Jump to content

Repeated attacks from same domainsP


graddy
 Share

Recommended Posts

Please help me. MBAM is blocking 3-4 attacks per minute from the same two IPs. This has been going on for 48+ hours. I have run MBAM, Prevx, Spybot S&D, Sophos Antiroot Kit, Superantispyware and HiJack This but only found a few pieces of adware. Everything on the computer seems to be running normally except for the repeated attacks. They're listed as outgoing so I'm thinking there has to be something on my machine that's triggering them. Let me know what logs you want posted and I'll put them up. Thanks so much.

Link to post
Share on other sites

update: i'm now finding .exe's running from the temp folder. only one at a time, can kill with reboot but another with a new name comes back. still not finding anything on scans.

update: this file name came up, registered as a trojan: csrss.exe

http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/

now googling how to remove, any help appreciated.

Link to post
Share on other sites

Here you are.

MBAM log

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7694

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/12/2011 5:35:17 AM

mbam-log-2011-09-12 (05-35-17).txt

Scan type: Full scan (C:\|)

Objects scanned: 305808

Time elapsed: 4 hour(s), 59 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Emily at 9:51:41 on 2011-09-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1937 [GMT -5:00]

.

AV: Prevx 3.0 *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D901}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\Program Files\Prevx\prevx.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Expat Shield\bin\hsswd.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\Prevx\prevx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\NavNT\vptray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\cacaoweb\cacaoweb.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Emily\Desktop\Defogger.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - c:\program files\expat shield\hssie\ExpatIE.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [cacaoweb] "c:\program files\cacaoweb\cacaoweb.exe" -noplayer

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [vptray] c:\program files\navnt\vptray.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Logicool Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: Semagic - c:\program files\semagic\link.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: cleverreach.com\novastor

Trusted Zone: google-analytics.com

Trusted Zone: novastor.com

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263066431796

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{95FD4FBC-FE00-4841-8934-F54CDC3596B1} : NameServer = 208.67.222.222,208.67.220.220

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=

FF - component: c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\extensions\optout@dubfire.net\lib\winnt\ff3\AbineComponent.dll

FF - plugin: c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org

FF - Ext: Cache Status: cache@status.org - %profile%\extensions\cache@status.org

FF - Ext: eSnipe.com SnipeIt!: esnipesnipeit@esnipe.com - %profile%\extensions\esnipesnipeit@esnipe.com

FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent

FF - Ext: Clear History: nadir.kadem@gmail.com - %profile%\extensions\nadir.kadem@gmail.com

FF - Ext: TACO with Abine: optout@dubfire.net - %profile%\extensions\optout@dubfire.net

FF - Ext: RightBar: rightbar@realmtech.net - %profile%\extensions\rightbar@realmtech.net

FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Old Location Bar: {3205B348-523A-4fac-9BC4-9939CBF583B0} - %profile%\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}

FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - %profile%\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Steep and Cheap Watcher: {fa038e8f-d1d1-11db-9705-005056c00008} - %profile%\extensions\{fa038e8f-d1d1-11db-9705-005056c00008}

FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard

FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}

FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca

FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}

FF - Ext: ScribeFire: {F807FACD-E46A-4793-B345-D58CB177673C} - %profile%\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}

FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org

FF - Ext: AddonFox: {ad48108d-92a6-4eb9-87e4-978aca1dbae4} - %profile%\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}

FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-5-24 32008]

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2010-1-12 4064]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-1-9 13696]

R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-5-24 6416120]

R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-8-13 3712]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-11 366640]

R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2001-9-24 9232]

R2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-9-24 454656]

R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2010-4-14 261256]

R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-5-24 76696]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 42648]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 12184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-11 22712]

R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?]

R3 NAVAP;NAVAP;c:\program files\navnt\navap.sys [2001-9-24 176208]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVENG.sys [2010-10-13 86064]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVEX15.sys [2010-10-13 1371184]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-5-24 26096]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\emily\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\emily\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\emily\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\emily\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-5-21 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-5-21 8456]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-11 27064]

S3 ZWDAGMLowerFilter;ZWDA General Mouse Filter Driver;c:\windows\system32\drivers\zwda_gm_lowerfilter.sys [2011-8-13 21248]

.

=============== Created Last 30 ================

.

2011-09-12 04:56:18 6144 ------w- c:\windows\system32\2.tmp

2011-09-12 04:56:12 6144 ------w- c:\windows\system32\1.tmp

2011-09-12 03:23:25 6144 ------w- c:\windows\system32\12.tmp

2011-09-12 02:18:06 -------- d-----w- c:\program files\kohmtgiw

2011-09-11 16:34:17 208896 ----a-w- c:\windows\MBR.exe

2011-09-11 16:34:16 518144 ----a-w- c:\windows\SWREG.exe

2011-09-11 16:34:16 256000 ----a-w- c:\windows\PEV.exe

2011-09-11 16:34:15 98816 ----a-w- c:\windows\sed.exe

2011-09-11 16:33:29 -------- d-s---w- C:\ComboFix

2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-08-27 20:31:39 -------- d-----w- c:\program files\iPod

2011-08-27 20:31:22 -------- d-----w- c:\program files\iTunes

2011-08-20 08:27:52 -------- d-----w- C:\PrevxCSI

2011-08-13 18:31:36 301656 ----a-w- c:\windows\system32\BtCoreIf.dll

.

==================== Find3M ====================

.

2011-09-12 02:37:20 71880 ----a-w- c:\windows\system32\PxSecure.dll

2011-09-12 02:37:18 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys

2011-09-12 02:37:16 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-24 15:57:25 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-08-11 23:45:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\SET1E6.tmp

2011-06-23 18:36:30 66560 ----a-w- c:\windows\system32\SET1EB.tmp

2011-06-23 18:36:30 611840 ----a-w- c:\windows\system32\SET1EA.tmp

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\SET1EF.tmp

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 25600 ----a-w- c:\windows\system32\SET1F0.tmp

2011-06-23 18:36:30 206848 ----a-w- c:\windows\system32\SET1E9.tmp

2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 18:36:30 1212416 ----a-w- c:\windows\system32\SET1E7.tmp

2011-06-23 18:36:30 105984 ----a-w- c:\windows\system32\SET1E8.tmp

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2010-11-05 07:09:24 7221248 ----a-w- c:\program files\praat.exe

2010-09-19 05:05:44 455480 ----a-w- c:\program files\UnInstall.exe

2010-05-26 23:16:12 9194224 ----a-w- c:\program files\IconWorkshop.exe

2010-05-25 15:19:36 1124864 ----a-w- c:\program files\ResGer.dll

2010-05-25 15:18:44 1127936 ----a-w- c:\program files\ResFra.dll

2009-09-02 15:02:44 110080 ----a-w- c:\program files\IconWorkshopAddin.dll

2008-08-08 20:25:00 81920 ----a-w- c:\program files\IconWorkshopAddin2005.dll

2008-03-25 03:50:26 554008 ----a-w- c:\program files\common files\dao360.dll

.

============= FINISH: 9:52:47.53 ===============

GMER log

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-09-12 14:02:40

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000076 Hitachi_HDS721616PLA380 rev.P22OABEA

Running: k28ki1pi.exe; Driver: C:\DOCUME~1\Emily\LOCALS~1\Temp\kxtdapod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAllocateVirtualMemory [0xB4E26F60]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xB4E26AF0]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xB4E26B40]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDebugActiveProcess [0xB4E26F10]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xB4E26810]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xB4E268D0]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDuplicateObject [0xB4E27180]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xB4E27490]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenSection [0xB4E26CD0]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xB4E27320]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xB4E26BE0]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xB4E26AA0]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xB4E269B0]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSystemDebugControl [0xB4E26E80]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xB4E27630]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xB4E26C80]

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xB4E27000]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB905F360, 0x32DEFD, 0xE8000020]

? C:\WINDOWS\system32\13.tmp The system cannot find the file specified. !

? C:\DOCUME~1\Emily\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe[636] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 044EA939 C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll

.text C:\WINDOWS\system32\SearchIndexer.exe[2116] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)

AttachedDevice \Driver\Tcpip \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

MBAM sample attack log

22:28:55 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:29:06 Emily IP-BLOCK 204.188.235.81 (Type: incoming)

22:29:17 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:29:18 Emily IP-BLOCK 94.102.49.218 (Type: outgoing)

22:29:19 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:29:19 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:29:20 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:29:22 Emily IP-BLOCK 94.102.49.218 (Type: outgoing)

22:29:26 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:29:28 Emily IP-BLOCK 94.102.49.218 (Type: outgoing)

22:29:28 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:29:48 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:29:51 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:29:56 Emily IP-BLOCK 94.102.49.218 (Type: outgoing)

22:29:57 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:29:59 Emily IP-BLOCK 94.102.49.218 (Type: outgoing)

22:30:05 Emily IP-BLOCK 94.102.49.218 (Type: outgoing)

22:30:15 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:30:18 Emily IP-BLOCK 94.102.49.218 (Type: outgoing)

22:30:18 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:30:18 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:30:18 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:30:21 Emily IP-BLOCK 94.102.49.218 (Type: outgoing)

22:30:21 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:30:24 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:30:27 Emily IP-BLOCK 94.102.49.218 (Type: outgoing)

22:30:27 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:30:46 Emily IP-BLOCK 94.102.49.218 (Type: outgoing)

22:30:46 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:30:49 Emily IP-BLOCK 94.102.49.218 (Type: outgoing)

22:30:49 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:30:55 Emily IP-BLOCK 94.102.49.218 (Type: outgoing)

22:30:55 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

22:31:16 Emily IP-BLOCK 204.188.235.81 (Type: outgoing)

ark.zip

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Thank you very much. Here is an update. The computer seemed to boot fine. The internet connection was still disabled. No combofix logs appeared--maybe they are somewhere on my machine but I didn't want to poke around. I did not run combofix again b/c I had no instruction to do so.

MBAM would not start, so I did a fresh install, checked no when it asked to update and then scanned. I also did a DDS scan. These are not posted but the DDS log is attached as Attach1. I then rebooted successfully, re-enabled virus protection, re-enabled internet connection, updated MBAM, disabled internet, and scanned with MBAM and DDS again. These are posted below, and the DDS log is attached as Attach2.

During the minute or so internet connection was active MBAM did not log any incoming or outgoing attacks.

Here are the logs (except for combofix log, which as I said did not come up on reboot):

MBAM log

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/18/2011 1:26:00 PM

mbam-log-2011-09-18 (13-26-00).txt

Scan type: Quick scan

Objects scanned: 179525

Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------------------------------------------------------------------------

DDS log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Emily at 14:06:56 on 2011-09-18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2110 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\Program Files\Prevx\prevx.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Expat Shield\bin\hsswd.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Prevx\prevx.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\NavNT\vptray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\WINDOWS\system32\taskmgr.exe

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - c:\program files\expat shield\hssie\ExpatIE.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [cacaoweb] "c:\program files\cacaoweb\cacaoweb.exe" -noplayer

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [vptray] c:\program files\navnt\vptray.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Logicool Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: Semagic - c:\program files\semagic\link.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: cleverreach.com\novastor

Trusted Zone: google-analytics.com

Trusted Zone: novastor.com

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263066431796

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 97.64.168.12 97.64.183.165

TCP: Interfaces\{95FD4FBC-FE00-4841-8934-F54CDC3596B1} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{95FD4FBC-FE00-4841-8934-F54CDC3596B1} : DhcpNameServer = 97.64.168.12 97.64.183.165

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=

FF - component: c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\extensions\optout@dubfire.net\lib\winnt\ff3\AbineComponent.dll

FF - plugin: c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org

FF - Ext: Cache Status: cache@status.org - %profile%\extensions\cache@status.org

FF - Ext: eSnipe.com SnipeIt!: esnipesnipeit@esnipe.com - %profile%\extensions\esnipesnipeit@esnipe.com

FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent

FF - Ext: Clear History: nadir.kadem@gmail.com - %profile%\extensions\nadir.kadem@gmail.com

FF - Ext: TACO with Abine: optout@dubfire.net - %profile%\extensions\optout@dubfire.net

FF - Ext: RightBar: rightbar@realmtech.net - %profile%\extensions\rightbar@realmtech.net

FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Old Location Bar: {3205B348-523A-4fac-9BC4-9939CBF583B0} - %profile%\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}

FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - %profile%\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Steep and Cheap Watcher: {fa038e8f-d1d1-11db-9705-005056c00008} - %profile%\extensions\{fa038e8f-d1d1-11db-9705-005056c00008}

FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard

FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}

FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca

FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}

FF - Ext: ScribeFire: {F807FACD-E46A-4793-B345-D58CB177673C} - %profile%\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}

FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org

FF - Ext: AddonFox: {ad48108d-92a6-4eb9-87e4-978aca1dbae4} - %profile%\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}

FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-5-24 32008]

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2010-1-12 4064]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-1-9 13696]

R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-5-24 6416120]

R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-8-13 3712]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-11 366152]

R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2001-9-24 9232]

R2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-9-24 454656]

R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2010-4-14 261256]

R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-5-24 76696]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 42648]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 12184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-11 22216]

R3 NAVAP;NAVAP;c:\program files\navnt\navap.sys [2001-9-24 176208]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVENG.sys [2010-10-13 86064]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVEX15.sys [2010-10-13 1371184]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-5-24 26096]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-18 41272]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\emily\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\emily\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\emily\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\emily\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-5-21 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-5-21 8456]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-11 27064]

S3 ZWDAGMLowerFilter;ZWDA General Mouse Filter Driver;c:\windows\system32\drivers\zwda_gm_lowerfilter.sys [2011-8-13 21248]

.

=============== Created Last 30 ================

.

2011-09-18 19:01:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-17 16:50:48 60416 ----a-w- c:\windows\system32\drivers\Combo-Fix.sys

2011-09-17 16:25:06 208896 ----a-w- c:\windows\MBR.exe

2011-09-17 16:25:05 518144 ----a-w- c:\windows\SWREG.exe

2011-09-17 16:25:05 256000 ----a-w- c:\windows\PEV.exe

2011-09-17 16:25:04 98816 ----a-w- c:\windows\sed.exe

2011-09-17 16:24:44 -------- d-s---w- C:\ComboFix

2011-09-12 04:56:18 6144 ------w- c:\windows\system32\2.tmp

2011-09-12 03:23:25 6144 ------w- c:\windows\system32\12.tmp

2011-09-12 02:18:06 -------- d-----w- c:\program files\kohmtgiw

2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-08-27 20:31:39 -------- d-----w- c:\program files\iPod

2011-08-27 20:31:22 -------- d-----w- c:\program files\iTunes

2011-08-20 08:27:52 -------- d-----w- C:\PrevxCSI

.

==================== Find3M ====================

.

2011-09-12 02:37:20 71880 ----a-w- c:\windows\system32\PxSecure.dll

2011-09-12 02:37:18 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys

2011-09-12 02:37:16 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-24 15:57:25 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-08-11 23:45:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\SET1E6.tmp

2011-06-23 18:36:30 66560 ----a-w- c:\windows\system32\SET1EB.tmp

2011-06-23 18:36:30 611840 ----a-w- c:\windows\system32\SET1EA.tmp

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\SET1EF.tmp

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 25600 ----a-w- c:\windows\system32\SET1F0.tmp

2011-06-23 18:36:30 206848 ----a-w- c:\windows\system32\SET1E9.tmp

2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 18:36:30 1212416 ----a-w- c:\windows\system32\SET1E7.tmp

2011-06-23 18:36:30 105984 ----a-w- c:\windows\system32\SET1E8.tmp

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2010-11-05 07:09:24 7221248 ----a-w- c:\program files\praat.exe

2010-05-26 23:16:12 9194224 ----a-w- c:\program files\IconWorkshop.exe

2010-05-25 15:19:36 1124864 ----a-w- c:\program files\ResGer.dll

2010-05-25 15:18:44 1127936 ----a-w- c:\program files\ResFra.dll

2009-09-02 15:02:44 110080 ----a-w- c:\program files\IconWorkshopAddin.dll

2008-08-08 20:25:00 81920 ----a-w- c:\program files\IconWorkshopAddin2005.dll

2008-03-25 03:50:26 554008 ----a-w- c:\program files\common files\dao360.dll

.

============= FINISH: 14:09:04.37 ===============

Thank you and I await further instruction.

attach2.zip

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Instead of "bumping" the topic which actually puts you back at the bottom of my queue, please PM me directly if the wait becomes too long.

Link to post
Share on other sites

Thank you for clarifying the bump/PM thing. I did as asked and TDSS did not find anything. I rebooted and scanned again and it still did not find anything. Here is the log:

TDSS log

2011/09/22 09:40:43.0421 3764 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10

2011/09/22 09:40:43.0531 3764 ================================================================================

2011/09/22 09:40:43.0531 3764 SystemInfo:

2011/09/22 09:40:43.0531 3764

2011/09/22 09:40:43.0531 3764 OS Version: 5.1.2600 ServicePack: 3.0

2011/09/22 09:40:43.0531 3764 Product type: Workstation

2011/09/22 09:40:43.0531 3764 ComputerName: OASIS

2011/09/22 09:40:43.0531 3764 UserName: Emily

2011/09/22 09:40:43.0531 3764 Windows directory: C:\WINDOWS

2011/09/22 09:40:43.0531 3764 System windows directory: C:\WINDOWS

2011/09/22 09:40:43.0531 3764 Processor architecture: Intel x86

2011/09/22 09:40:43.0531 3764 Number of processors: 2

2011/09/22 09:40:43.0531 3764 Page size: 0x1000

2011/09/22 09:40:43.0531 3764 Boot type: Normal boot

2011/09/22 09:40:43.0531 3764 ================================================================================

2011/09/22 09:40:44.0046 3764 Initialize success

2011/09/22 09:40:49.0015 1016 ================================================================================

2011/09/22 09:40:49.0015 1016 Scan started

2011/09/22 09:40:49.0015 1016 Mode: Manual;

2011/09/22 09:40:49.0015 1016 ================================================================================

2011/09/22 09:40:49.0437 1016 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/09/22 09:40:49.0500 1016 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/09/22 09:40:49.0593 1016 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/09/22 09:40:49.0656 1016 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/09/22 09:40:49.0796 1016 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2011/09/22 09:40:49.0921 1016 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/09/22 09:40:49.0984 1016 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/09/22 09:40:50.0046 1016 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/09/22 09:40:50.0140 1016 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys

2011/09/22 09:40:50.0171 1016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/09/22 09:40:50.0218 1016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/09/22 09:40:50.0265 1016 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys

2011/09/22 09:40:50.0515 1016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/09/22 09:40:50.0578 1016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/09/22 09:40:50.0640 1016 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/09/22 09:40:50.0703 1016 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/09/22 09:40:50.0843 1016 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/09/22 09:40:50.0890 1016 DLABOIOM (631b3dd27adb49aa4546a0eec92e81b7) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/09/22 09:40:50.0937 1016 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/09/22 09:40:51.0000 1016 DLADResN (3acd81ab9b065147dc60522a5c0bb257) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/09/22 09:40:51.0015 1016 DLAIFS_M (4f179116df60d3272d4e71cda6da2f20) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/09/22 09:40:51.0046 1016 DLAOPIOM (7359f3ed620bc002cbee0664333a4540) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/09/22 09:40:51.0078 1016 DLAPoolM (17c22b10766e9fb31d201cf88e783a3c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/09/22 09:40:51.0109 1016 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/09/22 09:40:51.0140 1016 DLAUDFAM (456cd604360863565655eb2a078b430d) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/09/22 09:40:51.0171 1016 DLAUDF_M (1ba22e89b314a67fe3d211a12abcd0ef) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/09/22 09:40:51.0234 1016 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/09/22 09:40:51.0312 1016 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/09/22 09:40:51.0375 1016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/09/22 09:40:51.0437 1016 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/09/22 09:40:51.0484 1016 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/09/22 09:40:51.0515 1016 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/09/22 09:40:51.0562 1016 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/09/22 09:40:51.0609 1016 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys

2011/09/22 09:40:51.0656 1016 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys

2011/09/22 09:40:51.0781 1016 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/09/22 09:40:51.0812 1016 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/09/22 09:40:51.0859 1016 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/09/22 09:40:51.0890 1016 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/09/22 09:40:51.0921 1016 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/09/22 09:40:52.0031 1016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/09/22 09:40:52.0078 1016 FTDIBUS (bb5107ca0569c95f2a850722c34d20c9) C:\WINDOWS\system32\drivers\ftdibus.sys

2011/09/22 09:40:52.0125 1016 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/09/22 09:40:52.0171 1016 FTSER2K (296be0a1d7c96a7abbede6b97baf96b3) C:\WINDOWS\system32\drivers\ftser2k.sys

2011/09/22 09:40:52.0218 1016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/09/22 09:40:52.0328 1016 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/09/22 09:40:52.0390 1016 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/09/22 09:40:52.0468 1016 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/09/22 09:40:52.0546 1016 HssDrv (06c9c9de9ab51daa5a83a838c7a58adf) C:\WINDOWS\system32\DRIVERS\HssDrv.sys

2011/09/22 09:40:52.0671 1016 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/09/22 09:40:52.0765 1016 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/09/22 09:40:52.0812 1016 imagedrv (0a7c49b48c772591a2d362daa00246c8) C:\WINDOWS\system32\Drivers\imagedrv.sys

2011/09/22 09:40:52.0843 1016 imagesrv (549ba4f539e7b8d8129500b96dd7b27a) C:\WINDOWS\system32\DRIVERS\imagesrv.sys

2011/09/22 09:40:52.0906 1016 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/09/22 09:40:53.0140 1016 IntcAzAudAddService (c464cf7a58c011a70188602b55c64e99) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/09/22 09:40:53.0312 1016 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/09/22 09:40:53.0359 1016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/09/22 09:40:53.0390 1016 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/09/22 09:40:53.0500 1016 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/09/22 09:40:53.0546 1016 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/09/22 09:40:53.0593 1016 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/09/22 09:40:53.0640 1016 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/09/22 09:40:53.0781 1016 Jukebox3 (6c24d3878f44c271d94ea6cab1acd739) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys

2011/09/22 09:40:53.0859 1016 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/09/22 09:40:53.0890 1016 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/09/22 09:40:53.0953 1016 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/09/22 09:40:54.0031 1016 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/09/22 09:40:54.0093 1016 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

2011/09/22 09:40:54.0171 1016 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

2011/09/22 09:40:54.0218 1016 LBeepKE (ca4c92d8b59ddee29759e35aa2cc4c3b) C:\WINDOWS\system32\Drivers\LBeepKE.sys

2011/09/22 09:40:54.0281 1016 LEqdUsb (0fe8fefe98626509661b50ea20ecd129) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys

2011/09/22 09:40:54.0359 1016 LHidEqd (93657522a5dd7da4c81fb347973ae01c) C:\WINDOWS\system32\Drivers\LHidEqd.Sys

2011/09/22 09:40:54.0453 1016 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

2011/09/22 09:40:54.0515 1016 LHidKe (d86c17d256bbbcfb51b9c8c20dc56804) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys

2011/09/22 09:40:54.0562 1016 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

2011/09/22 09:40:54.0609 1016 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

2011/09/22 09:40:54.0750 1016 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

2011/09/22 09:40:54.0859 1016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/09/22 09:40:54.0921 1016 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/09/22 09:40:54.0984 1016 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/09/22 09:40:55.0046 1016 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/09/22 09:40:55.0062 1016 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/09/22 09:40:55.0109 1016 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/09/22 09:40:55.0171 1016 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/09/22 09:40:55.0218 1016 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/09/22 09:40:55.0250 1016 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/09/22 09:40:55.0281 1016 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/09/22 09:40:55.0312 1016 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/09/22 09:40:55.0375 1016 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/09/22 09:40:55.0421 1016 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/09/22 09:40:55.0546 1016 NAVAP (69b2c32f9382ff0ab458d43415cd9460) C:\Program Files\NavNT\NAVAP.sys

2011/09/22 09:40:55.0578 1016 NAVAPEL (d488113cfbaa3a4a7c2822662923a3e9) C:\Program Files\NavNT\NAVAPEL.SYS

2011/09/22 09:40:55.0703 1016 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys

2011/09/22 09:40:55.0796 1016 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys

2011/09/22 09:40:55.0921 1016 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/09/22 09:40:55.0984 1016 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/09/22 09:40:56.0000 1016 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/09/22 09:40:56.0031 1016 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/09/22 09:40:56.0093 1016 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/09/22 09:40:56.0203 1016 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/09/22 09:40:56.0234 1016 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/09/22 09:40:56.0296 1016 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/09/22 09:40:56.0343 1016 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/09/22 09:40:56.0421 1016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/09/22 09:40:56.0625 1016 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/09/22 09:40:57.0046 1016 nvata (ef9941593b2e9b436f64a87ddb570d1a) C:\WINDOWS\system32\DRIVERS\nvata.sys

2011/09/22 09:40:57.0093 1016 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2011/09/22 09:40:57.0140 1016 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2011/09/22 09:40:57.0203 1016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/09/22 09:40:57.0234 1016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/09/22 09:40:57.0343 1016 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/09/22 09:40:57.0390 1016 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/09/22 09:40:57.0437 1016 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/09/22 09:40:57.0468 1016 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/09/22 09:40:57.0515 1016 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/09/22 09:40:57.0562 1016 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/09/22 09:40:57.0718 1016 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys

2011/09/22 09:40:57.0828 1016 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/09/22 09:40:57.0859 1016 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/09/22 09:40:57.0921 1016 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/09/22 09:40:57.0968 1016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/09/22 09:40:58.0031 1016 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/09/22 09:40:58.0125 1016 pxkbf (0c738845c7c12c45f05b127edff2cc87) C:\WINDOWS\system32\drivers\pxkbf.sys

2011/09/22 09:40:58.0156 1016 pxrts (04d1c97a0818f9378eeaa793a09f8202) C:\WINDOWS\system32\drivers\pxrts.sys

2011/09/22 09:40:58.0187 1016 pxscan (e6e1f9f717feab3e16c3b160b17e6855) C:\WINDOWS\system32\drivers\pxscan.sys

2011/09/22 09:40:58.0296 1016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/09/22 09:40:58.0343 1016 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/09/22 09:40:58.0375 1016 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/09/22 09:40:58.0421 1016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/09/22 09:40:58.0468 1016 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/09/22 09:40:58.0515 1016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/09/22 09:40:58.0593 1016 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/09/22 09:40:58.0656 1016 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/09/22 09:40:58.0703 1016 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/09/22 09:40:58.0796 1016 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys

2011/09/22 09:40:58.0875 1016 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys

2011/09/22 09:40:58.0968 1016 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/09/22 09:40:59.0031 1016 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/09/22 09:40:59.0343 1016 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/09/22 09:40:59.0390 1016 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/09/22 09:40:59.0421 1016 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/09/22 09:40:59.0468 1016 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/09/22 09:40:59.0531 1016 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/09/22 09:40:59.0640 1016 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/09/22 09:40:59.0718 1016 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/09/22 09:40:59.0781 1016 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/09/22 09:40:59.0812 1016 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/09/22 09:41:00.0015 1016 SymEvent (a769203607d8af4efa01148ae86697d5) C:\Program Files\Symantec\SYMEVENT.SYS

2011/09/22 09:41:00.0109 1016 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/09/22 09:41:00.0171 1016 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/09/22 09:41:00.0281 1016 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/09/22 09:41:00.0312 1016 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/09/22 09:41:00.0359 1016 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/09/22 09:41:00.0437 1016 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/09/22 09:41:00.0531 1016 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/09/22 09:41:00.0625 1016 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/09/22 09:41:00.0687 1016 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/09/22 09:41:00.0734 1016 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/09/22 09:41:00.0781 1016 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/09/22 09:41:00.0828 1016 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/09/22 09:41:00.0875 1016 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/09/22 09:41:00.0906 1016 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/09/22 09:41:00.0937 1016 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/09/22 09:41:01.0015 1016 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/09/22 09:41:01.0062 1016 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/09/22 09:41:01.0125 1016 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/09/22 09:41:01.0234 1016 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/09/22 09:41:01.0359 1016 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/09/22 09:41:01.0390 1016 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/09/22 09:41:01.0484 1016 ZWDAGMLowerFilter (2e3f2f8ef0ae16430823c59c03bcef26) C:\WINDOWS\system32\DRIVERS\zwda_gm_lowerfilter.sys

2011/09/22 09:41:01.0531 1016 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/09/22 09:41:01.0593 1016 Boot (0x1200) (ecb08b0cf63b58cbfa100c229b75b682) \Device\Harddisk0\DR0\Partition0

2011/09/22 09:41:01.0609 1016 ================================================================================

2011/09/22 09:41:01.0609 1016 Scan finished

2011/09/22 09:41:01.0609 1016 ================================================================================

2011/09/22 09:41:01.0609 0972 Detected object count: 0

2011/09/22 09:41:01.0609 0972 Actual detected object count: 0

2011/09/22 09:45:56.0734 0284 ================================================================================

2011/09/22 09:45:56.0734 0284 Scan started

2011/09/22 09:45:56.0734 0284 Mode: Manual;

2011/09/22 09:45:56.0734 0284 ================================================================================

2011/09/22 09:45:57.0062 0284 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/09/22 09:45:57.0109 0284 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/09/22 09:45:57.0140 0284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/09/22 09:45:57.0218 0284 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/09/22 09:45:57.0328 0284 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2011/09/22 09:45:57.0437 0284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/09/22 09:45:57.0468 0284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/09/22 09:45:57.0515 0284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/09/22 09:45:57.0593 0284 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys

2011/09/22 09:45:57.0609 0284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/09/22 09:45:57.0640 0284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/09/22 09:45:57.0671 0284 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys

2011/09/22 09:45:57.0921 0284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/09/22 09:45:57.0968 0284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/09/22 09:45:58.0015 0284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/09/22 09:45:58.0062 0284 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/09/22 09:45:58.0171 0284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/09/22 09:45:58.0218 0284 DLABOIOM (631b3dd27adb49aa4546a0eec92e81b7) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/09/22 09:45:58.0250 0284 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/09/22 09:45:58.0265 0284 DLADResN (3acd81ab9b065147dc60522a5c0bb257) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/09/22 09:45:58.0296 0284 DLAIFS_M (4f179116df60d3272d4e71cda6da2f20) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/09/22 09:45:58.0312 0284 DLAOPIOM (7359f3ed620bc002cbee0664333a4540) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/09/22 09:45:58.0312 0284 DLAPoolM (17c22b10766e9fb31d201cf88e783a3c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/09/22 09:45:58.0328 0284 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/09/22 09:45:58.0343 0284 DLAUDFAM (456cd604360863565655eb2a078b430d) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/09/22 09:45:58.0359 0284 DLAUDF_M (1ba22e89b314a67fe3d211a12abcd0ef) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/09/22 09:45:58.0406 0284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/09/22 09:45:58.0437 0284 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/09/22 09:45:58.0484 0284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/09/22 09:45:58.0500 0284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/09/22 09:45:58.0546 0284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/09/22 09:45:58.0578 0284 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/09/22 09:45:58.0593 0284 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/09/22 09:45:58.0609 0284 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys

2011/09/22 09:45:58.0625 0284 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys

2011/09/22 09:45:58.0703 0284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/09/22 09:45:58.0750 0284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/09/22 09:45:58.0781 0284 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/09/22 09:45:58.0812 0284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/09/22 09:45:58.0875 0284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/09/22 09:45:58.0906 0284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/09/22 09:45:58.0937 0284 FTDIBUS (bb5107ca0569c95f2a850722c34d20c9) C:\WINDOWS\system32\drivers\ftdibus.sys

2011/09/22 09:45:58.0953 0284 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/09/22 09:45:58.0968 0284 FTSER2K (296be0a1d7c96a7abbede6b97baf96b3) C:\WINDOWS\system32\drivers\ftser2k.sys

2011/09/22 09:45:59.0046 0284 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/09/22 09:45:59.0093 0284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/09/22 09:45:59.0140 0284 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/09/22 09:45:59.0187 0284 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/09/22 09:45:59.0281 0284 HssDrv (06c9c9de9ab51daa5a83a838c7a58adf) C:\WINDOWS\system32\DRIVERS\HssDrv.sys

2011/09/22 09:45:59.0343 0284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/09/22 09:45:59.0421 0284 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/09/22 09:45:59.0515 0284 imagedrv (0a7c49b48c772591a2d362daa00246c8) C:\WINDOWS\system32\Drivers\imagedrv.sys

2011/09/22 09:45:59.0531 0284 imagesrv (549ba4f539e7b8d8129500b96dd7b27a) C:\WINDOWS\system32\DRIVERS\imagesrv.sys

2011/09/22 09:45:59.0578 0284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/09/22 09:45:59.0750 0284 IntcAzAudAddService (c464cf7a58c011a70188602b55c64e99) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/09/22 09:45:59.0875 0284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/09/22 09:45:59.0890 0284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/09/22 09:45:59.0921 0284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/09/22 09:46:00.0000 0284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/09/22 09:46:00.0031 0284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/09/22 09:46:00.0046 0284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/09/22 09:46:00.0078 0284 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/09/22 09:46:00.0171 0284 Jukebox3 (6c24d3878f44c271d94ea6cab1acd739) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys

2011/09/22 09:46:00.0218 0284 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/09/22 09:46:00.0234 0284 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/09/22 09:46:00.0281 0284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/09/22 09:46:00.0328 0284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/09/22 09:46:00.0406 0284 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

2011/09/22 09:46:00.0453 0284 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

2011/09/22 09:46:00.0515 0284 LBeepKE (ca4c92d8b59ddee29759e35aa2cc4c3b) C:\WINDOWS\system32\Drivers\LBeepKE.sys

2011/09/22 09:46:00.0593 0284 LEqdUsb (0fe8fefe98626509661b50ea20ecd129) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys

2011/09/22 09:46:00.0687 0284 LHidEqd (93657522a5dd7da4c81fb347973ae01c) C:\WINDOWS\system32\Drivers\LHidEqd.Sys

2011/09/22 09:46:00.0718 0284 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

2011/09/22 09:46:00.0750 0284 LHidKe (d86c17d256bbbcfb51b9c8c20dc56804) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys

2011/09/22 09:46:00.0781 0284 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

2011/09/22 09:46:00.0812 0284 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

2011/09/22 09:46:00.0875 0284 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

2011/09/22 09:46:00.0968 0284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/09/22 09:46:01.0015 0284 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/09/22 09:46:01.0046 0284 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/09/22 09:46:01.0109 0284 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/09/22 09:46:01.0125 0284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/09/22 09:46:01.0187 0284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/09/22 09:46:01.0250 0284 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/09/22 09:46:01.0265 0284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/09/22 09:46:01.0312 0284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/09/22 09:46:01.0328 0284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/09/22 09:46:01.0390 0284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/09/22 09:46:01.0421 0284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/09/22 09:46:01.0468 0284 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/09/22 09:46:01.0578 0284 NAVAP (69b2c32f9382ff0ab458d43415cd9460) C:\Program Files\NavNT\NAVAP.sys

2011/09/22 09:46:01.0593 0284 NAVAPEL (d488113cfbaa3a4a7c2822662923a3e9) C:\Program Files\NavNT\NAVAPEL.SYS

2011/09/22 09:46:01.0687 0284 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys

2011/09/22 09:46:01.0812 0284 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys

2011/09/22 09:46:01.0921 0284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/09/22 09:46:01.0968 0284 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/09/22 09:46:01.0984 0284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/09/22 09:46:01.0984 0284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/09/22 09:46:02.0031 0284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/09/22 09:46:02.0125 0284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/09/22 09:46:02.0140 0284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/09/22 09:46:02.0187 0284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/09/22 09:46:02.0234 0284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/09/22 09:46:02.0296 0284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/09/22 09:46:02.0515 0284 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/09/22 09:46:02.0656 0284 nvata (ef9941593b2e9b436f64a87ddb570d1a) C:\WINDOWS\system32\DRIVERS\nvata.sys

2011/09/22 09:46:02.0703 0284 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2011/09/22 09:46:02.0718 0284 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2011/09/22 09:46:02.0765 0284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/09/22 09:46:02.0843 0284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/09/22 09:46:02.0875 0284 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/09/22 09:46:02.0921 0284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/09/22 09:46:02.0968 0284 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/09/22 09:46:02.0984 0284 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/09/22 09:46:03.0015 0284 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/09/22 09:46:03.0046 0284 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/09/22 09:46:03.0203 0284 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys

2011/09/22 09:46:03.0265 0284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/09/22 09:46:03.0296 0284 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/09/22 09:46:03.0343 0284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/09/22 09:46:03.0359 0284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/09/22 09:46:03.0406 0284 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/09/22 09:46:03.0453 0284 pxkbf (0c738845c7c12c45f05b127edff2cc87) C:\WINDOWS\system32\drivers\pxkbf.sys

2011/09/22 09:46:03.0500 0284 pxrts (04d1c97a0818f9378eeaa793a09f8202) C:\WINDOWS\system32\drivers\pxrts.sys

2011/09/22 09:46:03.0531 0284 pxscan (e6e1f9f717feab3e16c3b160b17e6855) C:\WINDOWS\system32\drivers\pxscan.sys

2011/09/22 09:46:03.0609 0284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/09/22 09:46:03.0671 0284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/09/22 09:46:03.0687 0284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/09/22 09:46:03.0718 0284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/09/22 09:46:03.0781 0284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/09/22 09:46:03.0812 0284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/09/22 09:46:03.0828 0284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/09/22 09:46:03.0890 0284 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/09/22 09:46:03.0906 0284 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/09/22 09:46:03.0984 0284 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys

2011/09/22 09:46:04.0031 0284 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys

2011/09/22 09:46:04.0109 0284 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/09/22 09:46:04.0156 0284 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/09/22 09:46:04.0437 0284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/09/22 09:46:04.0484 0284 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/09/22 09:46:04.0500 0284 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/09/22 09:46:04.0531 0284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/09/22 09:46:04.0609 0284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/09/22 09:46:04.0625 0284 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/09/22 09:46:04.0734 0284 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/09/22 09:46:04.0765 0284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/09/22 09:46:04.0781 0284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/09/22 09:46:04.0921 0284 SymEvent (a769203607d8af4efa01148ae86697d5) C:\Program Files\Symantec\SYMEVENT.SYS

2011/09/22 09:46:05.0031 0284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/09/22 09:46:05.0093 0284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/09/22 09:46:05.0125 0284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/09/22 09:46:05.0171 0284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/09/22 09:46:05.0218 0284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/09/22 09:46:05.0281 0284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/09/22 09:46:05.0343 0284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/09/22 09:46:05.0390 0284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/09/22 09:46:05.0437 0284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/09/22 09:46:05.0500 0284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/09/22 09:46:05.0500 0284 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/09/22 09:46:05.0515 0284 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/09/22 09:46:05.0562 0284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/09/22 09:46:05.0578 0284 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/09/22 09:46:05.0625 0284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/09/22 09:46:05.0734 0284 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/09/22 09:46:05.0765 0284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/09/22 09:46:05.0812 0284 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/09/22 09:46:05.0875 0284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/09/22 09:46:05.0968 0284 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/09/22 09:46:06.0031 0284 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/09/22 09:46:06.0078 0284 ZWDAGMLowerFilter (2e3f2f8ef0ae16430823c59c03bcef26) C:\WINDOWS\system32\DRIVERS\zwda_gm_lowerfilter.sys

2011/09/22 09:46:06.0109 0284 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/09/22 09:46:06.0171 0284 Boot (0x1200) (ecb08b0cf63b58cbfa100c229b75b682) \Device\Harddisk0\DR0\Partition0

2011/09/22 09:46:06.0187 0284 ================================================================================

2011/09/22 09:46:06.0187 0284 Scan finished

2011/09/22 09:46:06.0187 0284 ================================================================================

2011/09/22 09:46:06.0203 1188 Detected object count: 0

2011/09/22 09:46:06.0203 1188 Actual detected object count: 0

Link to post
Share on other sites

  • Staff

Hi,

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now. Stop it after half an hour of no activity.

Link to post
Share on other sites

Thank you. It did run and rebooted successfully. The log didn't come up on its own but it was in the sega folder on C. Here is the log.

ComboFix log

aComboFix 11-09-23.03 - Emily 09/23/2011 15:15:56.2.2 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2905 [GMT -5:00]

Running from: C:\Documents and Settings\Emily\desktop\sega.com

Command switches used :: /killall

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicatingF8BAE633D2452D325EC096B06A043A5D.cacao

---- Previous Run -------

C:\Documents and Settings\Emily\Application Data\cacaoweb

C:\Documents and Settings\Emily\Application Data\cacaoweb\ad96D9145E8C867A23E1125CAAA9681BE1.ad

C:\Documents and Settings\Emily\Application Data\cacaoweb\errorlog.txt

C:\Documents and Settings\Emily\Application Data\cacaoweb\npdfile.dat

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating085894C846EB8C86A935E3DB5A485E0D.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating2275E3B84689680F44860D6C665A8797.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating3730549CA1B0296C4C166022A0DD63E4.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating555B862BAB752757F595505B07F66854.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating624DF20E14B4520E7EC78720480A942A.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating711197015AEF01359CA0E45B827C6392.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating74514616431E29E60A4A1A27DFA9774C.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating7C727EF6320FBC3B47FEC06F86EB2689.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating7FEE6F63A4346A6E8BB710FBBDDE00C5.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating8139206ADBD5418FC2C2792BBFA67E0B.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating8BFBAB7A159C6B48C72D741451CC1365.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating9888A55C356F3A692EA220B4005C1311.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicatingCD2A6C367C195C044F8C4596FD449459.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicatingD6F7705E78BB8F17FBC7B46EEF38FA6B.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicatingE3BE23BEF25BB466F960DFBB4057EF29.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicatingEE9FECD073E1282224F0648E14E0C276.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\replicatingFD89E9E9F118ACE721774DC1924DAC0C.cacao

C:\Documents and Settings\Emily\Application Data\cacaoweb\storage.db

C:\Documents and Settings\Emily\Desktop\cacaoweb.exe

C:\Documents and Settings\Emily\Local Settings\Application Data\ApplicationHistory

C:\Documents and Settings\Emily\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

C:\Documents and Settings\Emily\My Documents\2010.enl

C:\Documents and Settings\Emily\WINDOWS

C:\install.exe

C:\Program Files\cacaoweb

C:\Program Files\cacaoweb\cacaoweb.exe

C:\Program Files\driver

C:\Program Files\Microsoft Office\OFFICE11\OSA.exe

C:\Program Files\Uninstall.exe

C:\Program Files\Uninstall.ini

C:\WINDOWS\system32\1.tmp

C:\WINDOWS\system32\comct332.ocx

C:\WINDOWS\system32\regobj.dll

Pass LEGAL for license information. Built Sat Jun 25 23:20:28 2011C:\Documents and Settings\Default User\NtUser.dat.LOG

((((((((((((((((((((((((( Files Created from 2011-08-23 to 2011-09-23 )))))))))))))))))))))))))))))))

2011-09-12 04:56:18 . 2009-06-18 18:54:10 6144 ------w- C:\WINDOWS\system32\2.tmp

2011-09-12 03:23:25 . 2009-06-18 18:54:10 6144 ------w- C:\WINDOWS\system32\12.tmp

2011-09-12 02:18:06 . 2011-09-12 02:18:49 -------- d-----w- C:\Program Files\kohmtgiw

2011-09-03 10:17:37 . 2011-09-03 10:17:37 599040 -c----w- C:\WINDOWS\system32\dllcache\crypt32.dll

2011-08-27 20:31:39 . 2011-08-27 20:31:39 -------- d-----w- C:\Program Files\iPod

2011-08-27 20:31:22 . 2011-08-27 20:32:47 -------- d-----w- C:\Program Files\iTunes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-23 20:25:24 . 2010-05-24 17:35:16 32008 ----a-w- C:\WINDOWS\system32\drivers\pxscan.sys

2011-09-23 20:25:22 . 2010-05-24 17:35:15 26096 ----a-w- C:\WINDOWS\system32\drivers\pxkbf.sys

2011-09-12 02:37:20 . 2010-05-24 17:35:16 71880 ----a-w- C:\WINDOWS\system32\PxSecure.dll

2011-09-03 10:17:37 . 2004-08-04 05:56:42 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll

2011-08-31 22:00:50 . 2010-01-11 18:30:46 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2011-08-24 15:57:25 . 2010-06-17 20:18:37 16400 ----a-w- C:\WINDOWS\system32\drivers\LNonPnP.sys

2011-08-13 06:36:11 . 2011-08-13 06:36:11 53248 ----a-r- C:\Documents and Settings\Emily\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-08-11 23:45:42 . 2011-05-20 17:22:35 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 . 2004-08-04 04:15:18 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys

2011-07-12 16:20:54 . 2011-07-12 16:20:54 83816 ----a-w- C:\WINDOWS\system32\dns-sd.exe

2011-07-12 16:20:54 . 2011-07-12 16:20:54 73064 ----a-w- C:\WINDOWS\system32\dnssd.dll

2011-07-12 16:20:54 . 2011-07-12 16:20:54 50536 ----a-w- C:\WINDOWS\system32\jdns_sd.dll

2011-07-12 16:20:54 . 2011-07-12 16:20:54 178536 ----a-w- C:\WINDOWS\system32\dnssdX.dll

2011-07-08 14:02:00 . 2001-08-23 12:00:00 10496 ----a-w- C:\WINDOWS\system32\drivers\ndistapi.sys

2011-07-05 23:37:00 . 2011-07-05 23:37:00 94208 ----a-w- C:\WINDOWS\system32\QuickTimeVR.qtx

2011-07-05 23:37:00 . 2011-07-05 23:37:00 69632 ----a-w- C:\WINDOWS\system32\QuickTime.qts

2010-11-05 07:09:24 . 2010-11-16 19:28:32 7221248 ----a-w- C:\Program Files\praat.exe

2010-05-26 23:16:12 . 2010-05-26 23:16:12 9194224 ----a-w- C:\Program Files\IconWorkshop.exe

2010-05-25 15:19:36 . 2010-05-25 15:19:36 1124864 ----a-w- C:\Program Files\ResGer.dll

2010-05-25 15:18:44 . 2010-05-25 15:18:44 1127936 ----a-w- C:\Program Files\ResFra.dll

2009-09-02 15:02:44 . 2009-09-02 15:02:44 110080 ----a-w- C:\Program Files\IconWorkshopAddin.dll

2008-08-08 20:25:00 . 2008-08-08 20:25:00 81920 ----a-w- C:\Program Files\IconWorkshopAddin2005.dll

2008-03-25 03:50:26 . 2008-03-25 03:50:26 554008 ----a-w- C:\Program Files\Common Files\dao360.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]

2011-04-06 20:49:30 232696 ----a-w- C:\Program Files\Expat Shield\HssIE\ExpatIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 22:07:20 2260480]

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 10:40:32 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-18 05:55:00 13574144]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-17 00:30:10 16855552]

"SkyTel"="SkyTel.EXE" [2007-10-11 17:04:04 1826816]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-16 11:10:00 122940]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 10:40:34 86960]

"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 13:59:00 73728]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-18 05:55:00 86016]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 04:02:26 37296]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 17:59:52 254696]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 08:12:38 76304]

"Logicool Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 08:12:38 76304]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 08:12:38 76304]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-08-19 06:07:38 421736]

"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 22:00:48 449608]

Thank you.

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

Link to post
Share on other sites

It asked me if I meant to install a combofix script and said the script was improperly spelt. I was able to re-enable internet connection and install recovery console that way. Combofix did not reboot the computer (meaning it didn't find anything to fix?) and just scanned and gave me a log. The log is below. Also there is a new DDS log included/attached and a scan with MBAM (up to date) showed no malicious items.

ComboFix log

ComboFix 11-09-27.01 - Emily 09/27/2011 9:42.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2329 [GMT -5:00]

Running from: c:\documents and settings\Emily\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\Emily\Application Data\cacaoweb\replicatingF8BAE633D2452D325EC096B06A043A5D.cacao

.

.

((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))

.

.

2011-09-12 04:56 . 2009-06-18 18:54 6144 ------w- c:\windows\system32\2.tmp

2011-09-12 03:23 . 2009-06-18 18:54 6144 ------w- c:\windows\system32\12.tmp

2011-09-12 02:18 . 2011-09-12 02:18 -------- d-----w- c:\program files\kohmtgiw

2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-23 20:25 . 2010-05-24 17:35 71880 ----a-w- c:\windows\system32\PxSecure.dll

2011-09-23 20:25 . 2010-05-24 17:35 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys

2011-09-23 20:25 . 2010-05-24 17:35 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2011-09-03 10:17 . 2004-08-04 05:56 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 22:00 . 2010-01-11 18:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-24 15:57 . 2010-06-17 20:18 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-08-13 06:36 . 2011-08-13 06:36 53248 ----a-r- c:\documents and settings\Emily\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-08-11 23:45 . 2011-05-20 17:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29 . 2004-08-04 04:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02 . 2001-08-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-05 07:09 . 2010-11-16 19:28 7221248 ----a-w- c:\program files\praat.exe

2010-05-26 23:16 . 2010-05-26 23:16 9194224 ----a-w- c:\program files\IconWorkshop.exe

2010-05-25 15:19 . 2010-05-25 15:19 1124864 ----a-w- c:\program files\ResGer.dll

2010-05-25 15:18 . 2010-05-25 15:18 1127936 ----a-w- c:\program files\ResFra.dll

2009-09-02 15:02 . 2009-09-02 15:02 110080 ----a-w- c:\program files\IconWorkshopAddin.dll

2008-08-08 20:25 . 2008-08-08 20:25 81920 ----a-w- c:\program files\IconWorkshopAddin2005.dll

2008-03-25 03:50 . 2008-03-25 03:50 554008 ----a-w- c:\program files\Common Files\dao360.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]

2011-04-06 20:49 232696 ----a-w- c:\program files\Expat Shield\HssIE\ExpatIE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"cacaoweb"="c:\program files\cacaoweb\cacaoweb.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-17 16855552]

"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-16 122940]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

"vptray"="c:\program files\NavNT\vptray.exe" [2001-09-24 73728]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"Logicool Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-9 113664]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-8-14 805392]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NovaBACKUP Tray Control.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk

backup=c:\windows\pss\NovaBACKUP Tray Control.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BIBLauncher]

2011-03-15 19:02 901600 ----a-w- c:\program files\Business-in-a-Box\BIBLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2004-03-04 15:46 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2006-09-11 10:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 06:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-09-18 05:55 1657376 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCCloneEX]

2010-05-21 15:29 5668864 ----a-w- c:\program files\PCCloneEX\PCCloneEX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Documents and Settings\\Emily\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [5/24/2010 12:35 PM 32008]

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [1/12/2010 2:54 PM 4064]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/9/2010 10:06 AM 13696]

R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [5/24/2010 12:35 PM 6416120]

R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\Expat Shield\bin\hsswd.exe -product Expat --> c:\program files\Expat Shield\bin\hsswd.exe -product Expat [?]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/13/2011 3:40 AM 3712]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/11/2010 1:30 PM 366152]

R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\NovaStor\NovaStor NovaBACKUP\nsService.exe [4/14/2010 9:23 PM 261256]

R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [5/24/2010 12:35 PM 76696]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 11:55 AM 42648]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 12:30 PM 12184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/11/2010 1:30 PM 22216]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [5/24/2010 12:35 PM 26096]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Emily\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Emily\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Emily\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Emily\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [5/21/2010 7:37 AM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [5/21/2010 7:37 AM 8456]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [8/11/2011 7:00 PM 27064]

S3 ZWDAGMLowerFilter;ZWDA General Mouse Filter Driver;c:\windows\system32\drivers\zwda_gm_lowerfilter.sys [8/13/2011 2:45 AM 21248]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2011-09-27 c:\windows\Tasks\Defrag.job

- c:\documents and settings\Emily\Desktop\Security Suite\defrag_all2.vbs [2010-01-13 17:51]

.

2011-09-27 c:\windows\Tasks\Malwarebytes Scan .job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-11 22:00]

.

2011-09-27 c:\windows\Tasks\Malwarebytes Update .job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-11 22:00]

.

2010-05-05 c:\windows\Tasks\Reboot.job

- c:\windows\system32\shutdown.exe [2004-08-04 00:12]

.

2011-09-27 c:\windows\Tasks\Spybot Scan.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-01-09 21:31]

.

2011-09-27 c:\windows\Tasks\Spybot Updater.job

- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-01-09 21:31]

.

2011-09-27 c:\windows\Tasks\System Restore Point.job

- c:\documents and settings\Emily\Desktop\Security Suite\make_restore_point2.vbs [2010-01-13 02:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Semagic - c:\program files\Semagic\link.htm

Trusted Zone: cleverreach.com\novastor

Trusted Zone: google-analytics.com

Trusted Zone: novastor.com

TCP: DhcpNameServer = 97.64.168.12 97.64.183.165

TCP: Interfaces\{95FD4FBC-FE00-4841-8934-F54CDC3596B1}: NameServer = 208.67.222.222,208.67.220.220

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Emily\Application Data\Mozilla\Firefox\Profiles\lfmweh3o.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org

FF - Ext: Cache Status: cache@status.org - %profile%\extensions\cache@status.org

FF - Ext: eSnipe.com SnipeIt!: esnipesnipeit@esnipe.com - %profile%\extensions\esnipesnipeit@esnipe.com

FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent

FF - Ext: Clear History: nadir.kadem@gmail.com - %profile%\extensions\nadir.kadem@gmail.com

FF - Ext: TACO with Abine: optout@dubfire.net - %profile%\extensions\optout@dubfire.net

FF - Ext: RightBar: rightbar@realmtech.net - %profile%\extensions\rightbar@realmtech.net

FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Old Location Bar: {3205B348-523A-4fac-9BC4-9939CBF583B0} - %profile%\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}

FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - %profile%\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Steep and Cheap Watcher: {fa038e8f-d1d1-11db-9705-005056c00008} - %profile%\extensions\{fa038e8f-d1d1-11db-9705-005056c00008}

FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard

FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}

FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca

FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}

FF - Ext: ScribeFire: {F807FACD-E46A-4793-B345-D58CB177673C} - %profile%\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}

FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org

FF - Ext: AddonFox: {ad48108d-92a6-4eb9-87e4-978aca1dbae4} - %profile%\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}

FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-IconWorkshop - c:\program files\UnInstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-27 09:50

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

cacaoweb = "c:\program files\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?es??????????????????R???????????????R???R???????????R?P?R???H???????H?????????????( ??????Service Pack 3?????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\13.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(676)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

c:\windows\system32\NavLogon.dll

.

- - - - - - - > 'explorer.exe'(3012)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\dfshim.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\program files\Microsoft Office\OFFICE11\msohev.dll

c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL

c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll

c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll

c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL

.

Completion time: 2011-09-27 09:52:42

ComboFix-quarantined-files.txt 2011-09-27 14:52

.

Pre-Run: 22,185,132,032 bytes free

Post-Run: 22,170,226,688 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 20382C48715C994B251ED14243E6EF67

DDS log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Emily at 10:14:16 on 2011-09-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2272 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\Program Files\Prevx\prevx.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Expat Shield\bin\hsswd.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\Prevx\prevx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\NavNT\vptray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - c:\program files\expat shield\hssie\ExpatIE.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [cacaoweb] "c:\program files\cacaoweb\cacaoweb.exe" -noplayer

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [vptray] c:\program files\navnt\vptray.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Logicool Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: Semagic - c:\program files\semagic\link.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: cleverreach.com\novastor

Trusted Zone: google-analytics.com

Trusted Zone: novastor.com

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263066431796

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{95FD4FBC-FE00-4841-8934-F54CDC3596B1} : NameServer = 208.67.222.222,208.67.220.220

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=

FF - component: c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\extensions\optout@dubfire.net\lib\winnt\ff3\AbineComponent.dll

FF - plugin: c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org

FF - Ext: Cache Status: cache@status.org - %profile%\extensions\cache@status.org

FF - Ext: eSnipe.com SnipeIt!: esnipesnipeit@esnipe.com - %profile%\extensions\esnipesnipeit@esnipe.com

FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent

FF - Ext: Clear History: nadir.kadem@gmail.com - %profile%\extensions\nadir.kadem@gmail.com

FF - Ext: TACO with Abine: optout@dubfire.net - %profile%\extensions\optout@dubfire.net

FF - Ext: RightBar: rightbar@realmtech.net - %profile%\extensions\rightbar@realmtech.net

FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Old Location Bar: {3205B348-523A-4fac-9BC4-9939CBF583B0} - %profile%\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}

FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - %profile%\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Steep and Cheap Watcher: {fa038e8f-d1d1-11db-9705-005056c00008} - %profile%\extensions\{fa038e8f-d1d1-11db-9705-005056c00008}

FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard

FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}

FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca

FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}

FF - Ext: ScribeFire: {F807FACD-E46A-4793-B345-D58CB177673C} - %profile%\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}

FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org

FF - Ext: AddonFox: {ad48108d-92a6-4eb9-87e4-978aca1dbae4} - %profile%\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}

FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

============= SERVICES / DRIVERS ===============

.

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-5-24 32008]

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2010-1-12 4064]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-1-9 13696]

R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-5-24 6416120]

R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-8-13 3712]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-11 366152]

R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2001-9-24 9232]

R2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-9-24 454656]

R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2010-4-14 261256]

R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-5-24 76696]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 42648]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 12184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-11 22216]

R3 NAVAP;NAVAP;c:\program files\navnt\navap.sys [2001-9-24 176208]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVENG.sys [2010-10-13 86064]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVEX15.sys [2010-10-13 1371184]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-5-24 26096]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\emily\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\emily\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\emily\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\emily\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-5-21 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-5-21 8456]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-11 27064]

S3 ZWDAGMLowerFilter;ZWDA General Mouse Filter Driver;c:\windows\system32\drivers\zwda_gm_lowerfilter.sys [2011-8-13 21248]

.

=============== Created Last 30 ================

.

2011-09-27 14:38:51 -------- d-sha-r- C:\cmdcons

2011-09-17 16:25:06 208896 ----a-w- c:\windows\MBR.exe

2011-09-17 16:25:05 518144 ----a-w- c:\windows\SWREG.exe

2011-09-17 16:25:05 256000 ----a-w- c:\windows\PEV.exe

2011-09-17 16:25:04 98816 ----a-w- c:\windows\sed.exe

2011-09-12 04:56:18 6144 ------w- c:\windows\system32\2.tmp

2011-09-12 03:23:25 6144 ------w- c:\windows\system32\12.tmp

2011-09-12 02:18:06 -------- d-----w- c:\program files\kohmtgiw

2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

.

==================== Find3M ====================

.

2011-09-27 15:14:34 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-23 20:25:26 71880 ----a-w- c:\windows\system32\PxSecure.dll

2011-09-23 20:25:24 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys

2011-09-23 20:25:22 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-24 15:57:25 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-08-11 23:45:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-05 07:09:24 7221248 ----a-w- c:\program files\praat.exe

2010-05-26 23:16:12 9194224 ----a-w- c:\program files\IconWorkshop.exe

2010-05-25 15:19:36 1124864 ----a-w- c:\program files\ResGer.dll

2010-05-25 15:18:44 1127936 ----a-w- c:\program files\ResFra.dll

2009-09-02 15:02:44 110080 ----a-w- c:\program files\IconWorkshopAddin.dll

2008-08-08 20:25:00 81920 ----a-w- c:\program files\IconWorkshopAddin2005.dll

2008-03-25 03:50:26 554008 ----a-w- c:\program files\common files\dao360.dll

.

============= FINISH: 10:15:17.32 ===============

Thank you. Hoping this is maybe close to being resolved?

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.