com/global/msc311.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} - hxxp://www.tukati.com/software/4/1.7.20.20/tukati.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\riaz\applic~1\mozilla\firefox\profiles\az9090tk.default user\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\documents and settings\riaz\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2010-4-23 69632]

R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2010-10-22 19072]

R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2010-10-29 263944]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-4-23 829792]

S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2005-1-6 2816]

S0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\system32\drivers\ocde.sys --> c:\windows\system32\drivers\OCDE.sys [?]

S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-10-22 8192]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [2010-10-21 16512]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-1-5 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-1-5 8320]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RivaTunerEx;RivaTunerEx;c:\program files\rivatuner v2.0 rc 15.3 new year edition\RivaTunerEx.sys [2004-12-28 2560]

S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [2004-4-4 728035]

=============== Created Last 30 ================

2010-10-31 12:26:01 -------- d-----w- c:\program files\ESET

2010-10-30 18:43:23 -------- d-----w- c:\docume~1\riaz\applic~1\DonationCoder

2010-10-30 18:37:36 -------- d-----w- c:\program files\WinPcap

2010-10-30 18:36:59 -------- d-----w- c:\program files\URLSnooper2

2010-10-30 18:36:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\DonationCoder

2010-10-30 16:42:02 -------- d-----w- c:\docume~1\riaz\locals~1\applic~1\D-Link Toolbar

2010-10-29 22:08:16 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-29 22:08:04 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-29 17:00:19 -------- d-----w- c:\program files\D-Link Toolbar

2010-10-29 17:00:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\D-Link Toolbar

2010-10-29 17:00:18 -------- d-----w- c:\program files\common files\Software Update Utility

2010-10-29 16:46:17 -------- d-----w- c:\docume~1\riaz\applic~1\VirtualStore

2010-10-29 16:44:35 -------- d-----w- c:\program files\D-Link

2010-10-29 16:44:28 263944 ----a-r- c:\windows\system32\drivers\sxuptp.sys

2010-10-22 18:36:28 1865152 ----a-w- c:\windows\system32\Scutum.dll

2010-10-22 18:36:28 180224 ----a-w- c:\windows\system32\W32N55.dll

2010-10-22 18:36:28 1606944 ----a-w- c:\windows\system32\RaCertMgr.dll

2010-10-22 18:36:27 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys

2010-10-22 18:36:27 157128 ----a-w- c:\windows\system32\RalinkGina.dll

2010-10-22 18:36:27 147456 ----a-w- c:\windows\system32\DiagFunc.dll

2010-10-22 18:35:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Ralink Driver

2010-10-22 14:06:58 8192 ----a-w- c:\windows\system32\srvany.exe

2010-10-22 13:43:10 -------- d-----w- c:\program files\Microsoft Synchronization Services

2010-10-22 13:41:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-10-22 13:41:57 -------- d-----w- c:\documents and settings\all users\Microsoft

2010-10-22 13:40:03 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-10-22 13:37:24 -------- d-----w- c:\program files\Microsoft Analysis Services

2010-10-22 13:11:56 -------- d-----w- c:\program files\IObit

2010-10-21 18:39:07 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe

2010-10-21 18:35:48 3038 ----a-w- C:\fix_svchost.bat

2010-10-21 16:06:45 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-10-21 16:06:45 172416 -c--a-w- c:\windows\system32\dllcache\kmixer.sys

2010-10-21 16:06:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys

==================== Find3M ====================

2010-10-31 12:01:26 7304 ----a-w- c:\windows\TMP0001.TMP

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2008-11-06 15:43:47 19510 -c--a-w- c:\program files\common files\oqemo.pif

2008-11-06 15:43:47 16088 -c--a-w- c:\program files\common files\vozu.pif

2008-11-06 15:43:47 10583 -c--a-w- c:\program files\common files\buduxehylu.com

============= FINISH: 11:14:26.45 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 6/28/2004 9:27:44 PM

System Uptime: 10/31/2010 8:01:07 AM (3 hours ago)

Motherboard: Dell Computer Corp. | | 0G1548

Processor: Intel® Pentium® 4 CPU 2.66GHz | Microprocessor | 2658/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 32.879 GiB free.

D: is CDROM ()

E: is CDROM ()

G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Broadcom 440x 10/100 Integrated Controller

Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0

Manufacturer: Broadcom

Name: Broadcom 440x 10/100 Integrated Controller

PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0

Service: bcm4sbxp

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia Windows Portable Device Driver

Device ID: ROOT\WPD\0000

Manufacturer: Nokia

Name: Nokia 5610 XpressMusic

PNP Device ID: ROOT\WPD\0000

Service: WUDFRd

==== System Restore Points ===================

RP895: 8/2/2010 9:44:39 AM - Software Distribution Service 3.0

RP896: 8/3/2010 4:25:10 PM - Installed AVG 9.0

RP897: 8/3/2010 4:54:55 PM - Avg Update

RP898: 8/3/2010 6:56:54 PM - Removed AVG 9.0

RP899: 8/3/2010 7:01:46 PM - Installed AVG 9.0

RP900: 8/3/2010 7:02:13 PM - Removed Ask Toolbar.

RP901: 8/4/2010 9:21:43 AM - Software Distribution Service 3.0

RP902: 8/12/2010 10:18:28 AM - Installed Java 6 Update 21

RP903: 8/14/2010 1:32:19 PM - Software Distribution Service 3.0

RP904: 8/15/2010 11:25:44 AM - Installed iTunes

RP905: 8/19/2010 10:54:56 AM - System Checkpoint

RP906: 8/23/2010 11:00:29 AM - Removed Java 6 Update 3

RP907: 8/23/2010 11:01:14 AM - Removed Java 6 Update 5

RP908: 8/23/2010 11:01:58 AM - Removed Java 6 Update 2

RP909: 8/23/2010 11:02:43 AM - Removed Java 6 Update 7

RP910: 8/23/2010 11:03:38 AM - Removed Java SE Development Kit 6

RP911: 8/23/2010 11:05:21 AM - Removed Java SE Runtime Environment 6

RP912: 8/23/2010 11:06:00 AM - Removed Java SE Runtime Environment 6 Update 1

RP913: 8/23/2010 11:06:49 AM - Removed Java 2 Runtime Environment, SE v1.4.2_06

RP914: 8/23/2010 11:07:56 AM - Removed Java 2 Runtime Environment, SE v1.4.2_04

RP915: 8/23/2010 11:09:24 AM - Removed J2SE Runtime Environment 5.0 Update 6

RP916: 8/23/2010 11:09:59 AM - Removed J2SE Runtime Environment 5.0 Update 9

RP917: 8/23/2010 11:10:38 AM - Removed J2SE Runtime Environment 5.0 Update 5

RP918: 8/23/2010 11:11:12 AM - Removed J2SE Runtime Environment 5.0 Update 4

RP919: 8/23/2010 11:11:49 AM - Removed J2SE Runtime Environment 5.0 Update 3

RP920: 8/23/2010 11:12:35 AM - Configured iPod for Windows 2006-01-10

RP921: 8/23/2010 11:13:41 AM - Configured iPod for Windows 2005-09-06

RP922: 8/23/2010 11:17:54 AM - Removed Dell Solution Center

RP923: 8/23/2010 11:24:51 AM - Removed Java 2 Runtime Environment, SE v1.4.2

RP924: 8/23/2010 11:27:25 AM - Removed TurboTax 2009 wnhiper

RP925: 8/23/2010 11:27:38 AM - Removed TurboTax 2009 wneiper

RP926: 8/23/2010 11:27:49 AM - Removed TurboTax 2009 wnjiper

RP927: 8/23/2010 11:28:00 AM - Removed iSEEK AnswerWorks English Runtime

RP928: 8/23/2010 11:28:26 AM - Removed TurboTax 2009 WinPerTaxSupport

RP929: 8/23/2010 11:29:12 AM - Removed TurboTax 2009 WinPerFedFormset

RP930: 8/23/2010 11:30:29 AM - Removed TurboTax 2009 WinPerReleaseEngine

RP931: 8/23/2010 11:31:59 AM - Removed TurboTax 2009 wrapper

RP932: 8/23/2010 11:32:42 AM - Configured VeohTV BETA

RP933: 8/23/2010 11:35:22 AM - Removed Ventrilo Client

RP934: 8/25/2010 4:32:42 PM - System Checkpoint

RP935: 8/27/2010 1:01:29 PM - System Checkpoint

RP936: 8/28/2010 1:32:33 PM - System Checkpoint

RP937: 8/31/2010 12:40:26 PM - System Checkpoint

RP938: 9/3/2010 4:43:02 PM - System Checkpoint

RP939: 9/6/2010 3:08:23 PM - System Checkpoint

RP940: 9/14/2010 3:56:44 PM - Advanced SystemCare RestorePoint

RP941: 9/16/2010 5:24:07 PM - System Checkpoint

RP942: 9/18/2010 6:23:21 PM - System Checkpoint

RP943: 9/20/2010 1:14:59 PM - System Checkpoint

RP944: 9/26/2010 12:36:04 PM - System Checkpoint

RP945: 10/1/2010 6:33:21 PM - System Checkpoint

RP946: 10/4/2010 7:08:12 PM - System Checkpoint

RP947: 10/7/2010 2:13:15 PM - System Checkpoint

RP948: 10/13/2010 6:02:01 PM - System Checkpoint

RP949: 10/14/2010 7:40:40 PM - System Checkpoint

RP950: 10/16/2010 2:33:54 PM - System Checkpoint

RP951: 10/19/2010 8:05:09 PM - System Checkpoint

RP952: 10/22/2010 2:35:41 PM - Installed Ralink Wireless LAN

RP953: 10/26/2010 3:05:57 PM - System Checkpoint

RP954: 10/29/2010 6:25:13 PM - System Checkpoint

RP955: 10/30/2010 12:27:52 PM - Software Distribution Service 3.0

==== Installed Programs ======================

7-Zip 4.10 beta

Ad-Aware SE Personal

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Download Manager 1.2 (Remove Only)

Adobe Flash Player 10 Plugin

Adobe Photoshop 7.0

Adobe Photoshop Album 2.0 Starter Edition

Adobe Reader 7.0.5

Adobe Shockwave Player

Advanced SystemCare 3

AGEIA PhysX v7.09.13

AIM "You've Got Pictures" Picture Finder Plugin v9.5.1.8

AIM 6

Aim Plugin for QQ Games

AIM Toolbar

AIMTunes

AOL Instant Messenger

AOL Uninstaller (Choose which Products to Remove)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AviSynth 2.5

Azureus

Banctec Service Agreement

BitTorrent 4.0.0

Bonjour

Broadcom Management Programs

CCleaner (remove only)

Conexant SmartHSFi V.9x 56K DF PCI Modem

Critical Update for Windows Media Player 11 (KB959772)

D-Link Toolbar

Definition update for Microsoft Office 2010 (KB982726)

Dell Digital Jukebox Driver

Dell Networking Guide

Dell Photo Printer 720

Dell ResourceCD

Diagnostic Tool for the Microsoft VM

Digital Line Detect

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

Download Updater (AOL LLC)

ESET Online Scanner v3

eTrust EZ Antivirus

eTrust EZ Armor

Futuremark Measurement Services Client

Google Chrome

Google Video Player

Half-Life

Help and Support Customization

HijackThis 1.99.1

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

http://www.winavi.com/

Intel® Extreme Graphics Driver

Internet Explorer Default Page

iPod for Windows User Guide

iPod System Software Updater 2.1

iPod Updater 2004-11-15

iTunes

J2SE Runtime Environment 5.0 Update 10

Jasc Paint Shop Photo Album

Jasc Paint Shop Pro 8 Dell Edition

Java 2 Runtime Environment Standard Edition v1.3.1_11

Java 2 Runtime Environment, SE v1.4.1_02

Java 2 Runtime Environment, SE v1.4.2_10

Java Auto Updater

Java Web Start

Java 6 Update 21

K-Lite Mega Codec Pack 1.31

Kensington MouseWorks

Learn2 Player (Uninstall Only)

LimeWire 5.5.8

Macromedia Flash Player 8

Magic ISO Maker v5.4 (build 0251)

MagicDisc 2.7.106

Malwarebytes' Anti-Malware

Matroska Pack (remove only)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Encarta Encyclopedia Standard 2004

Microsoft IntelliPoint

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.7

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

MicroStaff WINASPI

MobileMe Control Panel

Modem Helper

Mozilla Firefox (3.6.12)

Mp3 Stream Recorder

MSN Messenger 7.5

MSVC80_x86_v2

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

My Function Keys

MySpaceIM

NeroVision Express 2

NetWaiting

Nokia Connectivity Cable Driver

Nokia PC Suite

NVIDIA Drivers

ObjectDock

Optimum Online net guide

PC Connectivity Solution

PL-2303 USB-to-Serial

QuickTime

Ralink RT2870 Wireless LAN Card

Ralink Wireless LAN

RealOne Player

RivaTuner v2.0 RC 15.3 New Year Edition

Rune Cache Exploiter v1.00

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Word 2010 (KB2345000)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 Series (KB969878)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

SharePort Utility

Shockwave

Sony USB Driver

SpeechRedist

Spybot - Search & Destroy 1.3

Steam

Sun Download Manager 2.0 (web)

Super Mp3 Recorder Professional v6.2

TeamSpeak 2 RC2

The Rosetta Stone

Uniblue RegistryBooster 2

Unlocker 1.8.7

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft OneNote 2010 (KB2288640)

Update for Microsoft Outlook Social Connector (KB2289116)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

URL Snooper v2.28.01

VC80CRTRedist - 8.0.50727.4053

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Vuze

WebFldrs XP

WinAce Archiver

Winamp (remove only)

WinAVIVideoConverter

Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)

Windows Driver Package - Nokia Modem (10/05/2009 4.2)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Live ID Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinPcap 4.1.1

WinRAR archiver

WinSCP 4.2.7

WinZip

WordPerfect Office 11

Xbox 360 Controller for Windows

Xfire (remove only)

Yahoo! Messenger

Yahoo! Messenger Explorer Bar

Yahoo! Photos Easy Upload Tool 1v4

Yahoo! Photos Easy Upload Tool 1v6

Yahoo! Toolbar

Yahoo! Toolbar for Internet Explorer

==== Event Viewer Messages From Past Week ========

10/29/2010 7:48:06 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

10/29/2010 2:47:50 PM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 000D56618B05 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

10/26/2010 3:22:39 PM, error: Dhcp [1002] - The IP address lease 69.116.224.216 for the Network Card with network address 000D56618B05 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

10/25/2010 7:10:22 AM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 000D56618B05 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

10/25/2010 5:13:14 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

10/25/2010 5:07:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Live ID Sign-in Assistant service to connect.

10/25/2010 5:07:36 PM, error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/25/2010 5:07:29 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).

10/25/2010 5:07:29 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

10/25/2010 4:13:19 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.

10/24/2010 8:28:49 AM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 000D56618B05 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

10/24/2010 8:27:22 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The system cannot find the file specified.

10/24/2010 8:27:22 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

10/24/2010 8:27:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep

10/24/2010 8:27:19 AM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

10/24/2010 12:11:57 PM, error: Dhcp [1002] - The IP address lease 69.116.224.216 for the Network Card with network address 000D56618B05 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

10/24/2010 1:42:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================

Results of screen317's Security Check version 0.99.6

Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

eTrust EZ Armor

```````````````````````````````

Anti-malware/Other Utilities Check:

Out of date Spybot installed!

Ad-Aware

Out of date HijackThis installed!

Malwarebytes' Anti-Malware

HijackThis 1.99.1

Hijackthis 1.99.1

CCleaner (remove only)

Java Web Start

Java 6 Update 21

Java 2 Runtime Environment Standard Edition v1.3.1_11

Java 2 Runtime Environment, SE v1.4.2_10

Java 2 Runtime Environment, SE v1.4.1_02

Out of date Java installed!

Adobe Flash Player 10.1.85.3

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Reader 7.0.5

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.12)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Your versions of Spybot and Ad-Aware are incredibly old. I recommend uninstalling them. If you wish to continue using them, I recommend getting the latest versions..

Right-click this file and click Edit:

C:\fix_svchost.bat

Post its contents here.

Next, navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Ad-Aware SE Personal

Spybot - Search & Destroy 1.3

HijackThis 1.99.1

Hijackthis 1.99.1

Java

Link to post
Share on other sites

regsvr32 comcat.dll /s

regsvr32 shdoc401.dll /s

regsvr32 shdoc401.dll /i /s

regsvr32 asctrls.ocx /s

regsvr32 oleaut32.dll /s

regsvr32 shdocvw.dll /I /s

regsvr32 shdocvw.dll /s

regsvr32 browseui.dll /s

regsvr32 browseui.dll /I /s

regsvr32 msrating.dll /s

regsvr32 mlang.dll /s

regsvr32 hlink.dll /s

regsvr32 mshtmled.dll /s

regsvr32 urlmon.dll /s

regsvr32 plugin.ocx /s

regsvr32 sendmail.dll /s

regsvr32 scrobj.dll /s

regsvr32 mmefxe.ocx /s

regsvr32 corpol.dll /s

regsvr32 jscript.dll /s

regsvr32 msxml.dll /s

regsvr32 imgutil.dll /s

regsvr32 thumbvw.dll /s

regsvr32 cryptext.dll /s

regsvr32 rsabase.dll /s

regsvr32 inseng.dll /s

regsvr32 iesetup.dll /i /s

regsvr32 cryptdlg.dll /s

regsvr32 actxprxy.dll /s

regsvr32 dispex.dll /s

regsvr32 occache.dll /s

regsvr32 occache.dll /i /s

regsvr32 iepeers.dll /s

regsvr32 urlmon.dll /i /s

regsvr32 cdfview.dll /s

regsvr32 webcheck.dll /s

regsvr32 mobsync.dll /s

regsvr32 pngfilt.dll /s

regsvr32 licmgr10.dll /s

regsvr32 icmfilter.dll /s

regsvr32 hhctrl.ocx /s

regsvr32 inetcfg.dll /s

regsvr32 tdc.ocx /s

regsvr32 MSR2C.DLL /s

regsvr32 msident.dll /s

regsvr32 msieftp.dll /s

regsvr32 xmsconf.ocx /s

regsvr32 ils.dll /s

regsvr32 msoeacct.dll /s

regsvr32 inetcomm.dll /s

regsvr32 msdxm.ocx /s

regsvr32 dxmasf.dll /s

regsvr32 l3codecx.ax /s

regsvr32 acelpdec.ax /s

regsvr32 mpg4ds32.ax /s

regsvr32 voxmsdec.ax /s

regsvr32 danim.dll /s

regsvr32 Daxctle.ocx /s

regsvr32 lmrt.dll /s

regsvr32 datime.dll /s

regsvr32 dxtrans.dll /s

regsvr32 dxtmsft.dll /s

regsvr32 WEBPOST.DLL /s

regsvr32 WPWIZDLL.DLL /s

regsvr32 POSTWPP.DLL /s

regsvr32 CRSWPP.DLL /s

regsvr32 FTPWPP.DLL /s

regsvr32 FPWPP.DLL /s

regsvr32 WUAPI.DLL /s

regsvr32 WUAUENG.DLL /s

regsvr32 ATL.DLL /s

regsvr32 WUCLTUI.DLL /s

regsvr32 WUPS.DLL /s

regsvr32 WUWEB.DLL /s

regsvr32 wshom.ocx /s

regsvr32 wshext.dll /s

regsvr32 vbscript.dll /s

regsvr32 scrrun.dll mstinit.exe /setup /s

regsvr32 msnsspc.dll /SspcCreateSspiReg /s

regsvr32 msapsspc.dll /SspcCreateSspiReg /s

regsvr32 /s urlmon.dll

regsvr32 /s mshtml.dll

regsvr32 /s shdocvw.dll

regsvr32 /s browseui.dll

regsvr32 /s jscript.dll

regsvr32 /s vbscript.dll

regsvr32 /s scrrun.dll

regsvr32 /s msxml.dll

regsvr32 /s actxprxy.dll

regsvr32 /s softpub.dll

regsvr32 /s wintrust.dll

regsvr32 /s dssenh.dll

regsvr32 /s rsaenh.dll

regsvr32 /s gpkcsp.dll

regsvr32 /s sccbase.dll

regsvr32 /s slbcsp.dll

regsvr32 /s cryptdlg.dll

regsvr32 /s schannel.dll

regsvr32 /s oleaut32.dll

regsvr32 /s ole32.dll

regsvr32 /s shell32.dll

regsvr32 /s initpki.dll

regsvr32 /s msscript.ocx

regsvr32 /s dispex.dll

regsvr32 jscript.dll /s

del %temp% /Q /F

net stop wuauserv

ren %windir%\system32\catroot2 catroot2.old

cd /d %windir%\SoftwareDistribution

rd /s DataStore /Q

regsvr32 wuapi.dll /s

regsvr32 wups.dll /s

regsvr32 wuaueng.dll /s

regsvr32 wucltui.dll /s

regsvr32 wuweb.dll /s

regsvr32 msxml.dll /s

regsvr32 msxml2.dll /s

regsvr32 msxml3.dll /s

regsvr32 urlmon.dll /s

net start wuauserv

exit

wouldnt let me edit the .bat file so i had to rename to .txt, also im trying to run "Combofix /uninstall" but it cant be found..ill get started on the rest

Link to post
Share on other sites

  • Staff

Hi,

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is imperative that you have an antivirus. You are basically asking for infection without one. :D

All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials

AntiVir

avast!.

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

7) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.