Jump to content

Recommended Posts

Hello,

Recently my computer was infected by the XP Home Security malware. I honestly don't know how it happened, but it's really been stubborn when it has come to removing. I initially tried removing it in normal mode, but when my computer began to crash whenever I started it in normal mode, I had to move onto safe mode. The only problem is that, though the computer booted up correctly in safe mode, it wouldn't let me open Malwarebytes to try to scan my computer. So, this is where I'm stuck as to what to do.

Regards.

Link to post
Share on other sites

Hello and :welcome:

Please reboot your computer in Safe Mode with Networking and try to run DDS.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Ok, here are the results of the DDS scan, as well as the zip file as instructed

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by Georgian at 16:47:27.68 on Tue 04/05/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.589 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: Norton Internet Worm Protection *Disabled*

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Documents and Settings\Georgian\Local Settings\Application Data\lrd.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Documents and Settings\Georgian\Desktop\dds.pif

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2061203

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101103131929.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - c:\program files\regtweaker\key.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll

TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\devices.exe" -agent

uRun: [DriverMax_RESTART]

uRun: [Hbodijehulal] rundll32.exe "c:\windows\kbdmorsh.dll",Startup

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [VX6000] c:\windows\vVX6000.exe

mRun: [PWRISOVM.EXE] f:\fd\poweriso\PWRISOVM.EXE

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [NoteBurner] c:\program files\noteburner\VTBurnerGUI.exe /silence

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Ypolovaxes] rundll32.exe "c:\windows\uzipuwowoh.dll",Startup

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mExplorerRun: [fpact] c:\docume~1\georgian\locals~1\temp\zitui1.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autodo~1.lnk - c:\windows\installer\{a0977d70-0f88-41e1-b1ea-aabea2dc412c}\_90E83B48746B9EB0D90EE6.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Amazing%20Adventures%20Around%20the%20World/Images/stg_drm.ocx

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {27527D31-447B-11D5-A46E-0001023B4289} - hxxp://gamingzone.ubisoft.com/dev/packages/GSManager.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290234791318

DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.com/xp/ScanFilexp.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab

DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://zone.msn.com/bingame/burg/default/GoBitGamesPlayer_v6.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Amazing%20Adventures%20Around%20the%20World/Images/armhelper.ocx

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: !SASWinLogon - f:\torrents\super antispyware\SASWINLO.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - f:\torrents\super antispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\georgian\applic~1\mozilla\firefox\profiles\9d4gnxkm.default\

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\georgian\application data\move networks\plugins\npqmp071706000001.dll

FF - plugin: c:\documents and settings\georgian\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\gametap web player\bin\release\npGameTapWebPlayer.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: XUL Cache: {C55C5EBE-95CA-4924-8C6F-7638DFD13B59} - c:\program files\mozilla firefox\extensions\{C55C5EBE-95CA-4924-8C6F-7638DFD13B59}

FF - Ext: XUL Cache: {EDDD0854-0552-4E6D-8EE3-3902E699825A} - c:\program files\mozilla firefox\extensions\{EDDD0854-0552-4E6D-8EE3-3902E699825A}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: XULRunner: {E071509B-338C-4CCB-A354-51833B3E6E40} - c:\documents and settings\georgian\local settings\application data\{E071509B-338C-4CCB-A354-51833B3E6E40}

FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

FF - Ext: SwitchProxy Tool: {27A2FD41-CB23-4518-AB5C-C25BAFFDE531} - %profile%\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\georgian\application data\Move Networks

.

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-8 386840]

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2011-1-10 13440]

R1 IKFileFlt;File Filter Driver;c:\windows\system32\drivers\ikfileflt.sys [2007-9-14 39248]

R1 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-9-14 52304]

R1 IkSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-9-14 59984]

R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-9-14 83536]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-17 84072]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-17 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-17 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-17 141792]

R2 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\spyware doctor\svcntaux.exe [2007-9-14 708176]

R2 sdCoreService;Spyware Doctor Service;c:\program files\spyware doctor\swdsvc.exe [2007-9-14 1302272]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-17 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-17 88544]

S0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys --> c:\windows\system32\drivers\tclondrv.sys [?]

S2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-11-24 464264]

S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-11-24 234888]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 DNADownloader;DNADownloader;c:\program files\gamespot\DownloadManager_Win32.exe [2007-5-9 700416]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-8 88176]

S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-17 271480]

S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-17 271480]

S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-17 171168]

S2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-10-12 46824]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-17 55840]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-12-4 30192]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-8 152960]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-8 52104]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-17 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-17 84264]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-8 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-8 40552]

S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2009-2-19 2077840]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2011-04-04 04:04:30 -------- d-----w- c:\program files\RegTweaker

2011-04-03 11:48:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-03 11:48:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-03 11:48:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-01 03:25:47 319488 --sha-w- c:\docume~1\georgian\locals~1\applic~1\lrd.exe

2011-03-31 00:10:05 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll

2011-03-31 00:08:09 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll

2011-03-31 00:02:36 -------- d-----w- c:\windows\system32\RsFx

2011-03-30 22:40:07 -------- d-----w- c:\program files\Microsoft Synchronization Services

2011-03-30 22:39:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-03-30 22:28:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\PreEmptive Solutions

2011-03-30 21:41:05 -------- d-----w- c:\program files\Microsoft ASP.NET

2011-03-30 21:39:41 -------- d-----w- c:\program files\IIS

2011-03-30 20:40:03 18368 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vsa\9.0\1033\ResourceCache.dll

2011-03-30 20:38:24 2478272 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\visualstudio\10.0\1033\ResourceCache.dll

2011-03-30 19:08:00 -------- d-----w- c:\program files\Microsoft F#

2011-03-30 19:08:00 -------- d-----w- c:\program files\HTML Help Workshop

2011-03-30 19:08:00 -------- d-----w- c:\program files\common files\Merge Modules

2011-03-30 19:07:59 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2011-03-30 19:07:59 -------- d-----w- c:\program files\Microsoft Help Viewer

2011-03-29 10:33:05 0 ----a-w- c:\windows\Okifumoyesicog.bin

2011-03-28 21:10:15 -------- d-----w- c:\docume~1\georgian\locals~1\applic~1\{E071509B-338C-4CCB-A354-51833B3E6E40}

2011-03-28 21:01:57 -------- d-sh--w- C:\found.000

2011-03-28 20:12:08 -------- d-----w- C:\spoolerlogs

2011-03-22 06:04:00 -------- d-----w- c:\docume~1\georgian\locals~1\applic~1\Innovative Solutions

2011-03-22 06:04:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Innovative Solutions

2011-03-22 06:03:40 -------- d-----w- c:\program files\Innovative Solutions

2011-03-12 17:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-03-12 17:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-03-09 19:43:02 -------- d-----w- c:\program files\iPod

.

==================== Find3M ====================

.

2011-03-25 21:23:31 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-02-18 22:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-04 23:48:32 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 23:48:30 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2011-01-06 03:57:08 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-01-06 03:57:07 499712 ----a-w- c:\windows\system32\msvcp71.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST910021AS rev.8.04 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86009EC5]<<

_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x84d43872; SUB DWORD [EBP-0x4], 0x84d4312e; PUSH EDI; CALL 0xffffffffffffdf33; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x87694AB8]

3 CLASSPNP[0xF75A3FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000082[0x8770A9E8]

5 ACPI[0xF7418620] -> nt!IofCallDriver[0x804E13B9] -> [0x876B5940]

[0x875994F8] -> IRP_MJ_CREATE -> 0x86009EC5

kernel: MBR read successfully

_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST910021AS______________________________8.04____#5&1ff3378c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x86009AEA

user & kernel MBR OK

sectors 195371566 (+255): user != kernel

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 17:43:05.76 ===============

Attach.zip

Link to post
Share on other sites

There is indeed quite some malware present here. Before starting the cleaning process, read the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Ok, I decided to continue with the removal process as the infected computer is mainly for casual use so I don't expect any sensitive information to ever be present on it.

Plus, as you mentioned, I'll keep in mind that it might never be 100% safe ever again.

In any case, here is the log file of the TDSSKiller scan,

2011/04/06 11:30:32.0421 24508 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/06 11:30:32.0578 24508 ================================================================================

2011/04/06 11:30:32.0578 24508 SystemInfo:

2011/04/06 11:30:32.0578 24508

2011/04/06 11:30:32.0593 24508 OS Version: 5.1.2600 ServicePack: 3.0

2011/04/06 11:30:32.0593 24508 Product type: Workstation

2011/04/06 11:30:32.0593 24508 ComputerName: UNBELIEVABLE

2011/04/06 11:30:32.0593 24508 UserName: Georgian

2011/04/06 11:30:32.0593 24508 Windows directory: C:\WINDOWS

2011/04/06 11:30:32.0593 24508 System windows directory: C:\WINDOWS

2011/04/06 11:30:32.0593 24508 Processor architecture: Intel x86

2011/04/06 11:30:32.0593 24508 Number of processors: 2

2011/04/06 11:30:32.0593 24508 Page size: 0x1000

2011/04/06 11:30:32.0593 24508 Boot type: Safe boot with network

2011/04/06 11:30:32.0593 24508 ================================================================================

2011/04/06 11:30:33.0437 24508 Initialize success

2011/04/06 11:30:49.0500 22536 ================================================================================

2011/04/06 11:30:49.0500 22536 Scan started

2011/04/06 11:30:49.0500 22536 Mode: Manual;

2011/04/06 11:30:49.0500 22536 ================================================================================

2011/04/06 11:30:54.0828 22536 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/04/06 11:30:54.0968 22536 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/04/06 11:30:55.0093 22536 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/04/06 11:30:55.0218 22536 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/04/06 11:30:55.0375 22536 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/04/06 11:30:55.0500 22536 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/04/06 11:30:55.0625 22536 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys

2011/04/06 11:30:55.0765 22536 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/04/06 11:30:55.0890 22536 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/04/06 11:30:56.0015 22536 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/04/06 11:30:56.0125 22536 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/04/06 11:30:56.0250 22536 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/04/06 11:30:56.0375 22536 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/04/06 11:30:56.0703 22536 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/04/06 11:30:56.0828 22536 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/04/06 11:30:56.0953 22536 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/04/06 11:30:57.0093 22536 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/04/06 11:30:57.0218 22536 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2011/04/06 11:30:57.0515 22536 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/04/06 11:30:57.0671 22536 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/04/06 11:30:57.0796 22536 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/04/06 11:30:57.0906 22536 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/04/06 11:30:58.0390 22536 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/04/06 11:30:58.0515 22536 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/04/06 11:30:58.0765 22536 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/04/06 11:30:58.0906 22536 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/04/06 11:30:59.0046 22536 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/04/06 11:30:59.0187 22536 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/04/06 11:30:59.0500 22536 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/04/06 11:30:59.0625 22536 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/04/06 11:30:59.0843 22536 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/04/06 11:30:59.0968 22536 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/04/06 11:31:00.0078 22536 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/04/06 11:31:00.0203 22536 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/04/06 11:31:00.0359 22536 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/04/06 11:31:00.0484 22536 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys

2011/04/06 11:31:00.0968 22536 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/04/06 11:31:01.0078 22536 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/04/06 11:31:01.0296 22536 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/04/06 11:31:01.0828 22536 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/04/06 11:31:02.0109 22536 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/04/06 11:31:02.0500 22536 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/04/06 11:31:03.0062 22536 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/04/06 11:31:03.0468 22536 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/04/06 11:31:03.0890 22536 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/04/06 11:31:04.0203 22536 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/04/06 11:31:04.0390 22536 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/04/06 11:31:04.0890 22536 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/04/06 11:31:05.0328 22536 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/04/06 11:31:05.0718 22536 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/04/06 11:31:06.0093 22536 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/04/06 11:31:06.0578 22536 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/04/06 11:31:07.0640 22536 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/04/06 11:31:08.0375 22536 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/04/06 11:31:08.0875 22536 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/04/06 11:31:09.0453 22536 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/04/06 11:31:09.0937 22536 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/04/06 11:31:10.0328 22536 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/04/06 11:31:10.0546 22536 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/04/06 11:31:10.0750 22536 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/04/06 11:31:10.0906 22536 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

2011/04/06 11:31:11.0109 22536 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/04/06 11:31:11.0312 22536 eeCtrl (08035db1987412cced1d4201263776ed) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/04/06 11:31:11.0812 22536 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/04/06 11:31:12.0000 22536 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/04/06 11:31:12.0125 22536 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/04/06 11:31:12.0328 22536 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/04/06 11:31:12.0484 22536 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/04/06 11:31:12.0625 22536 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys

2011/04/06 11:31:12.0750 22536 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/04/06 11:31:12.0890 22536 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/04/06 11:31:13.0031 22536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/04/06 11:31:13.0187 22536 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/04/06 11:31:13.0515 22536 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/04/06 11:31:13.0718 22536 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/04/06 11:31:13.0890 22536 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/04/06 11:31:14.0093 22536 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

2011/04/06 11:31:14.0250 22536 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

2011/04/06 11:31:14.0406 22536 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/04/06 11:31:14.0578 22536 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/04/06 11:31:14.0718 22536 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/04/06 11:31:14.0859 22536 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/04/06 11:31:15.0187 22536 IKFileFlt (34f40507dddb19700914eb09862fc74d) C:\WINDOWS\system32\drivers\ikfileflt.sys

2011/04/06 11:31:15.0296 22536 IKFileSec (86882f5132bc9807863ee8f631a51b40) C:\WINDOWS\system32\drivers\ikfilesec.sys

2011/04/06 11:31:15.0437 22536 IkSysFlt (dbf937414b9630252cb48e6863139c54) C:\WINDOWS\system32\drivers\iksysflt.sys

2011/04/06 11:31:15.0562 22536 IKSysSec (57a34b3b557b924e7b6655ad20f031cc) C:\WINDOWS\system32\drivers\iksyssec.sys

2011/04/06 11:31:15.0703 22536 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/04/06 11:31:15.0953 22536 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/04/06 11:31:16.0125 22536 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/04/06 11:31:16.0250 22536 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/04/06 11:31:16.0359 22536 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/04/06 11:31:16.0468 22536 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/04/06 11:31:16.0593 22536 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/04/06 11:31:16.0703 22536 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/04/06 11:31:16.0828 22536 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/04/06 11:31:16.0937 22536 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/04/06 11:31:17.0078 22536 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/04/06 11:31:17.0218 22536 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys

2011/04/06 11:31:17.0390 22536 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/04/06 11:31:17.0484 22536 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/04/06 11:31:17.0609 22536 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/04/06 11:31:18.0437 22536 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/04/06 11:31:18.0578 22536 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys

2011/04/06 11:31:18.0703 22536 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys

2011/04/06 11:31:18.0843 22536 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys

2011/04/06 11:31:19.0000 22536 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys

2011/04/06 11:31:19.0125 22536 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys

2011/04/06 11:31:19.0250 22536 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2011/04/06 11:31:19.0328 22536 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2011/04/06 11:31:19.0453 22536 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys

2011/04/06 11:31:19.0578 22536 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

2011/04/06 11:31:19.0687 22536 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

2011/04/06 11:31:19.0796 22536 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys

2011/04/06 11:31:19.0953 22536 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/04/06 11:31:20.0062 22536 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/04/06 11:31:20.0218 22536 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/04/06 11:31:20.0312 22536 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/04/06 11:31:20.0421 22536 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/04/06 11:31:20.0531 22536 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/04/06 11:31:20.0625 22536 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/04/06 11:31:20.0781 22536 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/04/06 11:31:20.0906 22536 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/04/06 11:31:21.0218 22536 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/04/06 11:31:21.0421 22536 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/04/06 11:31:21.0546 22536 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/04/06 11:31:21.0656 22536 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/04/06 11:31:21.0765 22536 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/04/06 11:31:21.0937 22536 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/04/06 11:31:22.0062 22536 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/04/06 11:31:22.0171 22536 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/04/06 11:31:22.0328 22536 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/04/06 11:31:22.0437 22536 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/04/06 11:31:22.0562 22536 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/04/06 11:31:22.0671 22536 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/04/06 11:31:22.0765 22536 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/04/06 11:31:22.0906 22536 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/04/06 11:31:23.0000 22536 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/04/06 11:31:23.0109 22536 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/04/06 11:31:23.0531 22536 NETw3x32 (f43da6b7e26fff9ac4d3210f2f9b5d8c) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

2011/04/06 11:31:23.0796 22536 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

2011/04/06 11:31:24.0015 22536 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/04/06 11:31:24.0171 22536 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/04/06 11:31:24.0265 22536 ntcdrdrv (a5627bf1b0f901e66ce0b3ec657cbf25) C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys

2011/04/06 11:31:24.0406 22536 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/04/06 11:31:24.0578 22536 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/04/06 11:31:24.0937 22536 nv (7180ce4394a76af0638f1ed74584a2dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/04/06 11:31:25.0343 22536 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/04/06 11:31:25.0468 22536 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/04/06 11:31:25.0593 22536 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/04/06 11:31:25.0765 22536 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/04/06 11:31:25.0890 22536 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/04/06 11:31:26.0000 22536 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/04/06 11:31:26.0109 22536 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/04/06 11:31:26.0328 22536 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/04/06 11:31:26.0453 22536 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/04/06 11:31:26.0984 22536 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/04/06 11:31:27.0093 22536 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/04/06 11:31:27.0468 22536 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/04/06 11:31:27.0703 22536 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/04/06 11:31:27.0828 22536 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/04/06 11:31:27.0953 22536 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/04/06 11:31:28.0062 22536 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/04/06 11:31:28.0171 22536 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/04/06 11:31:28.0265 22536 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/04/06 11:31:28.0390 22536 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/04/06 11:31:28.0500 22536 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/04/06 11:31:28.0593 22536 RasAcd (625214c4ed1c135d9c4cf1ed883126ec) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/06 11:31:28.0593 22536 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: 625214c4ed1c135d9c4cf1ed883126ec, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c

2011/04/06 11:31:28.0640 22536 RasAcd - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/04/06 11:31:28.0781 22536 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/04/06 11:31:28.0921 22536 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/04/06 11:31:29.0031 22536 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/04/06 11:31:29.0140 22536 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/04/06 11:31:29.0265 22536 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/04/06 11:31:29.0406 22536 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/04/06 11:31:29.0546 22536 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/04/06 11:31:29.0671 22536 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/04/06 11:31:29.0968 22536 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2011/04/06 11:31:30.0078 22536 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2011/04/06 11:31:30.0187 22536 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2011/04/06 11:31:30.0390 22536 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys

2011/04/06 11:31:30.0562 22536 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/04/06 11:31:30.0750 22536 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\WINDOWS\system32\drivers\SCDEmu.sys

2011/04/06 11:31:30.0984 22536 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/04/06 11:31:31.0140 22536 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys

2011/04/06 11:31:31.0265 22536 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/04/06 11:31:31.0468 22536 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/04/06 11:31:31.0578 22536 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/04/06 11:31:31.0968 22536 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/04/06 11:31:32.0281 22536 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/04/06 11:31:32.0390 22536 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/04/06 11:31:32.0625 22536 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/04/06 11:31:32.0750 22536 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/04/06 11:31:32.0984 22536 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys

2011/04/06 11:31:32.0984 22536 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329

2011/04/06 11:31:33.0015 22536 sptd - detected Locked file (1)

2011/04/06 11:31:33.0281 22536 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/04/06 11:31:33.0437 22536 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/04/06 11:31:33.0625 22536 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys

2011/04/06 11:31:33.0828 22536 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/04/06 11:31:33.0921 22536 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/04/06 11:31:34.0031 22536 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/04/06 11:31:34.0187 22536 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/04/06 11:31:34.0296 22536 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/04/06 11:31:34.0437 22536 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/04/06 11:31:34.0546 22536 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/04/06 11:31:34.0703 22536 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/04/06 11:31:34.0843 22536 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/04/06 11:31:35.0140 22536 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/04/06 11:31:35.0234 22536 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/04/06 11:31:35.0359 22536 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/04/06 11:31:35.0484 22536 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/04/06 11:31:35.0734 22536 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys

2011/04/06 11:31:35.0875 22536 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/04/06 11:31:36.0078 22536 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/04/06 11:31:36.0203 22536 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/04/06 11:31:36.0343 22536 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/04/06 11:31:36.0625 22536 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/04/06 11:31:36.0781 22536 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/04/06 11:31:36.0875 22536 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/04/06 11:31:37.0000 22536 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys

2011/04/06 11:31:37.0109 22536 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/04/06 11:31:37.0265 22536 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/04/06 11:31:37.0359 22536 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/04/06 11:31:37.0468 22536 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/04/06 11:31:37.0562 22536 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/04/06 11:31:37.0656 22536 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/04/06 11:31:37.0812 22536 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/04/06 11:31:37.0937 22536 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/04/06 11:31:38.0046 22536 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/04/06 11:31:38.0296 22536 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys

2011/04/06 11:31:38.0593 22536 VX6000 (23c729c7c2465c901f52979b0a43e0e4) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys

2011/04/06 11:31:38.0953 22536 w39n51 (95c7421f8bafc85ba09d33364058937d) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2011/04/06 11:31:39.0218 22536 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/04/06 11:31:39.0546 22536 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/04/06 11:31:39.0703 22536 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

2011/04/06 11:31:40.0156 22536 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/04/06 11:31:40.0515 22536 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/04/06 11:31:40.0656 22536 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/04/06 11:31:40.0765 22536 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/04/06 11:31:41.0343 22536 ================================================================================

2011/04/06 11:31:41.0343 22536 Scan finished

2011/04/06 11:31:41.0343 22536 ================================================================================

2011/04/06 11:31:41.0437 23160 Detected object count: 2

2011/04/06 11:33:28.0750 23160 RasAcd (625214c4ed1c135d9c4cf1ed883126ec) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/06 11:33:28.0750 23160 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: 625214c4ed1c135d9c4cf1ed883126ec, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c

2011/04/06 11:33:29.0187 23160 Backup copy found, using it..

2011/04/06 11:33:29.0203 23160 C:\WINDOWS\system32\DRIVERS\rasacd.sys - will be cured after reboot

2011/04/06 11:33:29.0203 23160 Rootkit.Win32.TDSS.tdl3(RasAcd) - User select action: Cure

2011/04/06 11:33:29.0203 23160 Locked file(sptd) - User select action: Skip

2011/04/06 11:33:33.0703 24160 Deinitialize success

Link to post
Share on other sites

Hi, luckily that did the trick. :) Now lets see what else is hiding there.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Ok, here are the results of the Combofix scan:

ComboFix 11-04-06.01 - Georgian 04/06/2011 22:07:12.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.239 [GMT -5:00]

Running from: c:\documents and settings\Georgian\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Georgian Mihoc\WINDOWS

c:\documents and settings\Georgian\Application Data\Adobe\plugs

c:\documents and settings\Georgian\Application Data\Adobe\shed

c:\documents and settings\Georgian\Local Settings\Application Data\{E071509B-338C-4CCB-A354-51833B3E6E40}

c:\documents and settings\Georgian\Local Settings\Application Data\{E071509B-338C-4CCB-A354-51833B3E6E40}\chrome.manifest

c:\documents and settings\Georgian\Local Settings\Application Data\{E071509B-338C-4CCB-A354-51833B3E6E40}\chrome\content\_cfg.js

c:\documents and settings\Georgian\Local Settings\Application Data\{E071509B-338C-4CCB-A354-51833B3E6E40}\chrome\content\overlay.xul

c:\documents and settings\Georgian\Local Settings\Application Data\{E071509B-338C-4CCB-A354-51833B3E6E40}\install.rdf

c:\program files\Mozilla Firefox\extensions\{C55C5EBE-95CA-4924-8C6F-7638DFD13B59}

c:\program files\Mozilla Firefox\extensions\{C55C5EBE-95CA-4924-8C6F-7638DFD13B59}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{C55C5EBE-95CA-4924-8C6F-7638DFD13B59}\chrome\content\overlay.xul

c:\program files\Mozilla Firefox\extensions\{C55C5EBE-95CA-4924-8C6F-7638DFD13B59}\install.rdf

c:\program files\Mozilla Firefox\extensions\{EDDD0854-0552-4E6D-8EE3-3902E699825A}

c:\program files\Mozilla Firefox\extensions\{EDDD0854-0552-4E6D-8EE3-3902E699825A}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{EDDD0854-0552-4E6D-8EE3-3902E699825A}\chrome\content\overlay.xul

c:\program files\Mozilla Firefox\extensions\{EDDD0854-0552-4E6D-8EE3-3902E699825A}\install.rdf

c:\windows\favicon.ico

c:\windows\kbdmorsh.dll

c:\windows\system32\spool\prtprocs\w32x86\x55m5g.dll

c:\windows\system32\spool\prtprocs\w32x86\x79e1793.dll

c:\windows\uzipuwowoh.dll

c:\windows\w32dasm8.ini

.

.

((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))

.

.

2011-04-04 04:04 . 2011-04-04 04:04 -------- d-----w- c:\program files\RegTweaker

2011-04-03 11:48 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-03 11:48 . 2011-04-03 11:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-03 11:48 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-03 11:35 . 2011-04-03 11:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\SiteAdvisor

2011-04-03 11:35 . 2011-04-03 11:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-04-03 04:30 . 2011-04-03 04:30 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-04-03 04:17 . 2011-04-03 04:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-03-31 00:10 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll

2011-03-31 00:08 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll

2011-03-31 00:02 . 2011-03-31 00:02 -------- d-----w- c:\windows\system32\RsFx

2011-03-30 22:41 . 2011-03-30 22:41 -------- d-----w- c:\program files\Microsoft Sync Framework

2011-03-30 22:40 . 2011-03-30 22:40 -------- d-----w- c:\program files\Microsoft Synchronization Services

2011-03-30 22:39 . 2011-03-30 22:39 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-03-30 22:28 . 2011-03-30 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions

2011-03-30 21:41 . 2011-03-30 21:41 -------- d-----w- c:\program files\Microsoft ASP.NET

2011-03-30 21:39 . 2011-03-30 21:39 -------- d-----w- c:\program files\IIS

2011-03-30 20:40 . 2011-03-30 20:40 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll

2011-03-30 20:38 . 2011-03-31 00:43 2478272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-03-30 19:11 . 2011-03-30 19:11 -------- d-----w- c:\windows\symbols

2011-03-30 19:08 . 2011-03-30 22:43 -------- d-----w- c:\program files\Microsoft SDKs

2011-03-30 19:08 . 2011-03-30 19:39 -------- d-----w- c:\program files\Microsoft F#

2011-03-30 19:08 . 2011-03-30 19:36 -------- d-----w- c:\program files\Common Files\Merge Modules

2011-03-30 19:08 . 2011-03-30 19:20 -------- d-----w- c:\program files\HTML Help Workshop

2011-03-30 19:07 . 2011-03-30 22:28 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2011-03-30 19:07 . 2011-03-30 19:07 -------- d-----w- c:\program files\Microsoft Help Viewer

2011-03-30 18:47 . 2011-03-30 18:47 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0

2011-03-29 10:33 . 2011-04-06 18:33 0 ----a-w- c:\windows\Okifumoyesicog.bin

2011-03-28 21:01 . 2011-03-28 21:01 -------- d-----w- C:\found.000

2011-03-28 20:12 . 2011-03-28 20:12 -------- d-----w- C:\spoolerlogs

2011-03-22 06:04 . 2011-03-22 06:04 -------- d-----w- c:\documents and settings\Georgian\Local Settings\Application Data\Innovative Solutions

2011-03-22 06:04 . 2011-03-22 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions

2011-03-22 06:03 . 2011-03-22 06:03 -------- d-----w- c:\program files\Innovative Solutions

2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

2011-03-09 19:43 . 2011-03-09 19:43 -------- d-----w- c:\program files\iPod

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-06 16:35 . 2005-08-16 10:18 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys

2011-02-18 22:36 . 2008-09-11 20:19 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-18 22:36 . 2007-06-29 21:52 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-02-04 23:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 23:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2005-08-16 10:18 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-07 12:28 . 2007-07-20 06:02 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2010-10-14 03:28 . 2010-04-17 12:45 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2009-04-02 18:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}]

2011-03-29 15:01 243200 ----a-w- c:\program files\RegTweaker\key.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2011-02-15 9224104]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-03 13529088]

"nwiz"="nwiz.exe" [2008-07-03 1630208]

"NVHotkey"="nvHotkey.dll" [2008-07-03 86016]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-09-08 1036288]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"NvMediaCenter"="NvMCTray.dll" [2008-07-03 86016]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]

"VX6000"="c:\windows\vVX6000.exe" [2008-08-04 713744]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-07 30192]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-01-06 274608]

"NoteBurner"="c:\program files\NoteBurner\VTBurnerGUI.exe" [2008-12-02 5668864]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

AutoDownload.lnk - c:\windows\Installer\{A0977D70-0F88-41E1-B1EA-AABEA2DC412C}\_90E83B48746B9EB0D90EE6.exe [2010-5-27 766]

Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-5-18 1835069]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk

backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Georgian Mihoc^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]

path=c:\documents and settings\Georgian Mihoc\Start Menu\Programs\Startup\GameSpot Download Manager.lnk

backup=c:\windows\pss\GameSpot Download Manager.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Georgian Mihoc^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]

path=c:\documents and settings\Georgian Mihoc\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk

backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

2007-09-18 14:16 171464 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-10-07 12:28 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GuideMenu]

2007-08-07 22:01 1282048 -c--a-w- c:\program files\Corel\Corel GuideMenu\GuideMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 08:24 20480 ----a-w- c:\program files\NetWaiting\netwaiting.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2006-10-18 17:50 20058152 ----a-w- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-06-24 09:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

2008-08-28 15:18 3660848 -c--a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"c:\\Documents and Settings\\Georgian Mihoc\\My Documents\\Azureus Downloads\\Diskeeper 2008\\AppLauncher.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=

"c:\\Program Files\\Apprentice\\Appr.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield 1942 Secret Weapons of WWII Demo\\BF1942.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [1/10/2011 3:07 PM 13440]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/2/2007 5:25 PM 685816]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/17/2010 7:45 AM 84072]

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/24/2009 9:15 PM 464264]

R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [11/24/2009 9:16 PM 234888]

R2 DNADownloader;DNADownloader;c:\program files\GameSpot\DownloadManager_Win32.exe [5/9/2007 11:48 AM 700416]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/8/2009 9:29 PM 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/17/2010 7:44 AM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/17/2010 7:44 AM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/17/2010 7:45 AM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/17/2010 7:45 AM 141792]

R2 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [9/14/2007 7:59 PM 708176]

R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [10/12/2009 11:33 AM 46824]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/17/2010 7:45 AM 55840]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/17/2010 7:45 AM 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/17/2010 7:45 AM 88544]

S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 10:19 AM 135664]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/4/2006 12:09 AM 30192]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/17/2010 7:45 AM 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/17/2010 7:45 AM 84264]

S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [12/8/2009 9:24 PM 48128]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2/19/2009 10:52 PM 2077840]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 10:08 PM 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mchInjDrv

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-04-07 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 18:43]

.

2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 15:19]

.

2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 15:19]

.

2009-02-20 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job

- c:\program files\Microsoft LifeCam\LifeExp.exe [2008-08-04 22:22]

.

2009-02-20 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX6000_exe.job

- c:\windows\vVX6000.exe [2009-02-20 22:22]

.

2011-04-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3431434204-4011520236-1556351287-1015.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

2011-04-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3431434204-4011520236-1556351287-1015.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.com/xp/ScanFilexp.CAB

DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab

FF - ProfilePath - c:\documents and settings\Georgian\Application Data\Mozilla\Firefox\Profiles\9d4gnxkm.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

FF - Ext: SwitchProxy Tool: {27A2FD41-CB23-4518-AB5C-C25BAFFDE531} - %profile%\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Georgian\Application Data\Move Networks

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-DriverMax_RESTART - (no file)

HKCU-Run-Hbodijehulal - c:\windows\kbdmorsh.dll

HKLM-Run-PWRISOVM.EXE - f:\fd\PowerISO\PWRISOVM.EXE

HKLM-Run-Ypolovaxes - c:\windows\uzipuwowoh.dll

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - f:\torrents\Super AntiSpyware\SASSEH.DLL

Notify-!SASWinLogon - f:\torrents\Super AntiSpyware\SASWINLO.dll

SafeBoot-klmdb.sys

MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

AddRemove-Activision_StarTrekArmadaUninstallKey - f:\videog~1\STARTR~2\UNINST~1\UNINST~1.EXE

AddRemove-Bejeweled Deluxe 1.862 - f:\everything else\Video Games\Bejeweled Deluxe\Bejeweled Deluxe\PopUninstall.exe

AddRemove-Insaniquarium Deluxe 1.0 - f:\everything else\Video Games\Games\Insaniquarium Deluxe\Insaniquarium Deluxe\PopUninstall.exe

AddRemove-Lula 3D - f:\fd\LULA3D~1\UNINST~1\UNWISE.EXE

AddRemove-PowerISO - f:\fd\PowerISO\uninstall.exe

AddRemove-Tomb Raider: Legend - f:\tomb raider - legend\uninsttrl.exe

AddRemove-{10B75CF6-5A54-4D7B-9169-70AD17181DE1}_is1 - f:\everything else\FD\Oxin's Style!\3D Sexvilla 2\Binaries\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-06 23:34

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\docume~1\Georgian\LOCALS~1\Temp\ArmUI.ini 148526 bytes

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{22E3F53D-703A-D98E-E06D-0A2D7F4F6277}\InProcServer32*]

"eamdioikoo"=hex:69,61,63,68,61,70,64,66,63,6e,62,6f,6c,65,6c,6f,65,66,00,00

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(4512)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\Protexis\License Service\PSIService.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Spyware Doctor\swdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\rundll32.exe

c:\program files\Spyware Doctor\SDTrayApp.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\windows\system32\rundll32.exe

c:\windows\eHome\ehmsas.exe

c:\windows\stsystra.exe

c:\windows\system32\RunDLL32.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\COL Player\AutoDownload.exe

.

**************************************************************************

.

Completion time: 2011-04-07 00:00:13 - machine was rebooted

ComboFix-quarantined-files.txt 2011-04-07 04:59

ComboFix2.txt 2009-04-16 21:50

.

Pre-Run: 1,796,186,112 bytes free

Post-Run: 2,851,758,080 bytes free

.

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - 3C4D55FF7DCDD948B948D07DF5D23AFA

Link to post
Share on other sites

Hi, thats looking quite good now! How are things running at your end? Any problem left?

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


File::
c:\windows\Okifumoyesicog.bin

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

Everything seems to be a lot better. Honestly, I don't think there's anything left that's acting up anymore :)

But, I did the scans anyways just in case.

The results for the first, the combofix one, are as follows:

ComboFix 11-04-08.01 - Georgian 04/08/2011 16:13:39.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.344 [GMT -5:00]

Running from: c:\documents and settings\Georgian\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Georgian\Desktop\CFScript.txt

AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 Premier Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system\VI30AUT.DLL

.

.

((((((((((((((((((((((((( Files Created from 2011-03-08 to 2011-04-08 )))))))))))))))))))))))))))))))

.

.

2011-04-08 18:30 . 2011-04-08 18:30 -------- d-----w- c:\windows\LastGood

2011-04-08 18:29 . 2011-04-08 18:29 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-04-08 18:29 . 2011-04-08 18:29 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-04-08 18:29 . 2011-04-08 18:29 -------- d-----w- c:\program files\Symantec

2011-04-08 18:27 . 2011-04-08 18:27 -------- d-----w- c:\windows\system32\drivers\N360

2011-04-08 18:27 . 2011-04-08 18:27 -------- d-----w- c:\program files\Norton 360 Premier Edition

2011-04-08 18:27 . 2011-04-08 18:27 -------- d-----w- c:\program files\Windows Sidebar

2011-04-08 17:35 . 2011-04-08 17:35 -------- d-----w- c:\program files\NortonInstaller

2011-04-08 17:31 . 2011-04-08 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2011-04-07 23:37 . 2011-04-07 23:37 4096 ----a-w- c:\windows\system32\isftrm.sys

2011-04-07 23:35 . 2011-04-07 23:35 -------- d-----w- c:\program files\ZeroWave

2011-04-04 04:04 . 2011-04-04 04:04 -------- d-----w- c:\program files\RegTweaker

2011-04-03 11:48 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-03 11:48 . 2011-04-03 11:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-03 11:48 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-03 11:35 . 2011-04-03 11:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\SiteAdvisor

2011-04-03 11:35 . 2011-04-03 11:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-04-03 04:30 . 2011-04-03 04:30 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-04-03 04:17 . 2011-04-03 04:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-03-31 00:10 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll

2011-03-31 00:08 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll

2011-03-31 00:02 . 2011-03-31 00:02 -------- d-----w- c:\windows\system32\RsFx

2011-03-30 22:41 . 2011-03-30 22:41 -------- d-----w- c:\program files\Microsoft Sync Framework

2011-03-30 22:40 . 2011-03-30 22:40 -------- d-----w- c:\program files\Microsoft Synchronization Services

2011-03-30 22:39 . 2011-03-30 22:39 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-03-30 22:28 . 2011-03-30 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions

2011-03-30 21:41 . 2011-03-30 21:41 -------- d-----w- c:\program files\Microsoft ASP.NET

2011-03-30 21:39 . 2011-03-30 21:39 -------- d-----w- c:\program files\IIS

2011-03-30 20:40 . 2011-03-30 20:40 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll

2011-03-30 20:38 . 2011-03-31 00:43 2478272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-03-30 19:11 . 2011-03-30 19:11 -------- d-----w- c:\windows\symbols

2011-03-30 19:08 . 2011-03-30 22:43 -------- d-----w- c:\program files\Microsoft SDKs

2011-03-30 19:08 . 2011-03-30 19:39 -------- d-----w- c:\program files\Microsoft F#

2011-03-30 19:08 . 2011-03-30 19:36 -------- d-----w- c:\program files\Common Files\Merge Modules

2011-03-30 19:08 . 2011-03-30 19:20 -------- d-----w- c:\program files\HTML Help Workshop

2011-03-30 19:07 . 2011-03-30 22:28 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2011-03-30 19:07 . 2011-03-30 19:07 -------- d-----w- c:\program files\Microsoft Help Viewer

2011-03-30 18:47 . 2011-03-30 18:47 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0

2011-03-29 10:33 . 2011-04-06 18:33 0 ----a-w- c:\windows\Okifumoyesicog.bin

2011-03-28 21:01 . 2011-03-28 21:01 -------- d-----w- C:\found.000

2011-03-28 20:12 . 2011-03-28 20:12 -------- d-----w- C:\spoolerlogs

2011-03-22 06:04 . 2011-03-22 06:04 -------- d-----w- c:\documents and settings\Georgian\Local Settings\Application Data\Innovative Solutions

2011-03-22 06:04 . 2011-03-22 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions

2011-03-22 06:03 . 2011-03-22 06:03 -------- d-----w- c:\program files\Innovative Solutions

2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-06 16:35 . 2005-08-16 10:18 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys

2011-02-18 22:36 . 2008-09-11 20:19 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-18 22:36 . 2007-06-29 21:52 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-02-04 23:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 23:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2005-08-16 10:18 439296 ----a-w- c:\windows\system32\shimgvw.dll

2010-10-07 12:28 . 2007-07-20 06:02 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2009-04-02 18:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}]

2011-03-29 15:01 243200 ----a-w- c:\program files\RegTweaker\key.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2011-02-15 9224104]

"Norton Download Manager{N360P_prod_1.6.18_5.0.2.1}"="c:\documents and settings\All Users\Documents\Norton\{N360P_prod_1.6.18_5.0.2.1}\N360Downloader.exe" [2011-04-08 397896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-03 13529088]

"nwiz"="nwiz.exe" [2008-07-03 1630208]

"NVHotkey"="nvHotkey.dll" [2008-07-03 86016]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-09-08 1036288]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"NvMediaCenter"="NvMCTray.dll" [2008-07-03 86016]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]

"VX6000"="c:\windows\vVX6000.exe" [2008-08-04 713744]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-07 30192]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-01-06 274608]

"NoteBurner"="c:\program files\NoteBurner\VTBurnerGUI.exe" [2008-12-02 5668864]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoDownload.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoDownload.lnk

backup=c:\windows\pss\AutoDownload.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk

backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Georgian Mihoc^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]

path=c:\documents and settings\Georgian Mihoc\Start Menu\Programs\Startup\GameSpot Download Manager.lnk

backup=c:\windows\pss\GameSpot Download Manager.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Georgian Mihoc^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]

path=c:\documents and settings\Georgian Mihoc\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk

backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

2007-09-18 14:16 171464 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-10-07 12:28 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GuideMenu]

2007-08-07 22:01 1282048 -c--a-w- c:\program files\Corel\Corel GuideMenu\GuideMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 08:24 20480 ----a-w- c:\program files\NetWaiting\netwaiting.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2006-10-18 17:50 20058152 ----a-w- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-06-24 09:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

2008-08-28 15:18 3660848 -c--a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"c:\\Documents and Settings\\Georgian Mihoc\\My Documents\\Azureus Downloads\\Diskeeper 2008\\AppLauncher.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=

"c:\\Program Files\\Apprentice\\Appr.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield 1942 Secret Weapons of WWII Demo\\BF1942.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [1/10/2011 3:07 PM 13440]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/2/2007 5:25 PM 685816]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0500020.001\SymDS.sys [4/8/2011 1:28 PM 340016]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0500020.001\SymEFA.sys [4/8/2011 1:28 PM 652336]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [2/25/2011 4:59 PM 800376]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0500020.001\Ironx86.sys [4/8/2011 1:28 PM 136312]

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/24/2009 9:15 PM 464264]

R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [11/24/2009 9:16 PM 234888]

R2 DNADownloader;DNADownloader;c:\program files\GameSpot\DownloadManager_Win32.exe [5/9/2007 11:48 AM 700416]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/8/2009 9:29 PM 88176]

R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\5.0.2.1\ccSvcHst.exe [4/8/2011 1:27 PM 130000]

R2 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [9/14/2007 7:59 PM 708176]

R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [10/12/2009 11:33 AM 46824]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110407.001\IDSXpx86.sys [4/8/2011 2:35 PM 341944]

S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys --> c:\windows\system32\drivers\mfetdi2k.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 10:19 AM 135664]

S2 mfevtp;McAfee Validation Trust Protection Service;"c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe" --> c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [?]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/4/2006 12:09 AM 30192]

S3 isftrm;isftrm;c:\windows\system32\isftrm.sys [4/7/2011 6:37 PM 4096]

S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [12/8/2009 9:24 PM 48128]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2/19/2009 10:52 PM 2077840]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 10:08 PM 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - BHDRVX86

*NewlyCreated* - ERASERUTILDRVI10

*NewlyCreated* - IDSXPX86

*NewlyCreated* - N360

*NewlyCreated* - NAVENG

*NewlyCreated* - NAVEX15

*NewlyCreated* - SRTSP

*NewlyCreated* - SRTSPX

*NewlyCreated* - SYMDS

*NewlyCreated* - SYMEFA

*NewlyCreated* - SYMIRON

*Deregistered* - EraserUtilDrvI10

*Deregistered* - mchInjDrv

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-04-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 18:43]

.

2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 15:19]

.

2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 15:19]

.

2009-02-20 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job

- c:\program files\Microsoft LifeCam\LifeExp.exe [2008-08-04 22:22]

.

2009-02-20 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX6000_exe.job

- c:\windows\vVX6000.exe [2009-02-20 22:22]

.

2011-04-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3431434204-4011520236-1556351287-1015.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

2011-04-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3431434204-4011520236-1556351287-1015.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.com/xp/ScanFilexp.CAB

DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab

FF - ProfilePath - c:\documents and settings\Georgian\Application Data\Mozilla\Firefox\Profiles\9d4gnxkm.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

FF - Ext: SwitchProxy Tool: {27A2FD41-CB23-4518-AB5C-C25BAFFDE531} - %profile%\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Georgian\Application Data\Move Networks

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-08 16:46

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]

"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\5.0.2.1\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\5.0.2.1\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{22E3F53D-703A-D98E-E06D-0A2D7F4F6277}\InProcServer32*]

"eamdioikoo"=hex:69,61,63,68,61,70,64,66,63,6e,62,6f,6c,65,6c,6f,65,66,00,00

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3444)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\msi.dll

.

Completion time: 2011-04-08 16:59:29

ComboFix-quarantined-files.txt 2011-04-08 21:59

ComboFix2.txt 2011-04-07 05:00

ComboFix3.txt 2009-04-16 21:50

.

Pre-Run: 5,557,940,224 bytes free

Post-Run: 5,523,181,568 bytes free

.

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - B0584A9F95CFBD6887C9F4D7993DAC25

--------------------------------------------------------------------------------------------------------------

As for the Malwarebytes scan, here you go:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6315

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/9/2011 12:13:13 AM

mbam-log-2011-04-09 (00-13-13).txt

Scan type: Full scan (C:\|)

Objects scanned: 469300

Time elapsed: 3 hour(s), 49 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Georgian\Local Settings\Application Data\lrd.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Qoobox\quarantine\C\WINDOWS\kbdmorsh.dll.vir (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\WINDOWS\uzipuwowoh.dll.vir (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\x55m5g.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\x79e1793.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.