Jump to content

potential rootkit in atapi.sys maybe? could use help


Recommended Posts

Hello, thank you for taking the time to review this, here are the results from the DDS.txt

I will also put together a quick synopsis of what steps I've taken to clean this machine at the end of this post for easier access for the troubleshooters.

thanks again!

*******

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by sreale at 23:07:44.97 on Thu 04/14/2011

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1408 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\sreale\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\sreale\My Documents\Downloads\dds.com

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071023

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071023

mDefault_Page_URL = hxxp://www.dell.com

mDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Shell=Explorer.exe

{083b7b03-e944-472c-b183-313057bff940}

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110414224754.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll

TB: {41E30054-B6EC-49C1-AD2E-92B00EF02825} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Twain] c:\documents and settings\sreale\application data\twain\Twain.exe

uRun: [Google Update] "c:\documents and settings\sreale\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Corel Photo Downloader] c:\program files\cvs\cvs photo editor plus\Corel Photo Downloader.exe

dRun: [CY08W456F0] c:\windows\temp\Ws1.exe

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: isqft.com\www

Trusted Zone: mcafee.com

Trusted Zone: isqft.com\www

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275532579966

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5369/mcfscan.cab

TCP: {000AEDBA-C1C2-4561-8A40-040467ECA7EC} = 10.0.0.254,10.1.10.1

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJCTMee

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\sreale\applic~1\mozilla\firefox\profiles\lqe5f8eq.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 57980

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\mozilla firefox\components\Scriptff.dll

FF - plugin: c:\documents and settings\sreale\application data\move networks\plugins\npqmp071500000347.dll

FF - plugin: c:\documents and settings\sreale\application data\move networks\plugins\npqmp071502000008.dll

FF - plugin: c:\documents and settings\sreale\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\sreale\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\sreale\application data\Move Networks

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-7 84072]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-11 14336]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-4-14 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-4-14 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-4-14 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-4-14 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-4-14 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-4-14 141792]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2009-9-17 369952]

R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\common files\safenet sentinel\sentinel security runtime\sntlsrtsrvr.exe [2009-9-17 292128]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-7 55840]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-7 152960]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-7 52104]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-7 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-7 88544]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-4-14 271480]

S2 MOBCleanup;MOBCleanup;c:\docume~1\sreale\locals~1\temp\MOBCleanup.exe [2011-4-14 203512]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-25 30192]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-4-11 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-7 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-7 84264]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-22 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-22 40552]

S4 0311531253542011mcinstcleanup;McAfee Application Installer Cleanup (0311531253542011);c:\docume~1\admini~1.lyn\locals~1\temp\031153~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1.lyn\locals~1\temp\031153~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

.

=============== Created Last 30 ================

.

2011-04-15 02:47:54 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

2011-04-15 02:47:53 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-15 02:39:09 141792 ----a-w- c:\windows\system32\mfevtps.exe

2011-04-13 04:18:00 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-04-13 04:18:00 -------- d-----w- c:\windows\system32\wbem\Repository

2011-04-13 02:34:26 -------- d-----w- c:\windows\pss

2011-04-12 16:34:24 -------- d-----w- C:\Microsoft

2011-04-12 15:25:05 118784 --sha-r- c:\windows\system32\rpcrt4M.dll

2011-04-11 15:56:25 -------- d-----w- c:\docume~1\sreale\applic~1\Outlook

2011-04-11 15:44:08 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2011-04-11 15:42:50 -------- d-----w- c:\docume~1\sreale\applic~1\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

2011-04-11 15:40:52 -------- d-----w- c:\docume~1\sreale\applic~1\HTC

2011-04-11 15:39:45 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys

2011-04-11 15:39:45 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2011-04-11 15:39:40 -------- d-----w- c:\program files\Spirent Communications

2011-04-11 15:39:15 -------- d-----w- c:\program files\HTC

2011-04-08 05:46:38 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{88a937c8-762a-4871-af34-6f4338f8ec86}\mpengine.dll

.

==================== Find3M ====================

.

2011-04-06 13:43:08 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 23:09:56.86 ===============

Ok so the steps that I took: internet security 2011 started popping up everywhere, I was able to run an update to MB scan in normal mode windows. it found some items, normally I would then boot into safe mode w/net support to run update again if necessary and then scan again, however I could not get into safe mode as I get blue screen 0x000000C5 I believe immediately after mup.sys. I feel like I've seen this before (in a previous life) on another computer and it was a rootkit on atapi.sys. I then go into normal mode again, update MB again (as it appeared to have older signatures again) and it successfully updated. (interesting note here is that I feel as though I get a popup box that says "we have to shut down MB in order to upgrade to the latest version" then some virus is present as I've only gotten that on infections.... I think, so I click no, and then get the message that it has been updated successfully. So this last attached log is one where it appears to have cleaned everything, however I still cannot get into safe mode at all and when I go to update MB it still gives me (what I appear to believe) a bogus error message stating that it must stop MB and reinstall it in order to upgrade it. Any help at all would be appreciated and also I think I saw in the output of the GMER it seemed to take note of atapi.sys. Maybe I'm just dreaming up this stuff, but I anxiously await your commands, and thanks again!

RT

attach.zip

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please rename MBAM.exe to iexplore.com and see if it will update now. If no joy, just run a Quick Scan and post its log.

Hi Chris, and thanks for the info. MB is updating, it's simply not coming up with any viruses, however I'm pretty sure that there is a rootkit virus in atapi.sys that MB is not detecting. I apologize as I only added the info about it having issues updating as additional info, but MB is updating. If you could take a look at the scans attached which seem to mention issues with atapi.sys I would appreciate it.

thanks,

Rick

Link to post
Share on other sites

  • Staff

Hi,

Thanks for the clarification. Let's look deeper.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

  • 3 weeks later...

Hi,

Thanks for the clarification. Let's look deeper.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

I ran it, it removed a rootkit in atapi.sys! then I rebooted, ran it again and it did not find any rootkits, the one problem is that I was unable to get the report to post. I did then ran a full scan of MB after updating and it appears to be good. The only concern that I have is that now when I still go to run MB, I get a MB warning that states: "is it normal to get the error message "the latest version of Malwarebytes' Anti-Malware has been downloaded. Malwarebytes' Anti-Malware will now close and install the latest version. ".... Is this normal and could it be the cause of a bad registry entry or something else that a previous virus has caused? I click cancel, then MB still runs and I can update it there. I'm hesitant to say OK to that as in the past it's affected the whole install. You think I'm in the clear or is there anything else that you would recommend. I would like to point out that I still CANNOT boot into safe mode and get a stop: 0x0000007B (0xF789E524...) error msg, but normal windows works fine. Everything I've read seems to point to registry damage due to virus to safeboot section of reg. Let me know if you think there still may be issues or that I'm in the clear or you have any other suggestions.

Thanks,

Rick

Link to post
Share on other sites

  • Staff

Hi,

You may still be infected.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  • Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Link to post
Share on other sites

  • Staff

Hi,

Grab a fresh copy of TDSSKiller, run it, and post its log (don't attach it please).

Next, please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

See logs throughout or below each one that you requested. Any issues or questions please let me know

Grab a fresh copy of TDSSKiller, run it, and post its log (don't attach it please).

****start TDSS log*******

2011/05/26 22:02:03.0006 2812 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24

2011/05/26 22:02:04.0378 2812 ================================================================================

2011/05/26 22:02:04.0378 2812 SystemInfo:

2011/05/26 22:02:04.0378 2812

2011/05/26 22:02:04.0378 2812 OS Version: 5.1.2600 ServicePack: 2.0

2011/05/26 22:02:04.0378 2812 Product type: Workstation

2011/05/26 22:02:04.0378 2812 ComputerName: LFPDT4

2011/05/26 22:02:04.0378 2812 UserName: sreale

2011/05/26 22:02:04.0378 2812 Windows directory: C:\WINDOWS

2011/05/26 22:02:04.0378 2812 System windows directory: C:\WINDOWS

2011/05/26 22:02:04.0378 2812 Processor architecture: Intel x86

2011/05/26 22:02:04.0378 2812 Number of processors: 2

2011/05/26 22:02:04.0378 2812 Page size: 0x1000

2011/05/26 22:02:04.0378 2812 Boot type: Normal boot

2011/05/26 22:02:04.0378 2812 ================================================================================

2011/05/26 22:02:05.0703 2812 Initialize success

2011/05/26 22:02:17.0662 2124 ================================================================================

2011/05/26 22:02:17.0662 2124 Scan started

2011/05/26 22:02:17.0662 2124 Mode: Manual;

2011/05/26 22:02:17.0662 2124 ================================================================================

2011/05/26 22:02:18.0738 2124 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/05/26 22:02:18.0862 2124 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/26 22:02:18.0893 2124 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/26 22:02:18.0925 2124 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/05/26 22:02:19.0065 2124 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2011/05/26 22:02:19.0127 2124 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2011/05/26 22:02:19.0314 2124 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/05/26 22:02:19.0330 2124 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/05/26 22:02:19.0392 2124 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/05/26 22:02:19.0502 2124 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/05/26 22:02:19.0626 2124 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/05/26 22:02:19.0704 2124 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/05/26 22:02:19.0782 2124 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/05/26 22:02:19.0798 2124 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/05/26 22:02:19.0829 2124 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/05/26 22:02:19.0938 2124 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/05/26 22:02:20.0032 2124 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/05/26 22:02:20.0203 2124 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/05/26 22:02:20.0281 2124 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/26 22:02:20.0312 2124 atapi (40caace7f2e7668148a1d45cf91e1131) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/26 22:02:20.0406 2124 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/26 22:02:20.0453 2124 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/26 22:02:20.0468 2124 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/26 22:02:20.0499 2124 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/05/26 22:02:20.0515 2124 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/26 22:02:20.0531 2124 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/05/26 22:02:20.0702 2124 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/26 22:02:20.0733 2124 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/26 22:02:20.0749 2124 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/26 22:02:20.0796 2124 cfwids (ecaf4a51580244fef1aa32cb984f13bf) C:\WINDOWS\system32\drivers\cfwids.sys

2011/05/26 22:02:20.0936 2124 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/05/26 22:02:20.0952 2124 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/05/26 22:02:20.0983 2124 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/05/26 22:02:21.0014 2124 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/05/26 22:02:21.0123 2124 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/26 22:02:21.0185 2124 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS

2011/05/26 22:02:21.0263 2124 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/05/26 22:02:21.0341 2124 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/05/26 22:02:21.0357 2124 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS

2011/05/26 22:02:21.0497 2124 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/05/26 22:02:21.0591 2124 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/05/26 22:02:21.0809 2124 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/05/26 22:02:21.0949 2124 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2011/05/26 22:02:21.0981 2124 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/05/26 22:02:22.0059 2124 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/05/26 22:02:22.0292 2124 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/26 22:02:22.0339 2124 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/26 22:02:22.0355 2124 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/26 22:02:22.0417 2124 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/26 22:02:22.0464 2124 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/05/26 22:02:22.0480 2124 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/26 22:02:22.0542 2124 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/05/26 22:02:22.0542 2124 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/05/26 22:02:22.0557 2124 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/05/26 22:02:22.0698 2124 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2011/05/26 22:02:22.0854 2124 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/26 22:02:22.0885 2124 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/05/26 22:02:22.0916 2124 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/26 22:02:22.0963 2124 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/05/26 22:02:23.0010 2124 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/05/26 22:02:23.0056 2124 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/26 22:02:23.0088 2124 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/26 22:02:23.0103 2124 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/26 22:02:23.0166 2124 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/05/26 22:02:23.0259 2124 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/26 22:02:23.0290 2124 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/05/26 22:02:23.0384 2124 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys

2011/05/26 22:02:23.0493 2124 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys

2011/05/26 22:02:23.0586 2124 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/26 22:02:24.0039 2124 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/05/26 22:02:24.0070 2124 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/05/26 22:02:24.0117 2124 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/26 22:02:24.0179 2124 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys

2011/05/26 22:02:24.0226 2124 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/26 22:02:24.0382 2124 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/05/26 22:02:24.0678 2124 IntcAzAudAddService (39a817320087ef1c851d7a8f1701b3e0) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/05/26 22:02:25.0286 2124 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/05/26 22:02:25.0348 2124 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/26 22:02:25.0520 2124 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/05/26 22:02:25.0535 2124 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/26 22:02:25.0551 2124 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/26 22:02:25.0613 2124 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/26 22:02:25.0691 2124 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/26 22:02:25.0738 2124 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/26 22:02:25.0785 2124 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/26 22:02:25.0847 2124 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/26 22:02:25.0894 2124 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/05/26 22:02:25.0941 2124 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/26 22:02:25.0988 2124 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/26 22:02:26.0112 2124 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\WINDOWS\system32\drivers\mfeapfk.sys

2011/05/26 22:02:26.0190 2124 mfeavfk (693a8d924b640223974e0a88f2baf0f4) C:\WINDOWS\system32\drivers\mfeavfk.sys

2011/05/26 22:02:26.0627 2124 mfebopk (52c40d19873528bd15823c969d3ad227) C:\WINDOWS\system32\drivers\mfebopk.sys

2011/05/26 22:02:26.0767 2124 mfefirek (e37b98d49df546f4059483d49e349a53) C:\WINDOWS\system32\drivers\mfefirek.sys

2011/05/26 22:02:26.0970 2124 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\WINDOWS\system32\drivers\mfehidk.sys

2011/05/26 22:02:27.0079 2124 mfendisk (8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2011/05/26 22:02:27.0219 2124 mfendiskmp (8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2011/05/26 22:02:27.0297 2124 mferkdet (5f5313bfd1e73233885a26ab77488f6f) C:\WINDOWS\system32\drivers\mferkdet.sys

2011/05/26 22:02:27.0484 2124 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

2011/05/26 22:02:27.0671 2124 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

2011/05/26 22:02:27.0859 2124 mfetdi2k (8d1a44e1f46bcf4acfe9c701edd340e3) C:\WINDOWS\system32\drivers\mfetdi2k.sys

2011/05/26 22:02:28.0139 2124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/26 22:02:28.0233 2124 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/26 22:02:28.0326 2124 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/26 22:02:28.0373 2124 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/26 22:02:28.0420 2124 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/26 22:02:28.0498 2124 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/05/26 22:02:28.0669 2124 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/26 22:02:28.0747 2124 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/26 22:02:28.0778 2124 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/26 22:02:28.0872 2124 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/26 22:02:28.0903 2124 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/26 22:02:29.0043 2124 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/26 22:02:29.0090 2124 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/26 22:02:29.0121 2124 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/26 22:02:29.0215 2124 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/26 22:02:29.0277 2124 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/26 22:02:29.0340 2124 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/26 22:02:29.0511 2124 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/26 22:02:29.0574 2124 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/26 22:02:29.0620 2124 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/26 22:02:29.0730 2124 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/26 22:02:29.0854 2124 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/26 22:02:29.0901 2124 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/26 22:02:30.0010 2124 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2011/05/26 22:02:30.0244 2124 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/26 22:02:30.0447 2124 nv (81b2932bdd8686d70afd87fd13bc183d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/05/26 22:02:30.0774 2124 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/26 22:02:30.0883 2124 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/26 22:02:30.0946 2124 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/26 22:02:30.0992 2124 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/26 22:02:31.0102 2124 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/26 22:02:31.0164 2124 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/26 22:02:31.0226 2124 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/26 22:02:31.0257 2124 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/26 22:02:31.0647 2124 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/05/26 22:02:31.0912 2124 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/05/26 22:02:32.0006 2124 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/26 22:02:32.0053 2124 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/26 22:02:32.0084 2124 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/26 22:02:32.0131 2124 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/05/26 22:02:32.0162 2124 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/05/26 22:02:32.0209 2124 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/05/26 22:02:32.0286 2124 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/05/26 22:02:32.0364 2124 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/05/26 22:02:32.0396 2124 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/05/26 22:02:32.0505 2124 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/26 22:02:32.0536 2124 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/26 22:02:32.0598 2124 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/26 22:02:32.0676 2124 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/26 22:02:32.0754 2124 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/26 22:02:32.0848 2124 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/26 22:02:32.0879 2124 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/26 22:02:32.0926 2124 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/26 22:02:32.0973 2124 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/26 22:02:33.0035 2124 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/26 22:02:33.0144 2124 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\WINDOWS\System32\Drivers\SENTINEL.SYS

2011/05/26 22:02:33.0238 2124 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/05/26 22:02:33.0269 2124 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/05/26 22:02:33.0300 2124 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/26 22:02:33.0393 2124 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/05/26 22:02:33.0643 2124 SNTNLUSB (ce724fc3ef8468bbab146ca1793c66dc) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS

2011/05/26 22:02:33.0986 2124 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/05/26 22:02:34.0064 2124 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/26 22:02:34.0251 2124 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/26 22:02:34.0500 2124 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/26 22:02:34.0563 2124 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/26 22:02:34.0734 2124 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/26 22:02:34.0843 2124 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/05/26 22:02:34.0984 2124 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/05/26 22:02:35.0109 2124 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/05/26 22:02:35.0171 2124 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/05/26 22:02:35.0327 2124 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/26 22:02:35.0452 2124 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/26 22:02:35.0483 2124 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/26 22:02:35.0498 2124 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/26 22:02:35.0530 2124 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/26 22:02:35.0561 2124 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/05/26 22:02:35.0701 2124 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/26 22:02:35.0795 2124 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/05/26 22:02:36.0184 2124 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/26 22:02:36.0340 2124 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/26 22:02:36.0387 2124 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/26 22:02:36.0559 2124 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/26 22:02:36.0605 2124 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/26 22:02:36.0652 2124 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/26 22:02:36.0668 2124 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/26 22:02:36.0714 2124 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/05/26 22:02:36.0761 2124 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/05/26 22:02:36.0777 2124 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/05/26 22:02:36.0808 2124 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/26 22:02:36.0902 2124 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/26 22:02:36.0964 2124 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/05/26 22:02:37.0400 2124 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/26 22:02:37.0463 2124 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/05/26 22:02:37.0915 2124 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3

2011/05/26 22:02:37.0946 2124 ================================================================================

2011/05/26 22:02:37.0946 2124 Scan finished

2011/05/26 22:02:37.0946 2124 ================================================================================

2011/05/26 22:02:37.0946 3512 Detected object count: 0

2011/05/26 22:02:37.0946 3512 Actual detected object count: 0

****** end TDSS log********

Next, please update MBAM, run a Quick Scan, and post its log.

***** start quickscan MBAM log*********

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 6689

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

5/26/2011 10:23:37 PM

mbam-log-2011-05-26 (22-23-37).txt

Scan type: Quick scan

Objects scanned: 228356

Time elapsed: 18 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

********end quickscan MBAM log*******

When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

***** start of combofix log*******

ComboFix 11-05-26.01 - sreale 05/26/2011 22:33:15.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1208 [GMT -4:00]

Running from: c:\documents and settings\sreale\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\documents and settings\sreale\g2mdlhlpx.exe

c:\documents and settings\sreale\GoToAssistDownloadHelper.exe

c:\documents and settings\sreale\Local Settings\Temporary Internet Files\fbk.sts

C:\feed.txt

C:\Microsoft

c:\program files\Drop Down Deals

c:\program files\Drop Down Deals\YontooIEClient.dll

c:\windows\system32\eeMTCJlm.ini

c:\windows\system32\eeMTCJlm.ini2

c:\windows\system32\html

c:\windows\system32\html\calendar.html

c:\windows\system32\html\calendarbottom.html

c:\windows\system32\html\calendartop.html

c:\windows\system32\html\crystalexportdialog.htm

c:\windows\system32\html\crystalprinthost.html

c:\windows\system32\images

c:\windows\system32\images\Direction\backward.gif

c:\windows\system32\images\Direction\backward_disabled.gif

c:\windows\system32\images\Direction\down.gif

c:\windows\system32\images\Direction\end.gif

c:\windows\system32\images\Direction\end_disabled.gif

c:\windows\system32\images\Direction\fastbackward.gif

c:\windows\system32\images\Direction\fastbackward_disabled.gif

c:\windows\system32\images\Direction\fastforward.gif

c:\windows\system32\images\Direction\fastforward_disabled.gif

c:\windows\system32\images\Direction\forward.gif

c:\windows\system32\images\Direction\forward_disabled.gif

c:\windows\system32\images\Direction\goto.gif

c:\windows\system32\images\Direction\goto_disabled.gif

c:\windows\system32\images\Direction\start.gif

c:\windows\system32\images\Direction\start_disabled.gif

c:\windows\system32\images\Direction\up.gif

c:\windows\system32\images\misc\bell.gif

c:\windows\system32\images\toolbar\addallfield.gif

c:\windows\system32\images\toolbar\addallfield_over.gif

c:\windows\system32\images\toolbar\addfield.gif

c:\windows\system32\images\toolbar\addfield_over.gif

c:\windows\system32\images\toolbar\bologo.gif

c:\windows\system32\images\toolbar\calendar.gif

c:\windows\system32\images\toolbar\export.gif

c:\windows\system32\images\toolbar\export_over.gif

c:\windows\system32\images\toolbar\first.gif

c:\windows\system32\images\toolbar\first_over.gif

c:\windows\system32\images\toolbar\firstd.gif

c:\windows\system32\images\toolbar\firstresults.gif

c:\windows\system32\images\toolbar\firstresults_over.gif

c:\windows\system32\images\toolbar\gotopage.gif

c:\windows\system32\images\toolbar\gotopage_over.gif

c:\windows\system32\images\toolbar\grouptree.gif

c:\windows\system32\images\toolbar\grouptree_over.gif

c:\windows\system32\images\toolbar\grouptreepressed.gif

c:\windows\system32\images\toolbar\help.gif

c:\windows\system32\images\toolbar\help_over.gif

c:\windows\system32\images\toolbar\interact.gif

c:\windows\system32\images\toolbar\interact_over.gif

c:\windows\system32\images\toolbar\interactd.gif

c:\windows\system32\images\toolbar\last.gif

c:\windows\system32\images\toolbar\last_over.gif

c:\windows\system32\images\toolbar\lastd.gif

c:\windows\system32\images\toolbar\lastresults.gif

c:\windows\system32\images\toolbar\lastresults_over.gif

c:\windows\system32\images\toolbar\left_button.gif

c:\windows\system32\images\toolbar\mblackarrow.gif

c:\windows\system32\images\toolbar\mdownarrow.gif

c:\windows\system32\images\toolbar\mdownfield.gif

c:\windows\system32\images\toolbar\mdownfield_over.gif

c:\windows\system32\images\toolbar\middle_button.gif

c:\windows\system32\images\toolbar\mlogo.gif

c:\windows\system32\images\toolbar\mtitleimage.gif

c:\windows\system32\images\toolbar\muparrow.gif

c:\windows\system32\images\toolbar\mupfield.gif

c:\windows\system32\images\toolbar\mupfield_over.gif

c:\windows\system32\images\toolbar\next.gif

c:\windows\system32\images\toolbar\next_over.gif

c:\windows\system32\images\toolbar\nextd.gif

c:\windows\system32\images\toolbar\nextresults.gif

c:\windows\system32\images\toolbar\nextresults_over.gif

c:\windows\system32\images\toolbar\prev.gif

c:\windows\system32\images\toolbar\prev_over.gif

c:\windows\system32\images\toolbar\prevd.gif

c:\windows\system32\images\toolbar\prevresults.gif

c:\windows\system32\images\toolbar\prevresults_over.gif

c:\windows\system32\images\toolbar\print.gif

c:\windows\system32\images\toolbar\print_over.gif

c:\windows\system32\images\toolbar\refresh.gif

c:\windows\system32\images\toolbar\refresh_over.gif

c:\windows\system32\images\toolbar\refreshd.gif

c:\windows\system32\images\toolbar\removeallfield.gif

c:\windows\system32\images\toolbar\removeallfield_over.gif

c:\windows\system32\images\toolbar\removefield.gif

c:\windows\system32\images\toolbar\removefield_over.gif

c:\windows\system32\images\toolbar\right_button.gif

c:\windows\system32\images\toolbar\search.gif

c:\windows\system32\images\toolbar\search_over.gif

c:\windows\system32\images\toolbar\separator.gif

c:\windows\system32\images\toolbar\tab_fill_sel.gif

c:\windows\system32\images\toolbar\tab_fill_unsel.gif

c:\windows\system32\images\toolbar\tab_left_sel.gif

c:\windows\system32\images\toolbar\tab_left_unsel.gif

c:\windows\system32\images\toolbar\tab_right_sel.gif

c:\windows\system32\images\toolbar\tab_right_unsel.gif

c:\windows\system32\images\toolbar\up.gif

c:\windows\system32\images\toolbar\up_over.gif

c:\windows\system32\images\toolbar\upd.gif

c:\windows\system32\images\toolbar\view.gif

c:\windows\system32\images\toolbar\view_over.gif

c:\windows\system32\images\toolbar\viewpressed.gif

c:\windows\system32\images\toolbar\wizard.gif

c:\windows\system32\images\toolbar\wizard_over.gif

c:\windows\system32\images\toolbar\wizardpressed.gif

c:\windows\system32\images\tree\begindots.gif

c:\windows\system32\images\tree\beginminus.gif

c:\windows\system32\images\tree\beginplus.gif

c:\windows\system32\images\tree\blank.gif

c:\windows\system32\images\tree\blankdots.gif

c:\windows\system32\images\tree\dots.gif

c:\windows\system32\images\tree\emptybox.gif

c:\windows\system32\images\tree\lastdots.gif

c:\windows\system32\images\tree\lastminus.gif

c:\windows\system32\images\tree\lastplus.gif

c:\windows\system32\images\tree\magnify.gif

c:\windows\system32\images\tree\mdownarrow.gif

c:\windows\system32\images\tree\minubox.gif

c:\windows\system32\images\tree\minus.gif

c:\windows\system32\images\tree\minusbox.gif

c:\windows\system32\images\tree\muparrow.gif

c:\windows\system32\images\tree\plus.gif

c:\windows\system32\images\tree\plusbox.gif

c:\windows\system32\images\tree\resizebar.gif

c:\windows\system32\images\tree\singleminus.gif

c:\windows\system32\images\tree\singleplus.gif

c:\windows\system32\kdtest.dll

c:\windows\system32\tdlcmd.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))

.

.

2011-05-17 16:42 . 2011-03-13 15:42 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-12 00:43 . 2004-08-04 04:59 95872 ----a-w- c:\windows\system32\drivers\atapi.sys

2011-03-15 04:05 . 2011-04-08 05:46 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{88A937C8-762A-4871-AF34-6F4338F8EC86}\mpengine.dll

2011-03-15 04:05 . 2008-08-25 02:19 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-03-13 15:45 . 2011-04-15 02:39 148520 ----a-w- c:\windows\system32\mfevtps.exe

2011-03-13 15:20 . 2011-04-15 02:47 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-03-13 15:20 . 2010-10-14 02:28 459728 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-03-13 15:20 . 2010-10-14 02:28 118784 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-03-13 15:20 . 2010-05-07 22:59 89368 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-03-13 15:20 . 2010-05-07 22:59 85984 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-03-13 15:20 . 2010-05-07 22:59 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-03-13 15:20 . 2010-05-07 22:59 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-03-13 15:20 . 2010-05-07 22:59 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-03-13 15:20 . 2010-05-07 22:59 337912 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-03-13 15:20 . 2010-05-07 22:59 179248 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2001-12-03 21:09 . 2008-04-10 11:10 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll

2009-11-19 20:24 . 2009-11-19 20:24 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2011-04-14 18:01 . 2011-04-15 02:47 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-25 68856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-09 8429568]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-22 16132608]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-19 30192]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1306216]

"Corel Photo Downloader"="c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe" [2007-02-06 478800]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1539047505-4065823716-378861173-1108\Scripts\Logon\0\0]

"Script"=lyncologon.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1539047505-4065823716-378861173-1126\Scripts\Logon\0\0]

"Script"=lyncologon.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1539047505-4065823716-378861173-500\Scripts\Logon\0\0]

"Script"=lyncologon.bat

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/7/2010 6:59 PM 89368]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/11/2004 7:00 PM 14336]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/14/2011 10:47 PM 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/14/2011 10:47 PM 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/14/2011 10:47 PM 159832]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [4/14/2011 10:39 PM 148520]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/16/2010 2:06 PM 80896]

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [9/17/2009 2:03 AM 369952]

R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [9/17/2009 2:00 AM 292128]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/7/2010 6:59 PM 57432]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/7/2010 6:59 PM 337912]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/7/2010 6:59 PM 83688]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 10:25 AM 135664]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/14/2011 10:47 PM 214904]

S2 MOBCleanup;MOBCleanup;"c:\docume~1\sreale\LOCALS~1\Temp\MOBCleanup.exe" --> c:\docume~1\sreale\LOCALS~1\Temp\MOBCleanup.exe [?]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/25/2008 5:19 PM 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 10:25 AM 135664]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [4/11/2011 11:39 AM 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/7/2010 6:59 PM 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/7/2010 6:59 PM 85984]

S4 0311531253542011mcinstcleanup;McAfee Application Installer Cleanup (0311531253542011);c:\docume~1\ADMINI~1.LYN\LOCALS~1\Temp\031153~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1.LYN\LOCALS~1\Temp\031153~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WUAUSERV

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-27 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-25 17:00]

.

2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 14:25]

.

2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 14:25]

.

2011-05-26 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

.

.

------- Supplementary Scan -------

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071023

uSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: isqft.com\www

Trusted Zone: mcafee.com

Trusted Zone: isqft.com\www

TCP: DhcpNameServer = 10.1.10.1

TCP: Interfaces\{000AEDBA-C1C2-4561-8A40-040467ECA7EC}: NameServer = 10.0.0.254,10.1.10.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\McAfee\MSC\McSnIePl.dll

FF - ProfilePath - c:\documents and settings\sreale\Application Data\Mozilla\Firefox\Profiles\lqe5f8eq.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 57980

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{083B7B03-E944-472C-B183-313057BFF940} - (no file)

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Drop Down Deals\YontooIEClient.dll

Toolbar-{41E30054-B6EC-49C1-AD2E-92B00EF02825} - (no file)

WebBrowser-{41E30054-B6EC-49C1-AD2E-92B00EF02825} - (no file)

SafeBoot-klmdb.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-26 22:42

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3320)

c:\windows\system32\browselc.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\rundll32.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PSIService.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\RTHDCPL.EXE

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

.

**************************************************************************

.

Completion time: 2011-05-26 22:56:13 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-27 02:53

.

Pre-Run: 210,826,330,112 bytes free

Post-Run: 212,106,498,048 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 4A5DCAFF1F0EAAE3750FE87CA1C88F60

******end combofix log*********

***** start dds log *****

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by sreale at 23:00:23.98 on Thu 05/26/2011

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1450 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\mbforum\dds.com

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071023

uSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110517124204.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Corel Photo Downloader] c:\program files\cvs\cvs photo editor plus\Corel Photo Downloader.exe

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: isqft.com\www

Trusted Zone: mcafee.com

Trusted Zone: isqft.com\www

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275532579966

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5369/mcfscan.cab

TCP: {000AEDBA-C1C2-4561-8A40-040467ECA7EC} = 10.0.0.254,10.1.10.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\sreale\applic~1\mozilla\firefox\profiles\lqe5f8eq.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 57980

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\mozilla firefox\components\Scriptff.dll

FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 459728]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-7 89368]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-11 14336]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-4-14 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-4-14 214904]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-4-14 214904]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-4-14 165000]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-4-14 159832]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-4-14 148520]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2009-9-17 369952]

R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\common files\safenet sentinel\sentinel security runtime\sntlsrtsrvr.exe [2009-9-17 292128]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-7 57432]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-7 179248]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-7 59288]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-7 337912]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-7 83688]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-4-14 214904]

S2 MOBCleanup;MOBCleanup;"c:\docume~1\sreale\locals~1\temp\mobcleanup.exe" --> c:\docume~1\sreale\locals~1\temp\MOBCleanup.exe [?]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-25 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-4-11 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-7 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-7 85984]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-22 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-22 40552]

S4 0311531253542011mcinstcleanup;McAfee Application Installer Cleanup (0311531253542011);c:\docume~1\admini~1.lyn\locals~1\temp\031153~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1.lyn\locals~1\temp\031153~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

.

=============== Created Last 30 ================

.

2011-05-27 02:31:56 -------- d-sha-r- C:\cmdcons

2011-05-27 02:30:08 98816 ----a-w- c:\windows\sed.exe

2011-05-27 02:30:08 89088 ----a-w- c:\windows\MBR.exe

2011-05-27 02:30:08 256512 ----a-w- c:\windows\PEV.exe

2011-05-27 02:30:08 161792 ----a-w- c:\windows\SWREG.exe

2011-05-17 16:42:04 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll

.

==================== Find3M ====================

.

2011-05-18 15:30:57 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-04-12 15:25:05 118784 --sha-r- c:\windows\system32\rpcrt4M.dll

2011-03-13 15:45:14 148520 ----a-w- c:\windows\system32\mfevtps.exe

.

============= FINISH: 23:00:37.16 ===============

*****end dds log*********

* have also attached the dds log for your review. Let me know if you need any more information or have any recommendations.

thanks,

Rick

-screen317

ddsAttach.txt

Link to post
Share on other sites

  • Staff

Hi,

Your version of MBAM is out of date.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Update it, run a Quick Scan, and post its log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.