Jump to content

Web Search Redirects - Need Removal Help


Recommended Posts

Data:

HP Notebook running Windows XP Media Center Edition SP3

Security from MSSE v.2.0

Malwarebytes Anti-Malware v1.51 (free version run manually)

IE8

First noted suspicious activity was hijacking/redirecting of web search results

MSSE scan detected and cleaned files.

Malwarebytes Anti-Malware scan detected and cleaned more.

Rebooted, now problem became worse with access to MSSE, Malwarebytes Anti-Malware, Task Mgr all disabled and fake error pop-ups offering

bogus solutions.

Restarted in Safe Mode and re-ran all scans. Again, items detected and cleaned with both scans but restart shows I am back to having full

control/access but with web search results still being hijacked.

Looking for suggested solutions or direct assistance to remove the stubborn little buggers.

Thanks in advance.

Link to post
Share on other sites

Hello Bilenky2001 and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Thank you; I followed your instructions and this machine appears to be working properly now.

Logs posted here:

**ComboFix.txt**

ComboFix 11-07-14.05 - Michael Evans 07/15/2011 0:32.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.445 [GMT -4:00]

Running from: c:\documents and settings\Michael Evans\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Michael Evans\g2mdlhlpx.exe

c:\documents and settings\Michael Evans\Local Settings\Application Data\dbMouseClock\lanPad32.dll

c:\documents and settings\Roberta\g2mdlhlpx.exe

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\pack.epk

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-06-15 to 2011-07-15 )))))))))))))))))))))))))))))))

.

.

2011-07-15 03:50 . 2011-07-15 03:50 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{416BD341-B832-4AC2-8358-F9A2ABECE359}\MpKsl9383019e.sys

2011-07-15 03:36 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{416BD341-B832-4AC2-8358-F9A2ABECE359}\mpengine.dll

2011-07-13 10:29 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-13 10:29 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-13 02:13 . 2011-07-13 02:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2011-07-13 02:01 . 2011-07-13 02:01 -------- d-----w- c:\windows\system32\wbem\Repository

2011-07-12 02:06 . 2011-07-12 02:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-07-12 02:06 . 2011-07-12 02:06 -------- d-----w- c:\documents and settings\Administrator\IETldCache

2011-07-11 19:33 . 2011-07-11 19:33 -------- d-----w- c:\documents and settings\Michael Evans\Application Data\Malwarebytes

2011-07-11 19:32 . 2011-07-11 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-07-11 19:32 . 2011-07-15 03:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-22 19:50 . 2011-07-15 04:40 -------- d-----w- c:\documents and settings\Michael Evans\Local Settings\Application Data\dbMouseClock

2011-06-22 19:50 . 2011-06-22 19:52 -------- d-----w- c:\documents and settings\Michael Evans\Application Data\8924359

2011-06-20 02:34 . 2011-06-20 02:46 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-17 21:09 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-07 15:55 . 2011-05-06 17:10 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-06-02 14:02 . 2004-08-10 15:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-23 17:33 . 2011-05-23 17:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-02 15:31 . 2004-08-10 15:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-10 15:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2005-01-19 12:26 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2004-08-10 15:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-26 11:07 . 2004-08-10 15:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-25 16:11 . 2004-08-10 15:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-10 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-10 15:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-10 15:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-10 15:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2008-06-18 16:28 . 2007-08-27 15:27 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-06-18 16:28 . 2007-08-27 15:27 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-06-18 16:28 . 2007-08-27 15:27 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2008-06-18 16:28 . 2007-08-27 15:27 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2008-06-18 16:28 . 2007-08-27 15:27 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-07-27 1275168]

"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-07-27 110880]

"Nuance PDF Professional 6-reminder"="c:\program files\Nuance\PDF Professional 6\Ereg\Ereg.exe" [2008-11-03 54560]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-04-14 524944]

"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]

.

c:\documents and settings\Robyn Evans\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

.

R1 MpKsl9383019e;MpKsl9383019e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{416BD341-B832-4AC2-8358-F9A2ABECE359}\MpKsl9383019e.sys [7/14/2011 11:50 PM 28752]

R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [7/27/2009 2:15 AM 134944]

S1 MpKsl257695ad;MpKsl257695ad;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6B48DC8-4EFD-4974-AB20-233B350C7383}\MpKsl257695ad.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6B48DC8-4EFD-4974-AB20-233B350C7383}\MpKsl257695ad.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/13/2011 6:29 AM 41272]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 28519790

*NewlyCreated* - MPKSL9383019E

*Deregistered* - 28519790

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2009-03-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]

.

2009-03-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]

.

2011-07-15 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100

IE: Open with PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 68.87.64.150 68.87.75.198

DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxp://www.afresults.com/Reserved.ReportViewerWebControl.axd?Culture=1033&CultureOverrides=True&UICulture=1033&UICultureOverrides=True&ReportStack=1&ControlID=36f8cd6d83574f489cfb050984f831eb&Mode=true&OpType=PrintCab&Arch=X86

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-lanPad32 - c:\documents and settings\Michael Evans\Local Settings\Application Data\dbMouseClock\lanPad32.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-15 00:43

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\??????(?@???????@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

Completion time: 2011-07-15 00:46:11

ComboFix-quarantined-files.txt 2011-07-15 04:46

.

Pre-Run: 52,644,245,504 bytes free

Post-Run: 53,952,757,760 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - AE82FCE9D8E6A025CB06BCC3307DA793

=====================================================

**TDSSKiller log**

2011/07/15 00:12:29.0687 2984 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/15 00:12:30.0187 2984 ================================================================================

2011/07/15 00:12:30.0187 2984 SystemInfo:

2011/07/15 00:12:30.0187 2984

2011/07/15 00:12:30.0187 2984 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/15 00:12:30.0187 2984 Product type: Workstation

2011/07/15 00:12:30.0187 2984 ComputerName: EVANS-HPDV5000

2011/07/15 00:12:30.0187 2984 UserName: Michael Evans

2011/07/15 00:12:30.0187 2984 Windows directory: C:\WINDOWS

2011/07/15 00:12:30.0187 2984 System windows directory: C:\WINDOWS

2011/07/15 00:12:30.0187 2984 Processor architecture: Intel x86

2011/07/15 00:12:30.0187 2984 Number of processors: 2

2011/07/15 00:12:30.0187 2984 Page size: 0x1000

2011/07/15 00:12:30.0187 2984 Boot type: Normal boot

2011/07/15 00:12:30.0187 2984 ================================================================================

2011/07/15 00:12:30.0984 2984 Initialize success

2011/07/15 00:12:52.0265 1904 ================================================================================

2011/07/15 00:12:52.0265 1904 Scan started

2011/07/15 00:12:52.0265 1904 Mode: Manual;

2011/07/15 00:12:52.0265 1904 ================================================================================

2011/07/15 00:12:52.0781 1904 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/15 00:12:52.0906 1904 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/15 00:12:52.0937 1904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/07/15 00:12:53.0015 1904 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/15 00:12:53.0062 1904 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/15 00:12:53.0156 1904 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/15 00:12:53.0250 1904 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/15 00:12:53.0296 1904 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/15 00:12:53.0359 1904 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/15 00:12:53.0437 1904 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/15 00:12:53.0468 1904 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/15 00:12:53.0531 1904 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/15 00:12:53.0593 1904 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/15 00:12:53.0640 1904 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/15 00:12:53.0671 1904 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/15 00:12:53.0734 1904 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/15 00:12:53.0796 1904 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/15 00:12:53.0828 1904 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/15 00:12:53.0859 1904 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/15 00:12:53.0968 1904 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/15 00:12:54.0000 1904 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/15 00:12:54.0062 1904 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/15 00:12:54.0125 1904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/15 00:12:54.0156 1904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/15 00:12:54.0203 1904 BTWUSB (7024e11dab9410b31a37547575249dd7) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/07/15 00:12:54.0281 1904 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/15 00:12:54.0296 1904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/15 00:12:54.0328 1904 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/15 00:12:54.0375 1904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/15 00:12:54.0453 1904 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/15 00:12:54.0484 1904 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/15 00:12:54.0562 1904 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/07/15 00:12:54.0609 1904 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/15 00:12:54.0640 1904 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/07/15 00:12:54.0687 1904 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/15 00:12:54.0734 1904 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/15 00:12:54.0765 1904 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/15 00:12:54.0843 1904 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/15 00:12:54.0921 1904 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/15 00:12:54.0968 1904 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/15 00:12:55.0015 1904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/15 00:12:55.0062 1904 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/15 00:12:55.0109 1904 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/15 00:12:55.0140 1904 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/15 00:12:55.0187 1904 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/07/15 00:12:55.0234 1904 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys

2011/07/15 00:12:55.0265 1904 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys

2011/07/15 00:12:55.0359 1904 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/15 00:12:55.0421 1904 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/07/15 00:12:55.0453 1904 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/15 00:12:55.0484 1904 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/07/15 00:12:55.0578 1904 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/15 00:12:55.0640 1904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/15 00:12:55.0671 1904 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/15 00:12:55.0750 1904 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/15 00:12:55.0812 1904 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

2011/07/15 00:12:55.0875 1904 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) C:\WINDOWS\system32\drivers\CHDAud.sys

2011/07/15 00:12:55.0953 1904 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/15 00:12:56.0046 1904 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/15 00:12:56.0125 1904 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/15 00:12:56.0171 1904 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/07/15 00:12:56.0265 1904 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/07/15 00:12:56.0437 1904 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/15 00:12:56.0531 1904 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/15 00:12:56.0578 1904 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/15 00:12:56.0640 1904 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/15 00:12:56.0765 1904 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/07/15 00:12:56.0921 1904 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/07/15 00:12:56.0968 1904 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/15 00:12:57.0046 1904 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/15 00:12:57.0109 1904 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/15 00:12:57.0187 1904 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/15 00:12:57.0250 1904 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/15 00:12:57.0296 1904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/15 00:12:57.0343 1904 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/15 00:12:57.0406 1904 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/15 00:12:57.0437 1904 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/15 00:12:57.0515 1904 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/15 00:12:57.0578 1904 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/15 00:12:57.0609 1904 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/15 00:12:57.0640 1904 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/15 00:12:57.0703 1904 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/15 00:12:57.0781 1904 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/15 00:12:57.0875 1904 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011/07/15 00:12:57.0937 1904 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/07/15 00:12:58.0000 1904 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/07/15 00:12:58.0031 1904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/15 00:12:58.0109 1904 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/15 00:12:58.0140 1904 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/15 00:12:58.0203 1904 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/15 00:12:58.0281 1904 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/15 00:12:58.0328 1904 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/07/15 00:12:58.0609 1904 MpKsl9383019e (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{416BD341-B832-4AC2-8358-F9A2ABECE359}\MpKsl9383019e.sys

2011/07/15 00:12:58.0843 1904 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys

2011/07/15 00:12:58.0921 1904 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/15 00:12:59.0046 1904 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/15 00:12:59.0203 1904 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/15 00:12:59.0312 1904 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/15 00:12:59.0406 1904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/15 00:12:59.0437 1904 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/15 00:12:59.0468 1904 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/15 00:12:59.0531 1904 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/15 00:12:59.0609 1904 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/15 00:12:59.0718 1904 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/15 00:12:59.0750 1904 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/15 00:12:59.0781 1904 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/15 00:12:59.0812 1904 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/15 00:12:59.0859 1904 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/15 00:12:59.0953 1904 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/15 00:12:59.0984 1904 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/15 00:13:00.0062 1904 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/15 00:13:00.0078 1904 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/15 00:13:00.0125 1904 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/15 00:13:00.0234 1904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/15 00:13:00.0281 1904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/15 00:13:00.0312 1904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/15 00:13:00.0359 1904 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/15 00:13:00.0421 1904 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/07/15 00:13:00.0437 1904 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/15 00:13:00.0500 1904 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/15 00:13:00.0515 1904 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/15 00:13:00.0562 1904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/15 00:13:00.0593 1904 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/07/15 00:13:00.0718 1904 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/15 00:13:00.0765 1904 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/15 00:13:00.0859 1904 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/15 00:13:00.0875 1904 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/15 00:13:00.0906 1904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/15 00:13:00.0937 1904 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/15 00:13:00.0984 1904 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/15 00:13:01.0031 1904 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/15 00:13:01.0062 1904 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/15 00:13:01.0078 1904 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/15 00:13:01.0109 1904 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/15 00:13:01.0156 1904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/15 00:13:01.0234 1904 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/15 00:13:01.0265 1904 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/15 00:13:01.0281 1904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/15 00:13:01.0328 1904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/15 00:13:01.0359 1904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/15 00:13:01.0406 1904 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/15 00:13:01.0468 1904 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/15 00:13:01.0531 1904 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/15 00:13:01.0625 1904 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys

2011/07/15 00:13:01.0703 1904 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/07/15 00:13:01.0796 1904 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/07/15 00:13:01.0875 1904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/15 00:13:01.0937 1904 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/07/15 00:13:02.0046 1904 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/15 00:13:02.0140 1904 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/15 00:13:02.0203 1904 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/15 00:13:02.0250 1904 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/15 00:13:02.0328 1904 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/15 00:13:02.0390 1904 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/15 00:13:02.0453 1904 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/15 00:13:02.0500 1904 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/15 00:13:02.0562 1904 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/15 00:13:02.0593 1904 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/15 00:13:02.0921 1904 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/15 00:13:03.0015 1904 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/15 00:13:03.0093 1904 SynTP (c9a1785cc0d7a040dd0fdbfeaa8be135) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/07/15 00:13:03.0187 1904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/15 00:13:03.0296 1904 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/15 00:13:03.0343 1904 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/15 00:13:03.0375 1904 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/15 00:13:03.0421 1904 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/15 00:13:03.0500 1904 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys

2011/07/15 00:13:03.0625 1904 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/15 00:13:03.0671 1904 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/15 00:13:03.0703 1904 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/15 00:13:03.0765 1904 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/15 00:13:03.0843 1904 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/15 00:13:03.0875 1904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/15 00:13:03.0953 1904 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/15 00:13:04.0015 1904 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/15 00:13:04.0062 1904 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/15 00:13:04.0093 1904 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/15 00:13:04.0125 1904 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/15 00:13:04.0187 1904 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/15 00:13:04.0234 1904 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/15 00:13:04.0250 1904 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/15 00:13:04.0390 1904 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2011/07/15 00:13:04.0562 1904 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/15 00:13:04.0625 1904 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/15 00:13:04.0718 1904 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/07/15 00:13:04.0828 1904 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/07/15 00:13:04.0921 1904 MBR (0x1B8) (5ae5a393505cffd37fe98c4a7922908d) \Device\Harddisk0\DR0

2011/07/15 00:13:04.0937 1904 MBR (0x1B8) (9f5793513d710955f24a510f5e984086) \Device\Harddisk1\DR4

2011/07/15 00:13:05.0125 1904 Boot (0x1200) (3bef33742ae8bde9db3f7e85fa085166) \Device\Harddisk0\DR0\Partition0

2011/07/15 00:13:05.0171 1904 Boot (0x1200) (81819d62f02111c8ec1bff760f4173fa) \Device\Harddisk0\DR0\Partition1

2011/07/15 00:13:05.0187 1904 ================================================================================

2011/07/15 00:13:05.0187 1904 Scan finished

2011/07/15 00:13:05.0187 1904 ================================================================================

2011/07/15 00:13:05.0203 3484 Detected object count: 0

2011/07/15 00:13:05.0203 3484 Actual detected object count: 0

=====================================================

**Security Check checkup.txt

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

Link to post
Share on other sites

Glad to hear things are running better! :)

We still have a little more cleanup to do ;):

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::

C:\Windows\System32\Drivers\28519790.sys

Driver::

28519790

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

I ran ComboFox using the provided script. ComboFix did upgrade to a newer version during the process.

Below is the requested ComboFix.txt file:

==========================================================

ComboFix 11-07-15.01 - Michael Evans 07/15/2011 10:09:49.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.403 [GMT -4:00]

Running from: c:\documents and settings\Michael Evans\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Michael Evans\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

FILE ::

"c:\windows\System32\Drivers\28519790.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_28519790

.

.

((((((((((((((((((((((((( Files Created from 2011-06-15 to 2011-07-15 )))))))))))))))))))))))))))))))

.

.

2011-07-15 04:52 . 2011-07-15 04:52 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A021FD4-D420-4B45-A15C-A36B9883FAF9}\MpKsl0f35c44a.sys

2011-07-15 04:52 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A021FD4-D420-4B45-A15C-A36B9883FAF9}\mpengine.dll

2011-07-13 10:29 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-13 10:29 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-13 02:13 . 2011-07-13 02:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2011-07-13 02:01 . 2011-07-13 02:01 -------- d-----w- c:\windows\system32\wbem\Repository

2011-07-12 02:06 . 2011-07-12 02:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-07-12 02:06 . 2011-07-12 02:06 -------- d-----w- c:\documents and settings\Administrator\IETldCache

2011-07-11 19:33 . 2011-07-11 19:33 -------- d-----w- c:\documents and settings\Michael Evans\Application Data\Malwarebytes

2011-07-11 19:32 . 2011-07-11 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-07-11 19:32 . 2011-07-15 03:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-22 19:50 . 2011-07-15 04:40 -------- d-----w- c:\documents and settings\Michael Evans\Local Settings\Application Data\dbMouseClock

2011-06-22 19:50 . 2011-06-22 19:52 -------- d-----w- c:\documents and settings\Michael Evans\Application Data\8924359

2011-06-20 02:34 . 2011-06-20 02:46 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-17 21:09 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-07 15:55 . 2011-05-06 17:10 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-06-02 14:02 . 2004-08-10 15:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-23 17:33 . 2011-05-23 17:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-02 15:31 . 2004-08-10 15:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-10 15:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2005-01-19 12:26 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2004-08-10 15:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-26 11:07 . 2004-08-10 15:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-25 16:11 . 2004-08-10 15:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-10 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-10 15:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-10 15:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-10 15:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2008-06-18 16:28 . 2007-08-27 15:27 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-06-18 16:28 . 2007-08-27 15:27 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-06-18 16:28 . 2007-08-27 15:27 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2008-06-18 16:28 . 2007-08-27 15:27 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2008-06-18 16:28 . 2007-08-27 15:27 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-07-27 1275168]

"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-07-27 110880]

"Nuance PDF Professional 6-reminder"="c:\program files\Nuance\PDF Professional 6\Ereg\Ereg.exe" [2008-11-03 54560]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-04-14 524944]

"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]

.

c:\documents and settings\Robyn Evans\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

.

R1 MpKsl0f35c44a;MpKsl0f35c44a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A021FD4-D420-4B45-A15C-A36B9883FAF9}\MpKsl0f35c44a.sys [7/15/2011 12:52 AM 28752]

R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [7/27/2009 2:15 AM 134944]

S1 MpKsl257695ad;MpKsl257695ad;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6B48DC8-4EFD-4974-AB20-233B350C7383}\MpKsl257695ad.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6B48DC8-4EFD-4974-AB20-233B350C7383}\MpKsl257695ad.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/13/2011 6:29 AM 41272]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2009-03-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]

.

2009-03-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]

.

2011-07-15 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100

IE: Open with PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 68.87.64.150 68.87.75.198

DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxp://www.afresults.com/Reserved.ReportViewerWebControl.axd?Culture=1033&CultureOverrides=True&UICulture=1033&UICultureOverrides=True&ReportStack=1&ControlID=36f8cd6d83574f489cfb050984f831eb&Mode=true&OpType=PrintCab&Arch=X86

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-15 10:21

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\??????(?@???????@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3204)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\msdtc.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\mqsvc.exe

c:\windows\system32\mqtgsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\eHome\ehmsas.exe

c:\progra~1\HPQ\Shared\HPQTOA~1.EXE

.

**************************************************************************

.

Completion time: 2011-07-15 10:26:26 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-15 14:26

ComboFix2.txt 2011-07-15 04:46

.

Pre-Run: 53,931,368,448 bytes free

Post-Run: 53,841,559,552 bytes free

.

- - End Of File - - E8B2221D627D578256441C761C408696

Link to post
Share on other sites

Looking good ;)

Before we move on, let's run some more scans to see if there's any traces left. Are you experiencing any more symptoms or other irregular behavior?

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

-----------

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

I am no longer seeing any pdd behaviors.

I performed the ESST Scan - ESSET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=de81c2879bfe6344a99f0437f9f22759

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-15 05:09:01

# local_time=2011-07-15 01:09:01 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776869 42 87 0 21852235 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=183503

# found=8

# cleaned=8

# scan_time=5968

C:\Documents and Settings\Michael Evans\Application Data\8924359\p4072.exe a variant of Win32/Sefnit.BN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Robyn\Local Settings\Temp\removalfile.bat Win32/Adware.Virtumonde application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Robyn\Local Settings\Temporary Internet Files\Content.IE5\S6XX094Q\CA9JQRVG.htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Michael Evans\Local Settings\Application Data\dbMouseClock\lanPad32.dll.vir a variant of Win32/Sefnit.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP186\A0027078.exe a variant of Win32/Kryptik.QIA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP190\A0027338.dll a variant of Win32/Sefnit.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP190\A0027614.exe a variant of Win32/Sefnit.BN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP190\A0027615.bat Win32/Adware.Virtumonde application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

============================================================================================

I then performed the Bitdefender scan; BitDefernder Log:

QuickScan Beta 32-bit v0.9.9.96

-------------------------------

Scan date: Fri Jul 15 13:30:24 2011

Machine ID: 16447DCD

No infection found.

-------------------

Processes

---------

CorelIOMonitor.exe 2452 C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

hp digital imaging - hp all-in-one seri 2232 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

HP QuickPlay 2204 C:\Program Files\Hp\QuickPlay\QPService.exe

HP Wireless Assistant 2124 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

HpqToaster Module 4072 C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

InstallShield Update Service 2268 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

Intel® Common User Interface 2144 C:\WINDOWS\system32\hkcmd.exe

Intel® Common User Interface 2168 C:\WINDOWS\system32\igfxpers.exe

Intel® Common User Interface 2136 C:\WINDOWS\system32\igfxtray.exe

Java 2 Platform Standard Edition 5. 2108 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

LightScribe 1984 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

Microsoft Malware Protection 1344 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

Microsoft Message Queue 2352 C:\WINDOWS\system32\mqsvc.exe

Microsoft Message Queue 3256 C:\WINDOWS\system32\mqtgsvc.exe

Microsoft Security Client 2500 C:\Program Files\Microsoft Security Client\msseces.exe

Microsoft® Windows® Operating System 4012 C:\WINDOWS\ehome\ehmsas.exe

Microsoft® Windows® Operating System 1656 C:\WINDOWS\ehome\ehrecvr.exe

Microsoft® Windows® Operating System 1744 C:\WINDOWS\ehome\ehSched.exe

Microsoft® Windows® Operating System 2092 C:\WINDOWS\ehome\ehtray.exe

Microsoft® Windows® Operating System 616 C:\WINDOWS\ehome\mcrdsvc.exe

Microsoft® Windows® Operating System 1852 C:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 192 C:\WINDOWS\system32\wscntfy.exe

Nuance PDF Products 2304 C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe

Nuance PDF Products 532 C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe

Synaptics Pointing Device Driver 2196 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(verified) Microsoft Distributed Transaction Coord 1440 C:\WINDOWS\system32\msdtc.exe

(verified) Microsoft® Windows® Operating System 3204 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 3600 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 872 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 2608 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 3356 C:\WINDOWS\system32\dllhost.exe

(verified) Microsoft® Windows® Operating System 956 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 944 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 808 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 628 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1596 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1524 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1380 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1328 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1132 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1200 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1096 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 3064 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 188 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 2588 C:\WINDOWS\system32\wbem\wmiprvse.exe

(verified) Microsoft® Windows® Operating System 896 C:\WINDOWS\system32\winlogon.exe

(verified) Microsoft® Windows® Operating System 816 C:\WINDOWS\system32\wuauclt.exe

(verified) Windows® Internet Explorer 756 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 1320 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 3272 C:\Program Files\Internet Explorer\iexplore.exe

Network activity

----------------

Process iexplore.exe (3272) connected on port 80 (HTTP) --> 69.171.242.13

Process iexplore.exe (3272) connected on port 80 (HTTP) --> 96.6.46.121

Process iexplore.exe (3272) connected on port 80 (HTTP) --> 96.6.46.73

Process iexplore.exe (3272) connected on port 80 (HTTP) --> 66.235.142.2

Process iexplore.exe (3272) connected on port 80 (HTTP) --> 74.125.226.129

Process iexplore.exe (3272) connected on port 80 (HTTP) --> 96.6.46.121

Process svchost.exe (1096) listens on ports: 2869 (SSDP event notification, UPNP)

Process svchost.exe (1200) listens on ports: 135 (RPC)

Process mqsvc.exe (2352) listens on ports: 1029 (RPC), 1801 (MSMQ), 2103 (MSMQ-RPC), 2105 (MSMQ-RPC), 2107 (MSMQ-Mgmt)

Autoruns and critical files

---------------------------

Corel Photo Downloader C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

CorelIOMonitor.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

cpqset.exe C:\Program Files\HPQ\Default Settings\cpqset.exe

hp digital imaging - hp all-in-one seri C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

HP QuickPlay C:\Program Files\Hp\QuickPlay\QPService.exe

HP Wireless Assistant C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe

Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll

Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe

Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe

Java 2 Platform Standard Edition 5. C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

Microsoft IntelliPoint C:\Program Files\Microsoft IntelliPoint\ipoint.exe

Microsoft IntelliType Pro C:\Program Files\Microsoft IntelliType Pro\itype.exe

Microsoft Malware Protection c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe

Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe

Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\CHDAudPropShortcut.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\regsvr32.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

Nuance PDF Products C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe

Nuance PDF Products C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe

QuickTime C:\Program Files\QuickTime\qttask.exe

Recguard Application C:\Windows\SMINST\RecGuard.exe

SSEreg C:\Program Files\Nuance\PDF Professional 6\Ereg\Ereg.exe

Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

Akamai Download Manager ActiveX Control C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.ocx

atcliun C:\WINDOWS\Downloaded Program Files\atcliun.exe

BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

devenum.exe C:\WINDOWS\Downloaded Program Files\devenum.exe

dshortcut Application C:\WINDOWS\Downloaded Program Files\shortcut.exe

Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe

get_ActiveX C:\WINDOWS\Downloaded Program Files\HPGetDownloadManager.ocx

Hewlett-Packard Monitor Service C:\WINDOWS\Downloaded Program Files\hpmonZ.exe

Hewlett-Packard Online Support Services C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll

i-drop control C:\WINDOWS\Downloaded Program Files\IDrop.ocx

i-drop control C:\WINDOWS\Downloaded Program Files\IDropENU.dll

InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll

Java 2 Platform Standard Edition 5. C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

LightSurfUploadControl Module C:\WINDOWS\Downloaded Program Files\VerizonWirelessUploadControl.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft Exchange C:\WINDOWS\Downloaded Program Files\exsmime.dll

Microsoft Exchange C:\WINDOWS\Downloaded Program Files\mimectl.dll

Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL

Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL

Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

Microsoft SQL Server C:\WINDOWS\Downloaded Program Files\rsclientprint.dll

Microsoft SQL Server C:\WINDOWS\Downloaded Program Files\rsclientprint_1028.rll

Microsoft SQL Server C:\WINDOWS\Downloaded Program Files\rsclientprint_1031.rll

Microsoft SQL Server C:\WINDOWS\Downloaded Program Files\rsclientprint_1033.rll

Microsoft SQL Server C:\WINDOWS\Downloaded Program Files\rsclientprint_1036.rll

Microsoft SQL Server C:\WINDOWS\Downloaded Program Files\rsclientprint_1040.rll

Microsoft SQL Server C:\WINDOWS\Downloaded Program Files\rsclientprint_1041.rll

Microsoft SQL Server C:\WINDOWS\Downloaded Program Files\rsclientprint_1042.rll

Microsoft SQL Server C:\WINDOWS\Downloaded Program Files\rsclientprint_1046.rll

Microsoft SQL Server C:\WINDOWS\Downloaded Program Files\rsclientprint_1049.rll

Microsoft SQL Server C:\WINDOWS\Downloaded Program Files\rsclientprint_2052.rll

Microsoft SQL Server C:\WINDOWS\Downloaded Program Files\rsclientprint_3082.rll

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

Photo Uploader C:\WINDOWS\Downloaded Program Files\UploaderX.dll

PlusIEContextMenu C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll

PopCapLoader Module C:\WINDOWS\Downloaded Program Files\CONFLICT.2\popcaploader.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

Shutterfly Picture Upload Plugin C:\WINDOWS\Downloaded Program Files\sfuploadplugin.ocx

Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

unzip.exe C:\WINDOWS\Downloaded Program Files\unzip.exe

WebEx Download Module C:\WINDOWS\Downloaded Program Files\atgpcdec.dll

Webex Download Module C:\WINDOWS\Downloaded Program Files\atgpcext.dll

Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll

Zeon Plus C:\Program Files\Nuance\PDF Professional 6\bin\nppdf.dll

ZeonIEFavClient C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Scan

----

MD5: 401f82ce78ae5995684333b556948fa4 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31A8E488-01E5-4CCB-9F1D-2B218384169F}\mpengine.dll

MD5: 5f53edfead46fa7adb78eee9ecce8fdf c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31A8E488-01E5-4CCB-9F1D-2B218384169F}\MpKsl21b8b5c8.sys

MD5: 4a47a46fd27c0146fd7b5199528a0c46 C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

MD5: 7d58c9bdf9c0a3955bdcde7387ad12ac C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

MD5: 1c46fc1ab600766b8554580204806e84 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

MD5: ab8134127f786c9603817b5318dceeaa C:\Program Files\Common Files\LightScribe\LSSrvc.exe

MD5: b4a8ba5abf4bdbe0171ed23f7535654a C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

MD5: b2013803ce166169789b53b54fff9277 C:\Program Files\FileZilla FTP Client\fzshellext.dll

MD5: 821f73b833c4daebc33c1a9a4b16bb5a C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

MD5: 2ac2c4ac49668b8c1abdc1fd151006da C:\Program Files\HP\QuickPlay\helper.dll

MD5: fea1a676317fce09589af0bfdb5fa732 C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll

MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\HP\QuickPlay\MFC71.DLL

MD5: 4dc5cc8292689dd48e5f437430922751 C:\Program Files\Hp\QuickPlay\QPService.exe

MD5: 6d00c852f991883f7a5873c018d1c8c4 C:\Program Files\HPQ\Default Settings\cpqset.exe

MD5: 3ec8642b4920a072f75358eedd43587d C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

MD5: ddb133a6703d96643ec799db84004bdc C:\Program Files\HPQ\Shared\HpqToaster.exe

MD5: a9d7153b413dd0a43aac72190473eeaf C:\Program Files\Internet Explorer\ieproxy.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

MD5: 5dd552e15419354fcd8ee92ae2660814 C:\Program Files\Internet Explorer\xpshims.dll

MD5: 61a3a9d5d98bf0331df5b716144a8100 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

MD5: f01726f7ca8538fdd4663c9db8feaedc C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

MD5: 545f106781b7ab23651e77c8e5e104c9 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: 7ceb241a5a11f4b49c7c3f3b68e31228 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

MD5: 60f3ccc045ae48b2736d042714df445e C:\Program Files\Microsoft IntelliType Pro\itype.exe

MD5: 47fc5a4a45e883a36aff884b3e6073b1 C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL

MD5: f5e0a1a931c125713d504bc5d1d35e2f c:\Program Files\Microsoft Security Client\Antimalware\MpClient.dll

MD5: 73b875c45457f5eb04ec892678e91a11 c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe

MD5: 4397a7614d29030465d746176f46b2c3 c:\Program Files\Microsoft Security Client\Antimalware\MpOAv.dll

MD5: c24525d1877e90ea0f7fc52748ec615e c:\Program Files\Microsoft Security Client\Antimalware\mprtp.dll

MD5: 21c4973715116b7af5ab00c19cf5af2d c:\Program Files\Microsoft Security Client\Antimalware\MpSvc.dll

MD5: 14813d440391b132fc3eab1a9d5a0fc8 c:\Program Files\Microsoft Security Client\Antimalware\MsMpCom.dll

MD5: 90dc23d940551db35367fb1e40575b25 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

MD5: b4436f7ad121c2e1132b06c8bdb8bf7d C:\Program Files\Microsoft Security Client\EppManifest.dll

MD5: 1d6174de4ded26e5d91b9b66e0fe4dac C:\Program Files\Microsoft Security Client\msseces.exe

MD5: 647fc72551bef58d0acbf465363c8751 c:\Program Files\Microsoft Security Client\shellext.dll

MD5: c3e42cbf8215171a524d123a54ae3233 c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

MD5: 11cea8e5ab908c98bc22cec9b689aa2c C:\Program Files\Nuance\PDF Professional 6\bin\DirectShellExt.dll

MD5: e01e08a5c8bb2196e9c7e23f8370d5fd C:\Program Files\Nuance\PDF Professional 6\bin\nppdf.dll

MD5: 198e148b007b7a14a4d2e5efffc6f2cc C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll

MD5: ff22ab7c7adcc5f3d6c37bb4b7b275d8 C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenuRes.ENU

MD5: 325701dab77e093d4a5b143435a441eb C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonHTMLParser.dll

MD5: 7084201b8030d1513a7b53c776981f64 C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll

MD5: 326c8c91c359a440e5c080766c199f96 C:\Program Files\Nuance\PDF Professional 6\Bin\ZnHTMLToPDFRes.ENU

MD5: 2cca7aaec5008cf0d307c00c357457bf C:\Program Files\Nuance\PDF Professional 6\cnvres_eng.dll

MD5: f66c02521579c6a6d3b5f1fc0a8be3ac C:\Program Files\Nuance\PDF Professional 6\Ereg\Ereg.exe

MD5: 62d00d2af25c3680eeb6dd5c72930b64 C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe

MD5: cb585165f2cc5cb9a917f2116b1c48f9 C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe

MD5: 4d9b86007cc35536fff655f139cee126 C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe

MD5: ff42136d5b97b478932830a89da3f462 C:\Program Files\Nuance\PDF Professional 6\ShellExt60.dll

MD5: 69581380e69c8dce30ede2a463c912ee C:\Program Files\QuickTime\qttask.exe

MD5: db81b078a7a8ca80c5aa8554cee66694 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

MD5: ddb133a6703d96643ec799db84004bdc C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: 1ba6ea381b601e7ef39acb7f7df8f9bf C:\WINDOWS\Downloaded Program Files\atcliun.exe

MD5: cb16bf32b3fed552def473d76ce39d9b C:\WINDOWS\Downloaded Program Files\atgpcdec.dll

MD5: 4d48bb075e8b21d4ea5640cff9973072 C:\WINDOWS\Downloaded Program Files\atgpcext.dll

MD5: 80efbb1a0b6e0972c19dd7fe948d37d0 C:\WINDOWS\Downloaded Program Files\CONFLICT.2\popcaploader.dll

MD5: 65596ed3aa82139641b6a638b45f345c C:\WINDOWS\Downloaded Program Files\devenum.exe

MD5: c1ae2e4a02916693e115472b27683451 C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.ocx

MD5: 7d456dec7d91fbeee457d496799a0e1b C:\WINDOWS\Downloaded Program Files\exsmime.dll

MD5: 387804211a84dca79a7238e4406a1f21 C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

MD5: 200e3189656f9a29fb5bc7f71ab3f283 C:\WINDOWS\Downloaded Program Files\HPGetDownloadManager.ocx

MD5: 4a10207dc237596cb50e003cdc7cde1b C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll

MD5: 5ef97eea6e8a516eae0c171c0efc5f6c C:\WINDOWS\Downloaded Program Files\hpmonZ.exe

MD5: 7fd9a28638face8adb8cef65f31a382c C:\WINDOWS\Downloaded Program Files\IDrop.ocx

MD5: 92149d7fc2b90b189f8aeecc2f9ddcee C:\WINDOWS\Downloaded Program Files\IDropENU.dll

MD5: b8f39c9e0f0b71e454dba431cf3b99c9 C:\WINDOWS\Downloaded Program Files\isusweb.dll

MD5: 611d6e8ed336fd6dd99e8ad40fced993 C:\WINDOWS\Downloaded Program Files\mimectl.dll

MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: 4f9985787be411c9f0500ef44450957e C:\WINDOWS\Downloaded Program Files\rsclientprint.dll

MD5: 7a09b8be37a1b5fc5957c595cc1c5efd C:\WINDOWS\Downloaded Program Files\rsclientprint_1028.rll

MD5: c6da5b41fd299a554b900cb91196d3a3 C:\WINDOWS\Downloaded Program Files\rsclientprint_1031.rll

MD5: f5358a23734615455eb1beceaec7c3be C:\WINDOWS\Downloaded Program Files\rsclientprint_1033.rll

MD5: 3f3b9e3d5db4c423413f3e58a5b0c26b C:\WINDOWS\Downloaded Program Files\rsclientprint_1036.rll

MD5: f880b2f2afcc3544489f46db662da6de C:\WINDOWS\Downloaded Program Files\rsclientprint_1040.rll

MD5: 6943db58067276cab7a7c337fec7f983 C:\WINDOWS\Downloaded Program Files\rsclientprint_1041.rll

MD5: 1b8b0bbb8b17b56c5ffd14716435d885 C:\WINDOWS\Downloaded Program Files\rsclientprint_1042.rll

MD5: 43275bea4540052b3d08608b77f4ff4a C:\WINDOWS\Downloaded Program Files\rsclientprint_1046.rll

MD5: 64a6e4812484674e62e3001dbff0714f C:\WINDOWS\Downloaded Program Files\rsclientprint_1049.rll

MD5: 9acd8fb9410885c7067d8c4959f06c5d C:\WINDOWS\Downloaded Program Files\rsclientprint_2052.rll

MD5: d1c09999795329f0e0a369e8c68df2e6 C:\WINDOWS\Downloaded Program Files\rsclientprint_3082.rll

MD5: 080fa21337ae2364b39a263e5af7d326 C:\WINDOWS\Downloaded Program Files\sfuploadplugin.ocx

MD5: e01a69649500d30808e28bfdae8acc41 C:\WINDOWS\Downloaded Program Files\shortcut.exe

MD5: bc297d140484961f3ac3df545c1a73b9 C:\WINDOWS\Downloaded Program Files\unzip.exe

MD5: b68f4650184ae3c121eadff50efc7276 C:\WINDOWS\Downloaded Program Files\UploaderX.dll

MD5: 4d3867165ceb57e4f707c5ac7e253d05 C:\WINDOWS\Downloaded Program Files\VerizonWirelessUploadControl.dll

MD5: 03a905fba1d62317087db5c21c0f8f62 C:\WINDOWS\ehome\ehmsas.exe

MD5: 0f0f5b564c5a3c9b38a6220230252567 C:\WINDOWS\eHome\ehProxy.dll

MD5: 8301243bde5b6cd316d79c0191d50d9a C:\WINDOWS\ehome\ehrecvr.exe

MD5: a53243709439ac2a4c216b817f8d7411 C:\WINDOWS\ehome\ehSched.exe

MD5: 6d280bc969218ae4a72180f907c32913 C:\WINDOWS\eHome\ehTrace.dll

MD5: 7a21e06385e748e9cb0252f1bbc493f1 C:\WINDOWS\ehome\ehtray.exe

MD5: df0a511f38f16016bf658fca0090cb87 C:\WINDOWS\ehome\mcrdsvc.exe

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: c764f15f0ae8a02df1523cb24f355b22 C:\Windows\SMINST\RecGuard.exe

MD5: 855b79451ecf62602f20eb4d5c71f99b C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

MD5: d93f94ff79d93c74468fa6f745ec49b2 C:\WINDOWS\system32\CHDAudPropShortcut.exe

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: f5430b03e141e098c78d5db46b00f8fc C:\WINDOWS\system32\confmsp.dll

MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll

MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll

MD5: 2a9e427681169f02274ad8c17d52fa2d C:\WINDOWS\system32\CSRSRV.dll

MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll

MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys

MD5: 7024e11dab9410b31a37547575249dd7 C:\WINDOWS\System32\Drivers\btwusb.sys

MD5: bb42bb78bbbc1e83292ef26973598daf C:\WINDOWS\system32\drivers\CHDAud.sys

MD5: 4d4d97671c63c3af869b3518e6054204 C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

MD5: 6ca101f9aa3d845ba31f6e13c01301a8 C:\WINDOWS\system32\DRIVERS\e100b325.sys

MD5: b5cb3084046146fd2587d8c9b219feb4 C:\WINDOWS\system32\DRIVERS\eabfiltr.sys

MD5: 231f4547ae1e4b3e60eca66c3a96d218 C:\WINDOWS\system32\DRIVERS\eabusb.sys

MD5: 214bc3ad84907ad6ad655ac5465f449a C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

MD5: 0e44af3828111d4c3e73c33ac95226d8 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

MD5: 89e256c5f5346be265d9f86ac8625d4f C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

MD5: 0f0194c4b635c10c3f785e4fee52d641 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

MD5: 309c4d86d989fb1fcf64bd30dc81c51b C:\WINDOWS\system32\DRIVERS\iaStor.sys

MD5: b18225739ed9caa83ba2df966e9f43e8 C:\WINDOWS\system32\drivers\mbamswissarmy.sys

MD5: 74f4372af97a587ecec527ec34955712 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys

MD5: 7e34bfa1a7b60bba1da03d677f16cd63 C:\WINDOWS\system32\DRIVERS\MpFilter.sys

MD5: eee50bf24caeedb515a8f3b22756d3bb C:\WINDOWS\system32\drivers\mqac.sys

MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

MD5: 86724469cd077901706854974cd13c3e C:\WINDOWS\System32\Drivers\PxHelp20.sys

MD5: 96f7a9a7bf0c9c0440a967440065d33c C:\WINDOWS\system32\drivers\RMCast.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: c9a1785cc0d7a040dd0fdbfeaa8be135 C:\WINDOWS\system32\DRIVERS\SynTP.sys

MD5: 9179e07503630d6fb2e4162ff0196191 C:\WINDOWS\system32\drivers\tifm21.sys

MD5: 4e7b07653f4f9937cf62ad2869fba520 C:\WINDOWS\system32\DRIVERS\w39n51.sys

MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll

MD5: ce8c3bc1377b83dbcd7304ab2d0a4735 C:\WINDOWS\system32\h323msp.dll

MD5: b9da7b8ca4601625ca9264cd846ac576 C:\WINDOWS\system32\hccutils.DLL

MD5: d9f3db62d1b361d82cd82a347ea6218d C:\WINDOWS\system32\hkcmd.exe

MD5: dd3a01e5017cb298136415b13337db72 C:\WINDOWS\system32\hptcpmib.dll

MD5: 4a4ac3a786937b51cb19c708045cb930 C:\WINDOWS\system32\HpTcpMon.dll

MD5: 982a03d52d67f4401e83c37d34008cd7 C:\WINDOWS\system32\HPTcpMUI.dll

MD5: 51c6d8bfbd4ea5b62a1ba7f4469250d3 c:\windows\system32\hpzinw12.dll

MD5: 79834aa2fbf9fe81eebb229024f6f7fc c:\windows\system32\hpzipm12.dll

MD5: 3584a093e8778c9e5f80ced99f0b7f35 C:\WINDOWS\system32\hpzjrd01.dll

MD5: af61826b82de7b95d5db8ee075a172d2 C:\WINDOWS\system32\IEFRAME.dll

MD5: c0b6195f1afda4a3061915501eb75d4a C:\WINDOWS\system32\iepeers.dll

MD5: ba356bd33397936d2e292cb00f80c164 C:\WINDOWS\system32\iertutil.dll

MD5: a58241451a149929a679c82fa934ef81 C:\WINDOWS\system32\igfxdev.dll

MD5: 32fb9368f485a7fe944eb6678b61734b C:\WINDOWS\system32\igfxpers.exe

MD5: 33a3eb65c59c83a8c6450401a5412625 C:\WINDOWS\system32\igfxpph.dll

MD5: 070e5936da5df779e446a56c3bae7c0e C:\WINDOWS\system32\igfxres.dll

MD5: 21c3886c7e83ee489d73afe012f068a6 C:\WINDOWS\system32\igfxress.dll

MD5: c433258ecaf73a302e016fc80186f94d C:\WINDOWS\system32\igfxsrvc.dll

MD5: 54f1f98c4ad8f99bbbe8fbb62b38733f C:\WINDOWS\system32\igfxtray.exe

MD5: 63e8d944afbeebb243f25c4ed07e74c5 C:\WINDOWS\system32\inetmib1.dll

MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: 57348ed5916cf4a8d55680b31a482b35 C:\WINDOWS\system32\Macromed\Flash\Flash10q.ocx

MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll

MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll

MD5: b37d6067174291aa8eade3f94a03cbff C:\WINDOWS\system32\MqLogMgr.dll

MD5: dee675f3dba03900dfba174bcf981130 C:\WINDOWS\system32\MQQM.dll

MD5: 132d5eff6e74fa644eb99ebfcd3a0f57 C:\WINDOWS\system32\mqrt.dll

MD5: 7dbcad793a31b4b144f8e948157564a5 C:\WINDOWS\system32\mqsec.dll

MD5: e9b5f354ae80325283fd5c1c05217b01 C:\WINDOWS\system32\mqsvc.exe

MD5: 10e6b9022b0a5c9c41e2da6aeae5d404 C:\WINDOWS\system32\mqtgsvc.exe

MD5: 186005d68bb8f87b2f66aff4d2bf0c6b C:\Windows\System32\MQTRIG.DLL

MD5: ad4d987e49e27180954f5fb31ff5d2dc C:\WINDOWS\system32\mqutil.dll

MD5: f0d371d357790601c4a03b25f6ad09f8 C:\WINDOWS\system32\MSDTCLOG.dll

MD5: 92e1a82ca4b048d1d970cbea1a097f6e C:\WINDOWS\system32\MSDTCPRX.dll

MD5: 31e6a08c6dfb167e15f53b12e57f3f52 C:\WINDOWS\system32\MSDTCTM.dll

MD5: 855f6333e3a4dfc6f3c8b0520c261fcd C:\WINDOWS\system32\MSFTEDIT.DLL

MD5: 22ba5235ea846eda87f68a1dcc2bfcf9 C:\WINDOWS\system32\mshtml.dll

MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll

MD5: 29bd913d8fd1feb6728dc9b43b55c1d2 C:\WINDOWS\system32\MSRATING.dll

MD5: 91dcd979ffed13ab6f6e6b085a43525e C:\WINDOWS\system32\msvidctl.dll

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll

MD5: 2b8b64aa14f817bdf3e3204fb041a61d C:\WINDOWS\system32\MTxOCI.Dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\System32\netshell.dll

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll

MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll

MD5: fbdb9d0935b9907b809b381fddf1627f C:\WINDOWS\system32\regsvr32.exe

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: 926afc4848ff3297bb264333bf51e21f C:\WINDOWS\system32\sbe.dll

MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll

MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\Security.dll

MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll

MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: 325a6995823e852cbfbd41d2aef1bb06 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5k4.DLL

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: 8a6b0d4c528ed7a79938a42260cf49fa C:\WINDOWS\system32\SynCOM.dll

MD5: 2f2399327de0ff381ab4ecf59e17b61f C:\WINDOWS\system32\SynTPAPI.dll

MD5: 3f8411328e808a8794a41da9acb22dd9 C:\WINDOWS\system32\tapi3.dll

MD5: 8357809e111e09393633039769d96281 C:\WINDOWS\system32\tcpmib.dll

MD5: 8edd9dcd5196b6c54a622e9549f667b8 C:\WINDOWS\system32\termmgr.dll

MD5: 17e0cf9c8cbb717d05948656bcd86efa C:\WINDOWS\system32\txflog.dll

MD5: 78bb1e601edab917094b0260a5a57c85 C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\System32\USP10.dll

MD5: 960f6d3cd9a1ba6435d7aadd102b297f C:\WINDOWS\system32\wbem\wmiprov.dll

MD5: cc951c2212a200475a587a440e0aa804 C:\WINDOWS\system32\WININET.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: ec0a223c4854e98a3afb2c31b7b420a0 C:\WINDOWS\system32\winsrv.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe

MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll

MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll

MD5: bea4aee74fef171eb61de1bad8faf427 C:\WINDOWS\system32\xmllite.dll

MD5: ae3470d2bf8f16fd93fa54167b87172d C:\WINDOWS\system32\XOLEHLP.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll

MD5: 5963633010616b25503ee126f55e8de4 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll

MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\MFC90ENU.DLL

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

No file uploaded.

Scan finished - communication took 1 sec

Total traffic - 0.01 MB sent, 0.87 KB recvd

Scanned 685 files and modules - 25 seconds

==============================================================================

Computer still appears to be operating properly.

Thank you much!

Link to post
Share on other sites

Your logs appear to be clean! :)

I will now provide you with some suggestions for security software, but first, ComboFix must be uninstalled ;):

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.