Behemoth Posted June 8, 2011 ID:438579 Share Posted June 8, 2011 I have run malwarebytes many times and it appears to run clean now but I have the anti-malware pop up for blocking potentially malicious sites. Also windows update does not work, PUD and a fakeav continue to be found after a previous clean run. It has just ran a clean scan but if I start IE i am sure I will find something in a scan after.DDS log.DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by test at 9:33:00 on 2011-06-08Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.78 [GMT -7:00].AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\stsystra.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\NetWaiting\netWaiting.exeC:\Program Files\DellSupport\DSAgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\FinePixViewer\QuickDCF2.exeC:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Documents and Settings\test\Desktop\Defogger.exe.============== Pseudo HJT Report ===============.uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=usBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dllTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dlluRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exeuRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startupuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [sigmatelSysTrayApp] stsystra.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -DelaymRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startupmRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstallmRun: [vptray] c:\program files\symantec_client_security\symantec antivirus\vptray.exemRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"mRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [NWEReboot] mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Dgohaxeqetal] rundll32.exe "c:\windows\exomizih.dll",StartupmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraydRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exeIE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlIE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlIE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.htmlIE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlIE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cabDPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabDPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cabDPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cabTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{BC2B3D50-9F13-401E-803D-B64C9AC912A6} : DhcpNameServer = 209.18.47.61 209.18.47.62Notify: AtiExtEvent - Ati2evxx.dllNotify: itlnfw32 - itlnfw32.dllNotify: itlntfy - itlnfw32.dllNotify: NavLogon - c:\windows\system32\NavLogon.dll.============= SERVICES / DRIVERS ===============.R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-25 366640]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2004-3-4 30208]R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2004-11-13 688250]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-14 24652]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-25 22712]R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2004-3-4 226304]R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-25 39984]S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2005-8-16 14336]S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVENG.sys [2010-10-22 86064]S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVEX15.sys [2010-10-22 1371184].=============== Created Last 30 ================.2011-06-02 01:35:27 -------- d-----w- c:\documents and settings\test\local settings\application data\Adobe2011-06-01 04:04:07 81920 ------w- c:\windows\system32\ieencode.dll2011-06-01 04:01:58 19569 ----a-w- c:\windows\000002_.tmp2011-06-01 03:17:57 -------- d-----w- C:\sp32011-06-01 03:16:23 -------- d-----w- c:\documents and settings\test\application data\Canon Easy-WebPrint EX2011-06-01 03:15:50 -------- d-----w- c:\documents and settings\test\local settings\application data\KodakGallery2011-06-01 03:14:17 -------- d-----w- c:\documents and settings\test\local settings\application data\Toshiba2011-06-01 03:13:50 -------- d-----w- c:\documents and settings\test\local settings\application data\{08D419B6-7634-477A-A8B1-0639711F61E2}2011-06-01 03:13:40 -------- d-----w- c:\documents and settings\test\local settings\application data\Symantec2011-05-31 02:57:52 -------- d-----w- c:\documents and settings\test\application data\Malwarebytes2011-05-31 00:01:33 -------- d-sh--w- c:\documents and settings\test\IECompatCache2011-05-31 00:00:42 -------- d-sh--w- c:\documents and settings\test\PrivacIE2011-05-31 00:00:07 -------- d-sh--w- c:\documents and settings\test\IETldCache2011-05-29 21:03:53 -------- d--h--w- c:\windows\msdownld.tmp2011-05-29 20:53:29 -------- dc-h--w- c:\windows\ie82011-05-26 01:27:41 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-26 01:27:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-05-26 01:27:36 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-26 01:27:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-05-15 18:53:56 0 ----a-w- c:\windows\Hbudahaqevemited.bin.==================== Find3M ====================.2011-05-26 01:13:47 90112 ----a-w- c:\windows\DUMP5f56.tmp2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll2011-04-06 23:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe.=================== ROOTKIT ====================.Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 5.1.2600 Disk: ST9320320AS rev.0303 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 .device: opened successfullyuser: MBR read successfully.Disk trace:called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x874E36F0]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x874e9a10]; MOV EAX, [0x874e9a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x87575AB8]3 CLASSPNP[0xF7551FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x87556960]\Driver\atapi[0x8751E270] -> IRP_MJ_CREATE -> 0x874E36F0error: Read A device attached to the system is not functioning.kernel: MBR read successfully_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x100; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSW ; JMP FAR 0x0:0x62c; }detected disk devices:detected hooks:\Driver\atapi DriverStartIo -> 0x874E353Buser & kernel MBR OK Warning: possible TDL3 rootkit infection !.============= FINISH: 9:40:01.09 =============== Link to post Share on other sites More sharing options...
Behemoth Posted June 10, 2011 Author ID:439212 Share Posted June 10, 2011 Did I post this in the wrong location any help would be appreciated with this thanks.Bill Link to post Share on other sites More sharing options...
Staff screen317 Posted June 13, 2011 Staff ID:440294 Share Posted June 13, 2011 Hi and welcome to Malwarebytes.Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here. Link to post Share on other sites More sharing options...
Behemoth Posted June 14, 2011 Author ID:440723 Share Posted June 14, 2011 Here is the log, and thank you.2011/06/13 21:05:55.0203 1264 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:482011/06/13 21:05:55.0796 1264 ================================================================================2011/06/13 21:05:55.0796 1264 SystemInfo:2011/06/13 21:05:55.0796 1264 2011/06/13 21:05:55.0796 1264 OS Version: 5.1.2600 ServicePack: 3.02011/06/13 21:05:55.0796 1264 Product type: Workstation2011/06/13 21:05:55.0796 1264 ComputerName: ROXYGIRL2011/06/13 21:05:55.0796 1264 UserName: test2011/06/13 21:05:55.0796 1264 Windows directory: C:\WINDOWS2011/06/13 21:05:55.0796 1264 System windows directory: C:\WINDOWS2011/06/13 21:05:55.0796 1264 Processor architecture: Intel x862011/06/13 21:05:55.0796 1264 Number of processors: 22011/06/13 21:05:55.0796 1264 Page size: 0x10002011/06/13 21:05:55.0796 1264 Boot type: Safe boot with network2011/06/13 21:05:55.0796 1264 ================================================================================2011/06/13 21:06:03.0734 1264 Initialize success2011/06/13 21:06:08.0140 1116 ================================================================================2011/06/13 21:06:08.0140 1116 Scan started2011/06/13 21:06:08.0140 1116 Mode: Manual; 2011/06/13 21:06:08.0140 1116 ================================================================================2011/06/13 21:06:12.0046 1116 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS2011/06/13 21:06:12.0734 1116 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys2011/06/13 21:06:13.0343 1116 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys2011/06/13 21:06:13.0875 1116 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys2011/06/13 21:06:14.0562 1116 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys2011/06/13 21:06:15.0218 1116 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys2011/06/13 21:06:15.0859 1116 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys2011/06/13 21:06:16.0546 1116 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys2011/06/13 21:06:17.0187 1116 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys2011/06/13 21:06:17.0796 1116 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys2011/06/13 21:06:18.0343 1116 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys2011/06/13 21:06:18.0921 1116 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys2011/06/13 21:06:19.0484 1116 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys2011/06/13 21:06:20.0109 1116 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys2011/06/13 21:06:21.0046 1116 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys2011/06/13 21:06:21.0593 1116 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys2011/06/13 21:06:22.0187 1116 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS2011/06/13 21:06:22.0953 1116 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys2011/06/13 21:06:23.0500 1116 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys2011/06/13 21:06:24.0031 1116 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys2011/06/13 21:06:24.0593 1116 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys2011/06/13 21:06:25.0187 1116 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys2011/06/13 21:06:25.0796 1116 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2011/06/13 21:06:26.0375 1116 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys2011/06/13 21:06:28.0109 1116 ati2mtag (bebeb471617782d138b6f92e7c3fab1c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys2011/06/13 21:06:29.0421 1116 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2011/06/13 21:06:30.0031 1116 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2011/06/13 21:06:30.0609 1116 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys2011/06/13 21:06:31.0250 1116 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2011/06/13 21:06:31.0843 1116 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys2011/06/13 21:06:32.0359 1116 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2011/06/13 21:06:32.0906 1116 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys2011/06/13 21:06:33.0453 1116 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2011/06/13 21:06:34.0156 1116 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys2011/06/13 21:06:34.0921 1116 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys2011/06/13 21:06:36.0093 1116 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys2011/06/13 21:06:36.0578 1116 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys2011/06/13 21:06:37.0187 1116 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys2011/06/13 21:06:37.0843 1116 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys2011/06/13 21:06:38.0453 1116 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys2011/06/13 21:06:39.0062 1116 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys2011/06/13 21:06:39.0781 1116 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys2011/06/13 21:06:40.0796 1116 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys2011/06/13 21:06:41.0812 1116 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys2011/06/13 21:06:42.0562 1116 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2011/06/13 21:06:43.0359 1116 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys2011/06/13 21:06:43.0937 1116 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys2011/06/13 21:06:44.0515 1116 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys2011/06/13 21:06:45.0109 1116 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys2011/06/13 21:06:45.0687 1116 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys2011/06/13 21:06:46.0000 1116 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys2011/06/13 21:06:46.0718 1116 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys2011/06/13 21:06:47.0375 1116 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys2011/06/13 21:06:48.0328 1116 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys2011/06/13 21:06:48.0984 1116 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys2011/06/13 21:06:49.0546 1116 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys2011/06/13 21:06:50.0109 1116 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys2011/06/13 21:06:50.0718 1116 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys2011/06/13 21:06:51.0343 1116 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2011/06/13 21:06:51.0937 1116 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2011/06/13 21:06:52.0640 1116 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys2011/06/13 21:06:53.0265 1116 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys2011/06/13 21:06:53.0875 1116 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys2011/06/13 21:06:54.0484 1116 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys2011/06/13 21:06:55.0078 1116 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys2011/06/13 21:06:55.0734 1116 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys2011/06/13 21:06:56.0890 1116 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys2011/06/13 21:06:58.0187 1116 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys2011/06/13 21:06:58.0953 1116 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys2011/06/13 21:06:59.0531 1116 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys2011/06/13 21:07:00.0125 1116 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2011/06/13 21:07:00.0703 1116 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys2011/06/13 21:07:01.0265 1116 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys2011/06/13 21:07:01.0859 1116 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys2011/06/13 21:07:02.0453 1116 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys2011/06/13 21:07:03.0000 1116 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys2011/06/13 21:07:03.0640 1116 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2011/06/13 21:07:04.0234 1116 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys2011/06/13 21:07:04.0906 1116 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys2011/06/13 21:07:05.0671 1116 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys2011/06/13 21:07:06.0328 1116 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys2011/06/13 21:07:06.0828 1116 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys2011/06/13 21:07:07.0468 1116 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2011/06/13 21:07:08.0015 1116 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys2011/06/13 21:07:08.0718 1116 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys2011/06/13 21:07:09.0406 1116 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys2011/06/13 21:07:10.0562 1116 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys2011/06/13 21:07:11.0171 1116 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys2011/06/13 21:07:11.0812 1116 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys2011/06/13 21:07:12.0390 1116 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2011/06/13 21:07:13.0156 1116 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys2011/06/13 21:07:13.0703 1116 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys2011/06/13 21:07:14.0250 1116 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys2011/06/13 21:07:14.0781 1116 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys2011/06/13 21:07:15.0328 1116 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys2011/06/13 21:07:15.0953 1116 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2011/06/13 21:07:16.0906 1116 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2011/06/13 21:07:17.0718 1116 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys2011/06/13 21:07:18.0265 1116 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys2011/06/13 21:07:18.0796 1116 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2011/06/13 21:07:19.0343 1116 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys2011/06/13 21:07:19.0843 1116 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2011/06/13 21:07:20.0437 1116 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys2011/06/13 21:07:20.0890 1116 NAVAP (f0f1a68f13dfefd7f079bfb799cf4f31) C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys2011/06/13 21:07:21.0187 1116 NAVAPEL (d96b7eb2f61c65be096475edb5c9fc06) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS2011/06/13 21:07:21.0453 1116 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVENG.sys2011/06/13 21:07:22.0515 1116 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVEX15.sys2011/06/13 21:07:24.0015 1116 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys2011/06/13 21:07:24.0828 1116 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2011/06/13 21:07:25.0312 1116 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2011/06/13 21:07:25.0875 1116 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2011/06/13 21:07:26.0515 1116 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys2011/06/13 21:07:27.0125 1116 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys2011/06/13 21:07:27.0812 1116 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys2011/06/13 21:07:28.0500 1116 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys2011/06/13 21:07:29.0109 1116 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys2011/06/13 21:07:29.0937 1116 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys2011/06/13 21:07:30.0859 1116 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2011/06/13 21:07:32.0406 1116 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys2011/06/13 21:07:34.0203 1116 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2011/06/13 21:07:34.0796 1116 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2011/06/13 21:07:35.0437 1116 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys2011/06/13 21:07:36.0000 1116 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys2011/06/13 21:07:36.0593 1116 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys2011/06/13 21:07:37.0156 1116 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys2011/06/13 21:07:37.0640 1116 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2011/06/13 21:07:38.0187 1116 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys2011/06/13 21:07:39.0187 1116 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2011/06/13 21:07:39.0750 1116 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys2011/06/13 21:07:42.0250 1116 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys2011/06/13 21:07:42.0765 1116 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys2011/06/13 21:07:43.0421 1116 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys2011/06/13 21:07:44.0093 1116 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys2011/06/13 21:07:44.0625 1116 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2011/06/13 21:07:45.0203 1116 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys2011/06/13 21:07:45.0781 1116 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys2011/06/13 21:07:46.0343 1116 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys2011/06/13 21:07:46.0953 1116 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys2011/06/13 21:07:47.0546 1116 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys2011/06/13 21:07:48.0093 1116 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys2011/06/13 21:07:48.0625 1116 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2011/06/13 21:07:49.0187 1116 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2011/06/13 21:07:49.0718 1116 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2011/06/13 21:07:50.0250 1116 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2011/06/13 21:07:50.0875 1116 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys2011/06/13 21:07:51.0484 1116 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2011/06/13 21:07:52.0218 1116 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys2011/06/13 21:07:53.0062 1116 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys2011/06/13 21:07:53.0750 1116 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys2011/06/13 21:07:54.0546 1116 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys2011/06/13 21:07:55.0125 1116 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys2011/06/13 21:07:55.0843 1116 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys2011/06/13 21:07:56.0500 1116 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys2011/06/13 21:07:57.0203 1116 s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys2011/06/13 21:07:57.0812 1116 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys2011/06/13 21:07:58.0421 1116 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys2011/06/13 21:07:59.0046 1116 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys2011/06/13 21:07:59.0640 1116 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys2011/06/13 21:08:00.0203 1116 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys2011/06/13 21:08:00.0718 1116 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys2011/06/13 21:08:01.0234 1116 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys2011/06/13 21:08:02.0296 1116 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys2011/06/13 21:08:02.0843 1116 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS2011/06/13 21:08:03.0375 1116 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys2011/06/13 21:08:03.0937 1116 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys2011/06/13 21:08:04.0593 1116 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys2011/06/13 21:08:05.0312 1116 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys2011/06/13 21:08:06.0000 1116 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys2011/06/13 21:08:06.0531 1116 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys2011/06/13 21:08:07.0656 1116 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys2011/06/13 21:08:08.0859 1116 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys2011/06/13 21:08:09.0406 1116 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys2011/06/13 21:08:09.0968 1116 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys2011/06/13 21:08:10.0484 1116 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys2011/06/13 21:08:10.0765 1116 SymEvent (083fe6483dc16a02af2434d04b7d7aea) C:\PROGRA~1\Symantec\SYMEVENT.SYS2011/06/13 21:08:11.0468 1116 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys2011/06/13 21:08:12.0031 1116 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys2011/06/13 21:08:12.0750 1116 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys2011/06/13 21:08:13.0500 1116 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys2011/06/13 21:08:14.0343 1116 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys2011/06/13 21:08:15.0109 1116 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys2011/06/13 21:08:15.0625 1116 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys2011/06/13 21:08:16.0171 1116 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys2011/06/13 21:08:16.0765 1116 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys2011/06/13 21:08:17.0281 1116 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys2011/06/13 21:08:17.0734 1116 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys2011/06/13 21:08:18.0296 1116 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys2011/06/13 21:08:18.0796 1116 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys2011/06/13 21:08:19.0312 1116 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys2011/06/13 21:08:19.0937 1116 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys2011/06/13 21:08:20.0484 1116 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys2011/06/13 21:08:21.0078 1116 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys2011/06/13 21:08:21.0703 1116 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys2011/06/13 21:08:22.0312 1116 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys2011/06/13 21:08:22.0843 1116 tosporte (0470bf2d5f49ff98464ac2c838e6a080) C:\WINDOWS\system32\DRIVERS\tosporte.sys2011/06/13 21:08:23.0484 1116 Tosrfbd (077869082a635e8ff2c205dc95c78775) C:\WINDOWS\system32\Drivers\tosrfbd.sys2011/06/13 21:08:24.0046 1116 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys2011/06/13 21:08:24.0781 1116 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys2011/06/13 21:08:25.0406 1116 Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys2011/06/13 21:08:25.0921 1116 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys2011/06/13 21:08:26.0515 1116 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys2011/06/13 21:08:27.0140 1116 Tosrfusb (ac2123e788230c712d0919ed0fec9ddd) C:\WINDOWS\system32\Drivers\tosrfusb.sys2011/06/13 21:08:27.0781 1116 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys2011/06/13 21:08:28.0453 1116 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys2011/06/13 21:08:29.0234 1116 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys2011/06/13 21:08:30.0609 1116 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2011/06/13 21:08:31.0171 1116 usbcm (d21cde1c635bcc5053463579eee453cf) C:\WINDOWS\system32\DRIVERS\639599.sys2011/06/13 21:08:31.0750 1116 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys2011/06/13 21:08:32.0312 1116 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys2011/06/13 21:08:32.0843 1116 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys2011/06/13 21:08:33.0484 1116 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys2011/06/13 21:08:34.0093 1116 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2011/06/13 21:08:34.0578 1116 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2011/06/13 21:08:35.0109 1116 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys2011/06/13 21:08:35.0687 1116 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys2011/06/13 21:08:36.0250 1116 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys2011/06/13 21:08:36.0781 1116 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys2011/06/13 21:08:38.0093 1116 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys2011/06/13 21:08:39.0500 1116 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys2011/06/13 21:08:41.0093 1116 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys2011/06/13 21:08:42.0093 1116 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys2011/06/13 21:08:42.0875 1116 MBR (0x1B8) (52f6032543de8eaf0f2cf8d8b493fe8e) \Device\Harddisk0\DR02011/06/13 21:08:42.0906 1116 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)2011/06/13 21:08:42.0937 1116 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR52011/06/13 21:08:42.0968 1116 ================================================================================2011/06/13 21:08:42.0968 1116 Scan finished2011/06/13 21:08:42.0968 1116 ================================================================================2011/06/13 21:08:43.0015 1356 Detected object count: 12011/06/13 21:08:43.0015 1356 Actual detected object count: 12011/06/13 21:09:15.0484 1356 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot2011/06/13 21:09:15.0484 1356 \Device\Harddisk0\DR0 - ok2011/06/13 21:09:15.0484 1356 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/06/13 21:09:28.0421 1256 Deinitialize success Link to post Share on other sites More sharing options...
Staff screen317 Posted June 17, 2011 Staff ID:442074 Share Posted June 17, 2011 Hi,Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
Behemoth Posted June 18, 2011 Author ID:442571 Share Posted June 18, 2011 heres the combo fix logComboFix 11-06-17.04 - test 06/17/2011 16:26:45.1.2 - x86Running from: c:\documents and settings\test\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datc:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datc:\documents and settings\All Users\Desktop\Malware Protection.lnkc:\documents and settings\test\Local Settings\Application Data\{08D419B6-7634-477A-A8B1-0639711F61E2}c:\documents and settings\test\Local Settings\Application Data\{08D419B6-7634-477A-A8B1-0639711F61E2}\chrome.manifestc:\documents and settings\test\Local Settings\Application Data\{08D419B6-7634-477A-A8B1-0639711F61E2}\chrome\content\_cfg.jsc:\documents and settings\test\Local Settings\Application Data\{08D419B6-7634-477A-A8B1-0639711F61E2}\chrome\content\overlay.xulc:\documents and settings\test\Local Settings\Application Data\{08D419B6-7634-477A-A8B1-0639711F61E2}\install.rdfc:\windows\exomizih.dllc:\windows\system32\Settingsc:\windows\system32\Settings\Settings.ini.----- BITS: Possible infected sites -----.hxxp://cacheInfected copy of c:\windows\system32\Version.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\version.dll ..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_6TO4-------\Legacy_ITLPERF-------\Service_6to4-------\Service_itlperf..((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))..2011-06-15 00:41 . 2011-06-15 00:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-06-14 05:36 . 2011-06-14 05:36 -------- d-----w- c:\windows\system32\XPSViewer2011-06-14 05:35 . 2011-06-14 05:35 -------- d-----w- c:\program files\MSBuild2011-06-14 05:33 . 2011-06-14 05:33 -------- d-----w- c:\program files\Reference Assemblies2011-06-14 05:30 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll2011-06-14 05:27 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll2011-06-14 05:27 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll2011-06-14 05:27 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe2011-06-14 05:27 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe2011-06-14 05:27 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll2011-06-14 05:27 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll2011-06-14 05:27 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll2011-06-14 05:27 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll2011-06-14 05:27 . 2011-06-14 05:31 -------- d-----w- C:\cb29ee19f5aa2a17b655792b2011-06-14 04:58 . 2011-02-22 23:06 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2011-06-14 04:58 . 2011-02-22 23:06 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll2011-06-14 04:58 . 2011-02-22 23:06 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll2011-06-08 13:43 . 2011-06-08 13:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe2011-06-01 04:04 . 2008-04-14 12:41 81920 ------w- c:\windows\system32\ieencode.dll2011-06-01 04:01 . 2006-12-29 07:31 19569 ----a-w- c:\windows\000002_.tmp2011-06-01 03:17 . 2011-06-01 03:18 -------- d-----w- C:\sp32011-05-30 23:59 . 2011-06-08 16:32 -------- d-----w- c:\documents and settings\test2011-05-30 19:41 . 2011-05-30 19:41 -------- d-sh--w- c:\documents and settings\Bill\IECompatCache2011-05-30 19:41 . 2011-05-30 19:41 -------- d-sh--w- c:\documents and settings\Bill\PrivacIE2011-05-30 19:41 . 2011-05-30 19:41 -------- d-----w- c:\documents and settings\Bill\Application Data\Canon Easy-WebPrint EX2011-05-30 19:39 . 2011-05-30 19:39 -------- d-sh--w- c:\documents and settings\Bill\IETldCache2011-05-30 04:03 . 2011-05-30 04:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2011-05-29 21:17 . 2011-05-29 21:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2011-05-29 21:03 . 2011-05-29 21:04 -------- d--h--w- c:\windows\msdownld.tmp2011-05-29 20:53 . 2011-05-29 21:00 -------- dc-h--w- c:\windows\ie82011-05-27 14:51 . 2011-05-27 14:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer2011-05-27 14:51 . 2011-05-27 14:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer2011-05-26 01:27 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-26 01:27 . 2011-05-26 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-05-26 01:27 . 2011-06-02 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-05-26 01:27 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-05-26 01:13 . 2006-06-21 16:27 90112 ----a-w- c:\windows\DUMP5f56.tmp2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]"vptray"="c:\program files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe" [2004-11-14 114800]"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-20 136544]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-21 24576]ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-9-18 303104]Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232].[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ \0.[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"DisableNotifications"= 1 (0x1).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009.R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/25/2011 6:27 PM 366640]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/14/2007 3:21 PM 24652]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/25/2011 6:27 PM 22712].Contents of the 'Scheduled Tasks' folder.2011-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]..------- Supplementary Scan -------.IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.htmlIE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.htmlIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.htmlIE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.htmlIE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.htmlIE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.htmlTCP: DhcpNameServer = 209.18.47.61 209.18.47.62.- - - - ORPHANS REMOVED - - - -.HKLM-Run-NWEReboot - (no file)HKLM-Run-Dgohaxeqetal - c:\windows\exomizih.dllNotify-itlntfy - itlnfw32.dll...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-06-17 16:51Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1204)c:\windows\system32\Ati2evxx.dll.- - - - - - - > 'explorer.exe'(3868)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\program files\Intel\Wireless\Bin\EvtEng.exec:\program files\Intel\Wireless\Bin\S24EvMon.exec:\program files\Bonjour\mDNSResponder.exec:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exec:\windows\eHome\ehRecvr.exec:\windows\eHome\ehSched.exec:\program files\Canon\IJPLM\IJPLMSVC.EXEc:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\Dell\QuickSet\NICCONFIGSVC.exec:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exec:\program files\Intel\Wireless\Bin\RegSrvc.exec:\windows\ehome\mcrdsvc.exec:\windows\system32\dllhost.exec:\windows\system32\Ati2evxx.exec:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exec:\windows\stsystra.exec:\windows\eHome\ehmsas.exec:\windows\system32\rundll32.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exec:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exec:\program files\iPod\bin\iPodService.exec:\program files\Common Files\Java\Java Update\jucheck.exe.**************************************************************************.Completion time: 2011-06-17 17:02:40 - machine was rebootedComboFix-quarantined-files.txt 2011-06-18 00:02.Pre-Run: 130,219,835,392 bytes freePost-Run: 134,707,437,568 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect.- - End Of File - - 8C0961ACE8DB36E37BA137ABCFF6D877quote name='screen317' timestamp='1308274745' post='442074']Hi,Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
Behemoth Posted June 18, 2011 Author ID:442604 Share Posted June 18, 2011 dds log and attach zip..DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by test at 18:03:15 on 2011-06-17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.457 [GMT -7:00].AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\stsystra.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\NetWaiting\netWaiting.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\FinePixViewer\QuickDCF2.exeC:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\WINDOWS\explorer.exe.============== Pseudo HJT Report ===============.BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dllTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileuRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exeuRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startupmRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [sigmatelSysTrayApp] stsystra.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -DelaymRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startupmRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstallmRun: [vptray] c:\program files\symantec_client_security\symantec antivirus\vptray.exemRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"mRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraydRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exeIE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlIE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlIE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.htmlIE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlIE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cabDPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabDPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cabDPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cabTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{BC2B3D50-9F13-401E-803D-B64C9AC912A6} : DhcpNameServer = 209.18.47.61 209.18.47.62Notify: AtiExtEvent - Ati2evxx.dllNotify: NavLogon - c:\windows\system32\NavLogon.dll.============= SERVICES / DRIVERS ===============.R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-25 366640]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2004-3-4 30208]R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2004-11-13 688250]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-14 24652]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-25 22712]R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2004-3-4 226304]S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVENG.sys [2010-10-22 86064]S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVEX15.sys [2010-10-22 1371184].=============== Created Last 30 ================.2011-06-17 22:12:47 -------- d-sha-r- C:\cmdcons2011-06-17 21:54:13 98816 ----a-w- c:\windows\sed.exe2011-06-17 21:54:13 518144 ----a-w- c:\windows\SWREG.exe2011-06-17 21:54:13 256512 ----a-w- c:\windows\PEV.exe2011-06-17 21:54:13 208896 ----a-w- c:\windows\MBR.exe2011-06-15 00:52:46 -------- d-----w- c:\windows\ie8updates2011-06-15 00:41:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-06-14 06:54:04 -------- d-----w- c:\documents and settings\test\local settings\application data\Apple2011-06-14 05:36:46 -------- d-----w- c:\windows\system32\XPSViewer2011-06-14 05:30:56 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll2011-06-14 05:27:57 117760 ------w- c:\windows\system32\prntvpt.dll2011-06-14 05:27:56 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll2011-06-14 05:27:56 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe2011-06-14 05:27:56 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe2011-06-14 05:27:54 575488 ------w- c:\windows\system32\xpsshhdr.dll2011-06-14 05:27:54 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll2011-06-14 05:27:50 1676288 ------w- c:\windows\system32\xpssvcs.dll2011-06-14 05:27:50 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll2011-06-14 05:27:38 -------- d-----w- C:\cb29ee19f5aa2a17b655792b2011-06-14 04:58:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll2011-06-14 04:58:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2011-06-14 04:58:15 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll2011-06-02 01:35:27 -------- d-----w- c:\documents and settings\test\local settings\application data\Adobe2011-06-01 04:04:07 81920 ------w- c:\windows\system32\ieencode.dll2011-06-01 04:01:58 19569 ----a-w- c:\windows\000002_.tmp2011-06-01 03:17:57 -------- d-----w- C:\sp32011-06-01 03:16:23 -------- d-----w- c:\documents and settings\test\application data\Canon Easy-WebPrint EX2011-06-01 03:15:50 -------- d-----w- c:\documents and settings\test\local settings\application data\KodakGallery2011-06-01 03:14:17 -------- d-----w- c:\documents and settings\test\local settings\application data\Toshiba2011-06-01 03:13:40 -------- d-----w- c:\documents and settings\test\local settings\application data\Symantec2011-05-31 02:57:52 -------- d-----w- c:\documents and settings\test\application data\Malwarebytes2011-05-31 00:01:33 -------- d-sh--w- c:\documents and settings\test\IECompatCache2011-05-31 00:00:42 -------- d-sh--w- c:\documents and settings\test\PrivacIE2011-05-31 00:00:07 -------- d-sh--w- c:\documents and settings\test\IETldCache2011-05-29 21:03:53 -------- d--h--w- c:\windows\msdownld.tmp2011-05-29 20:53:29 -------- dc-h--w- c:\windows\ie82011-05-26 01:27:41 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-26 01:27:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-05-26 01:27:36 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-26 01:27:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware.==================== Find3M ====================.2011-06-17 21:31:01 0 ----a-w- c:\windows\Hbudahaqevemited.bin2011-05-26 01:13:47 90112 ----a-w- c:\windows\DUMP5f56.tmp2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll2011-04-06 23:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe.============= FINISH: 18:04:54.79 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted June 20, 2011 Staff ID:443379 Share Posted June 20, 2011 Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerViewpoint ToolbarLet me know if you decided to uninstall it.Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
Behemoth Posted June 25, 2011 Author ID:445582 Share Posted June 25, 2011 I uninstalled the viewpoint software.Here are the logs ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6526# api_version=3.0.2# EOSSerial=ee530a408e020144928f6f953d5d4a1d# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-06-22 04:22:28# local_time=2011-06-21 09:22:28 (-0800, Pacific Daylight Time)# country="United States"# lang=9# osver=5.1.2600 NT Service Pack 3# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=104596# found=5# cleaned=5# scan_time=11025C:\Qoobox\Quarantine\C\WINDOWS\exomizih.dll.vir a variant of Win32/Kryptik.NZL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1298\A0083210.dll probably a variant of Win32/Wimpixo.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1299\A0084224.dll a variant of Win32/Koblu.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1326\A0092180.dll a variant of Win32/Kryptik.NZL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\WINDOWS\nero update\Nero-7.7.5.1_eng_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C Results of screen317's Security Check version 0.99.15 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Symantec AntiVirus Client Antivirus out of date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 21 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Java 6 Update 7 Java 2 Runtime Environment, SE v1.4.2_03 Out of date Java installed! Adobe Flash Player ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Symantec_Client_Security Symantec AntiVirus vptray.exe ``````````End of Log```````````` It seems to be running normally now though anything more?ThanksHi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerViewpoint ToolbarLet me know if you decided to uninstall it.Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted June 29, 2011 Staff ID:446783 Share Posted June 29, 2011 Hi,Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):ESET Online Scanner v3 Java™ 6 Update 21Java™ SE Runtime Environment 6 Update 1Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 7Java 2 Runtime Environment, SE v1.4.2_03Adobe Flash Player Restart your computer.Get the latest version of Java and Adobe Flash Player.Let me know what issues remain.Can you update your antivirus??-screen317 Link to post Share on other sites More sharing options...
Behemoth Posted July 10, 2011 Author ID:452050 Share Posted July 10, 2011 Thanks sorry for the delay I will give the antivurs a shot live update shows it is current. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 15, 2011 Staff ID:454128 Share Posted July 15, 2011 Great.I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE.5) Be sure to update your Antivirus and Antispyware programs often!Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?Safe surfing,-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted August 10, 2011 Staff ID:463981 Share Posted August 10, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts