[RESOLVED] Malware infected Windows XP

Started By yu677gh, Oct 12 2011 01:41 AM

Next

You cannot start a new topic
You cannot reply to this topic
Go to first unread post

50 replies to this topic

#1 yu677gh

Member

58 posts
Joined: June 08, 2011
2 topics
Skin: IP.Board
Local time: 05:05 AM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

Time Online: 4h 40m 19s

Posted 12 October 2011 - 01:41 AM

Hi Broni,
Thank you for all your help in the past. I have another infectd computer win32:sirefef-o [RTK]

I followed the instructions step by step, but was unable to run Malwarebytes successfully.

also some of the scans quit in the middle, but I was able to save partial logs

Malwarebytes: no log

Gmer: 2 logs (incomplete)

(1)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-11 20:39:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.05.0
Running: TTgmer.exe; Driver: C:\DOCUME~1\DanConn1\LOCALS~1\Temp\kxdoqkod.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----

(2)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-11 20:59:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\DanConn1\LOCALS~1\Temp\kxdoqkod.sys

---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IoAllocateIrp + C 804EAFC9 7 Bytes CALL 89FFCC75
? C:\WINDOWS\system32\DRIVERS\cdrom.sys suspicious PE modification
? C:\DOCUME~1\DanConn1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0195000A
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0196000A
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FF000C
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01E0000A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 01E1000A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 01E2000A
.text C:\WINDOWS\system32\svchost.exe[1104] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 01DF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02C7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02C8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 02C6000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

aswMBR : I think incomplete

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-11 21:05:35
-----------------------------
21:05:35.187 OS Version: Windows 5.1.2600 Service Pack 3
21:05:35.187 Number of processors: 2 586 0x170A
21:05:35.203 ComputerName: CONN1OPTIPLEX UserName: DanConn1
21:05:36.500 Initialize success
21:05:36.796 AVAST engine defs: 11101102
21:05:40.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:05:40.015 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 8
21:05:40.046 Disk 0 MBR read successfully
21:05:40.046 Disk 0 MBR scan
21:05:40.062 Disk 0 Windows VISTA default MBR code
21:05:40.078 Disk 0 scanning sectors +976768065
21:05:40.171 Disk 0 scanning C:\WINDOWS\system32\drivers
21:05:44.187 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Crypt-KMR [Trj]
21:05:47.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DanConn1\Desktop\MBR.dat"
21:05:47.734 The log file has been saved successfully to "C:\Documents and Settings\DanConn1\Desktop\aswMBR.txt"

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by DanConn1 at 21:08:21 on 2011-10-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1862 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\3176305346:1030597954.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com/sphome.aspx
mSearchAssistant = hxxp://www.bing.com/sphome.aspx
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [aUVrlONtx08234A] c:\windows\system32\xH5sQJ7dE8RqYw.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\documents and settings\danconn1\start menu\programs\startup\crss.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kavoom~1.lnk - c:\program files\kavoom! km\KaVoomKM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{94A6737D-1D94-4AC8-88B4-16063AB3C8E1} : DhcpNameServer = 167.206.251.130 167.206.251.129
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2010-7-28 24064]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-7-28 166568]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-11 442200]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-11 320856]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-11 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-11 44768]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 136176]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-7-28 13336]
S2 KaVoom! KM;KaVoom! KM;c:\program files\kavoom! km\KaVoomKM.exe [2007-1-31 1679360]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 136176]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-10-10 30576]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
.
=============== Created Last 30 ================
.
2011-10-12 00:11:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-12 00:10:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-12 00:10:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-11 23:50:47 -------- d-----w- c:\documents and settings\danconn1\application data\tEKUVrlOBx
2011-10-11 23:50:47 -------- d-----w- c:\documents and settings\danconn1\application data\RnG4aQHqjCl2n4
2011-10-11 23:46:32 -------- d-----w- c:\documents and settings\danconn1\application data\KibD3pnG5Q6W8R9
2011-10-11 23:46:31 -------- d-----w- c:\documents and settings\danconn1\application data\NvD2obF4p5Q7E8R
2011-10-11 22:55:54 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-11 22:55:50 41184 ----a-w- c:\windows\avastSS.scr
2011-10-11 22:55:45 -------- d-----w- c:\program files\AVAST Software
2011-10-11 22:55:45 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-10-11 22:15:24 -------- d-----w- c:\documents and settings\danconn1\application data\Malwarebytes
2011-10-11 22:15:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-11 20:04:02 -------- d-----w- c:\documents and settings\danconn1\application data\swwkkVrlOtAuSiF
2011-10-11 20:04:02 -------- d-----w- c:\documents and settings\danconn1\application data\GF4pmH5sW7E8TqY
2011-10-11 20:01:16 -------- d-----w- c:\documents and settings\danconn1\application data\aA1uvD2ob4m5Q7E
2011-10-11 20:01:15 -------- d-----w- c:\documents and settings\danconn1\application data\FfRL9gTXqUeIrPy
2011-10-11 00:08:42 -------- d-----w- c:\documents and settings\danconn1\application data\GL8gTZqjYw
2011-10-11 00:08:41 -------- d-----w- c:\documents and settings\danconn1\application data\B1ivD2onFaHsJ
2011-10-09 21:07:40 -------- d-----w- c:\documents and settings\danconn1\application data\HqjYCekIVzN
2011-10-09 21:07:40 -------- d-----w- c:\documents and settings\danconn1\application data\GxA0uvS2oFpGsJd
2011-10-09 21:07:34 3025920 ----a-w- c:\windows\system32\xH5sQJ7dE8RqYw.exe
2011-10-09 21:07:33 -------- d-----w- c:\documents and settings\danconn1\application data\VkIBrzPNyAuDoFp
2011-09-23 05:49:25 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{79f95992-966c-4563-91d8-25190dfc1d30}\offreg.dll
2011-09-23 05:49:24 7269712 ------w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{79f95992-966c-4563-91d8-25190dfc1d30}\mpengine.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 21:08:37.85 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/9/2010 3:47:26 PM
System Uptime: 10/11/2011 8:08:01 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0C27VV
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz | CPU | 2925/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 445.321 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_0424&PID_4060\7&2327761B&0&000000264001
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_0424&PID_4060\7&2327761B&0&000000264001
Service: USBSTOR
.
==== System Restore Points ===================
.
RP314: 7/21/2011 9:19:05 AM - Software Distribution Service 3.0
RP315: 8/15/2011 5:32:06 PM - Software Distribution Service 3.0
RP316: 8/16/2011 2:04:16 AM - Software Distribution Service 3.0
RP317: 8/16/2011 3:00:13 AM - Software Distribution Service 3.0
RP318: 8/17/2011 1:39:16 AM - Software Distribution Service 3.0
RP319: 8/18/2011 2:23:06 AM - System Checkpoint
RP320: 8/22/2011 8:02:43 AM - Software Distribution Service 3.0
RP321: 8/23/2011 1:48:20 AM - Software Distribution Service 3.0
RP322: 8/24/2011 2:52:43 AM - System Checkpoint
RP323: 8/24/2011 3:00:12 AM - Software Distribution Service 3.0
RP324: 8/25/2011 3:04:36 AM - System Checkpoint
RP325: 8/26/2011 1:48:16 AM - Software Distribution Service 3.0
RP326: 8/27/2011 2:04:35 AM - System Checkpoint
RP327: 9/4/2011 7:43:13 PM - Software Distribution Service 3.0
RP328: 9/5/2011 8:40:00 PM - System Checkpoint
RP329: 9/6/2011 2:19:15 AM - Software Distribution Service 3.0
RP330: 9/7/2011 3:00:12 AM - Software Distribution Service 3.0
RP331: 9/8/2011 3:18:10 AM - System Checkpoint
RP332: 9/9/2011 2:23:15 AM - Software Distribution Service 3.0
RP333: 9/10/2011 3:20:07 AM - System Checkpoint
RP334: 9/11/2011 4:20:07 AM - System Checkpoint
RP335: 9/12/2011 5:20:07 AM - System Checkpoint
RP336: 9/13/2011 2:23:17 AM - Software Distribution Service 3.0
RP337: 9/14/2011 3:00:15 AM - Software Distribution Service 3.0
RP338: 9/15/2011 3:22:40 AM - System Checkpoint
RP339: 9/16/2011 1:49:14 AM - Software Distribution Service 3.0
RP340: 9/17/2011 2:22:40 AM - System Checkpoint
RP341: 9/18/2011 3:22:40 AM - System Checkpoint
RP342: 9/19/2011 4:22:40 AM - System Checkpoint
RP343: 9/20/2011 1:49:17 AM - Software Distribution Service 3.0
RP344: 9/21/2011 2:22:40 AM - System Checkpoint
RP345: 9/22/2011 3:22:14 AM - System Checkpoint
RP346: 9/23/2011 1:49:19 AM - Software Distribution Service 3.0
RP347: 9/24/2011 1:58:22 AM - System Checkpoint
RP348: 9/25/2011 2:22:14 AM - System Checkpoint
RP349: 9/26/2011 3:22:15 AM - System Checkpoint
RP350: 9/27/2011 4:22:15 AM - System Checkpoint
RP351: 9/28/2011 5:22:17 AM - System Checkpoint
RP352: 9/29/2011 6:22:18 AM - System Checkpoint
RP353: 9/30/2011 7:22:18 AM - System Checkpoint
RP354: 10/1/2011 8:00:14 AM - System Checkpoint
RP355: 10/2/2011 8:22:19 AM - System Checkpoint
RP356: 10/3/2011 9:22:19 AM - System Checkpoint
RP357: 10/4/2011 10:22:18 AM - System Checkpoint
RP358: 10/5/2011 11:22:20 AM - System Checkpoint
RP359: 10/6/2011 12:22:21 PM - System Checkpoint
RP360: 10/7/2011 1:22:21 PM - System Checkpoint
RP361: 10/8/2011 2:10:29 PM - System Checkpoint
RP362: 10/9/2011 2:22:21 PM - System Checkpoint
RP363: 10/10/2011 8:10:44 PM - Software Distribution Service 3.0
RP364: 10/10/2011 8:19:06 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
Adobe Acrobat 6.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Reader 8.3.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
avast! Free Antivirus
BioAPI Framework
BNP Paribas Online Trading ver 7.0
Brother MFL-Pro Suite MFC-6490CW
Cisco Connect
Citrix XenApp Web Plugin
Click to Call with Skype
DCP32MMWrapper
Dell Backup and Recovery Manager
Dell Control Point
Dell ControlPoint Security Manager
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Gemalto
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Network Connections 14.8.43.0
Intel® Rapid Storage Technology
Internet Explorer (Enable DEP)
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
KaVoom! KM
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser (KB927977)
NTRU TCG Software Stack
NVIDIA Drivers
NVIDIA nView Desktop Manager
OGA Notifier 2.0.0048.0
PaperPort Image Printer
PowerDVD DX
Preboot Manager
Private Information Manager
QuickTime
RealPlayer
RealUpgrade 1.0
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Security Wizards
Segoe UI
Skype™ 5.5
SO32MMWrapper
ST Microelectronics TPM Driver Installer
Trusted Drive Manager
UltraMon
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
UPEK TouchChip Fingerprint Reader
vShare Plugin
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Windows Defender
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
10/9/2011 9:35:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
10/9/2011 5:04:09 PM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
10/11/2011 8:22:06 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\TTAvastUI.exe. Reference error message: The operation completed successfully. .
10/11/2011 7:54:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm
10/11/2011 7:51:00 PM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
10/11/2011 7:50:55 PM, error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/11/2011 7:46:24 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\avastUI.exe. Reference error message: The operation completed successfully. .
10/11/2011 6:56:52 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
10/11/2011 6:56:52 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\AvastUI.exe. Reference error message: The operation completed successfully. .
10/11/2011 6:56:52 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
10/11/2011 6:55:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/11/2011 6:04:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
10/11/2011 6:03:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/11/2011 6:03:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/11/2011 4:01:32 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8880eda0, parameter3 8880ef14, parameter4 805d29b4.
10/11/2011 4:01:31 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd30942b, parameter3 a87588d8, parameter4 00000000.
10/11/2011 4:01:30 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd30942b, parameter3 b201f8d8, parameter4 00000000.
10/11/2011 4:01:30 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd30942b, parameter3 a82dd8d8, parameter4 00000000.
10/11/2011 4:01:23 PM, error: System Error [1003] - Error code 000000ca, parameter1 00000001, parameter2 884192b8, parameter3 889ae030, parameter4 00000000.
10/10/2011 8:13:57 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
10/10/2011 8:10:53 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.113.1136.0).
10/10/2011 8:10:47 PM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: Access is denied.
10/10/2011 12:10:06 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
.
==== End Of File ===========================

Attached Files

aswMBR.txt 1.09K 5 downloads
attach.txt 21.74K 14 downloads
dds.txt 13.28K 3 downloads
GMER1.txt 422bytes 4 downloads
gmer.log.log 6.53K 10 downloads

Back to top

#2 Broni Re: [RESOLVED] Malware infected Windows XP

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 02:05 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 12 October 2011 - 01:42 AM

All logs have to be pasted please.

Back to top

#3 yu677gh Re: [RESOLVED] Malware infected Windows XP

Member

58 posts
Joined: June 08, 2011
2 topics
Skin: IP.Board
Local time: 05:05 AM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

Time Online: 4h 40m 19s

Posted 12 October 2011 - 01:57 AM

ok, I edited the original post

Back to top

#4 Broni Re: [RESOLVED] Malware infected Windows XP

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 02:05 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 12 October 2011 - 02:32 AM

Please download DummyCreator.zip and unzip it.

Run the tool.
Copy and paste the following into the edit box:

C:\WINDOWS\3176305346

Press Create button and post the content of the Result.txt.

Important: Restart the computer.
========================================================

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Back to top

#5 yu677gh Re: [RESOLVED] Malware infected Windows XP

Member

58 posts
Joined: June 08, 2011
2 topics
Skin: IP.Board
Local time: 05:05 AM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

Time Online: 4h 40m 19s

Posted 12 October 2011 - 02:48 AM

DummyCreator by Farbar
Ran by DanConn1 (administrator) on 11-10-2011 at 22:46:47
**************************************************************
C:\WINDOWS\3176305346 [11-10-2011 22:46:48]
== End of log ==

Back to top

#6 yu677gh Re: [RESOLVED] Malware infected Windows XP

Member

58 posts
Joined: June 08, 2011
2 topics
Skin: IP.Board
Local time: 05:05 AM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

Time Online: 4h 40m 19s

Posted 12 October 2011 - 02:51 AM

22:49:58.0031 2776 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
22:49:58.0625 2776 ============================================================
22:49:58.0625 2776 Current date / time: 2011/10/11 22:49:58.0625
22:49:58.0625 2776 SystemInfo:
22:49:58.0625 2776
22:49:58.0625 2776 OS Version: 5.1.2600 ServicePack: 3.0
22:49:58.0625 2776 Product type: Workstation
22:49:58.0625 2776 ComputerName: CONN1OPTIPLEX
22:49:58.0625 2776 UserName: DanConn1
22:49:58.0625 2776 Windows directory: C:\WINDOWS
22:49:58.0625 2776 System windows directory: C:\WINDOWS
22:49:58.0625 2776 Processor architecture: Intel x86
22:49:58.0625 2776 Number of processors: 2
22:49:58.0625 2776 Page size: 0x1000
22:49:58.0625 2776 Boot type: Normal boot
22:49:58.0625 2776 ============================================================
22:50:03.0656 2776 Initialize success
22:50:08.0625 2900 ============================================================
22:50:08.0625 2900 Scan started
22:50:08.0625 2900 Mode: Manual;
22:50:08.0625 2900 ============================================================
22:50:09.0171 2900 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:50:09.0203 2900 Aavmker4 - ok
22:50:09.0375 2900 Abiosdsk - ok
22:50:09.0921 2900 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:50:09.0937 2900 abp480n5 - ok
22:50:10.0187 2900 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:50:10.0203 2900 ACPI - ok
22:50:10.0218 2900 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:50:10.0234 2900 ACPIEC - ok
22:50:10.0390 2900 ADIHdAudAddService (9d13680a2f0a4d61870da624e8e2f305) C:\WINDOWS\system32\drivers\ADIHdAud.sys
22:50:10.0406 2900 ADIHdAudAddService - ok
22:50:10.0500 2900 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:50:10.0531 2900 adpu160m - ok
22:50:10.0609 2900 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:50:10.0640 2900 aec - ok
22:50:10.0703 2900 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
22:50:10.0718 2900 AFD - ok
22:50:10.0781 2900 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:50:10.0796 2900 agp440 - ok
22:50:10.0828 2900 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:50:10.0843 2900 agpCPQ - ok
22:50:10.0859 2900 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:50:10.0859 2900 Aha154x - ok
22:50:10.0890 2900 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:50:10.0921 2900 aic78u2 - ok
22:50:10.0921 2900 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:50:10.0953 2900 aic78xx - ok
22:50:10.0953 2900 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:50:10.0968 2900 AliIde - ok
22:50:10.0984 2900 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:50:11.0015 2900 alim1541 - ok
22:50:11.0015 2900 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:50:11.0031 2900 amdagp - ok
22:50:11.0046 2900 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:50:11.0046 2900 amsint - ok
22:50:11.0062 2900 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:50:11.0078 2900 asc - ok
22:50:11.0093 2900 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:50:11.0093 2900 asc3350p - ok
22:50:11.0125 2900 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:50:11.0140 2900 asc3550 - ok
22:50:11.0187 2900 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:50:11.0203 2900 aswFsBlk - ok
22:50:11.0328 2900 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
22:50:11.0390 2900 aswMon2 - ok
22:50:11.0546 2900 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
22:50:11.0562 2900 aswRdr - ok
22:50:11.0734 2900 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
22:50:11.0828 2900 aswSnx - ok
22:50:11.0875 2900 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
22:50:11.0968 2900 aswSP - ok
22:50:12.0000 2900 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
22:50:12.0015 2900 aswTdi - ok
22:50:12.0062 2900 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:50:12.0062 2900 AsyncMac - ok
22:50:12.0093 2900 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:50:12.0109 2900 atapi - ok
22:50:12.0125 2900 Atdisk - ok
22:50:12.0140 2900 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:50:12.0156 2900 Atmarpc - ok
22:50:12.0203 2900 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:50:12.0203 2900 audstub - ok
22:50:12.0265 2900 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:50:12.0281 2900 Beep - ok
22:50:12.0390 2900 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
22:50:12.0406 2900 BrScnUsb - ok
22:50:12.0421 2900 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
22:50:12.0437 2900 BrSerIf - ok
22:50:12.0453 2900 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
22:50:12.0453 2900 BrUsbSer - ok
22:50:12.0531 2900 c29252bd - ok
22:50:12.0578 2900 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:50:12.0593 2900 cbidf - ok
22:50:13.0031 2900 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:50:13.0031 2900 cbidf2k - ok
22:50:13.0062 2900 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:50:13.0078 2900 CCDECODE - ok
22:50:13.0125 2900 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:50:13.0125 2900 cd20xrnt - ok
22:50:13.0171 2900 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:50:16.0375 2900 Cdaudio - ok
22:50:16.0593 2900 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:50:16.0640 2900 Cdfs - ok
22:50:16.0796 2900 Cdrom (6b4da55c7f5b64ebfe944020973df245) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:50:16.0812 2900 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 6b4da55c7f5b64ebfe944020973df245, Fake md5: 4b0a100eaf5c49ef3cca8c641431eacc
22:50:16.0812 2900 Cdrom ( ForgedFile.Multi.Generic ) - warning
22:50:16.0812 2900 Cdrom - detected ForgedFile.Multi.Generic (1)
22:50:16.0828 2900 Changer - ok
22:50:16.0859 2900 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:50:16.0875 2900 CmdIde - ok
22:50:16.0890 2900 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:50:16.0906 2900 Cpqarray - ok
22:50:17.0109 2900 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:50:17.0140 2900 dac2w2k - ok
22:50:17.0421 2900 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:50:17.0437 2900 dac960nt - ok
22:50:17.0984 2900 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:50:18.0140 2900 Disk - ok
22:50:18.0515 2900 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:50:18.0906 2900 dmboot - ok
22:50:19.0187 2900 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:50:19.0218 2900 dmio - ok
22:50:19.0500 2900 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:50:19.0531 2900 dmload - ok
22:50:19.0843 2900 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:50:20.0656 2900 DMusic - ok
22:50:21.0109 2900 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:50:21.0109 2900 dpti2o - ok
22:50:21.0734 2900 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:50:21.0734 2900 drmkaud - ok
22:50:22.0109 2900 e1kexpress (c08a912bc3257859516d2b71f5e29802) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
22:50:22.0125 2900 e1kexpress - ok
22:50:22.0484 2900 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:50:22.0500 2900 Fastfat - ok
22:50:22.0812 2900 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:50:22.0828 2900 Fdc - ok
22:50:23.0140 2900 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:50:23.0156 2900 Fips - ok
22:50:23.0375 2900 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:50:23.0390 2900 Flpydisk - ok
22:50:23.0687 2900 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:50:23.0703 2900 FltMgr - ok
22:50:24.0015 2900 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:50:24.0015 2900 Fs_Rec - ok
22:50:24.0250 2900 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:50:24.0250 2900 Ftdisk - ok
22:50:24.0468 2900 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:50:24.0468 2900 Gpc - ok
22:50:24.0640 2900 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:50:24.0656 2900 HDAudBus - ok
22:50:24.0843 2900 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:50:24.0859 2900 hidusb - ok
22:50:25.0093 2900 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:50:25.0109 2900 hpn - ok
22:50:25.0578 2900 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:50:25.0578 2900 HTTP - ok
22:50:25.0656 2900 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:50:25.0671 2900 i2omgmt - ok
22:50:25.0687 2900 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:50:25.0703 2900 i2omp - ok
22:50:25.0734 2900 iaStor (26541a068572f650a2fa490726fe81be) C:\WINDOWS\system32\drivers\iaStor.sys
22:50:25.0734 2900 iaStor - ok
22:50:25.0750 2900 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:50:25.0765 2900 Imapi - ok
22:50:25.0781 2900 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:50:25.0796 2900 ini910u - ok
22:50:25.0796 2900 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:50:25.0812 2900 IntelIde - ok
22:50:25.0828 2900 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:50:25.0828 2900 intelppm - ok
22:50:25.0843 2900 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:50:25.0859 2900 Ip6Fw - ok
22:50:25.0875 2900 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:50:25.0875 2900 IpFilterDriver - ok
22:50:25.0875 2900 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:50:25.0890 2900 IpInIp - ok
22:50:25.0906 2900 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:50:25.0921 2900 IpNat - ok
22:50:25.0937 2900 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:50:25.0968 2900 IPSec - ok
22:50:25.0984 2900 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:50:25.0984 2900 IRENUM - ok
22:50:26.0015 2900 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:50:26.0031 2900 isapnp - ok
22:50:26.0046 2900 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:50:26.0062 2900 Kbdclass - ok
22:50:26.0062 2900 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:50:26.0078 2900 kbdhid - ok
22:50:26.0109 2900 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:50:26.0109 2900 kmixer - ok
22:50:26.0125 2900 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:50:26.0140 2900 KSecDD - ok
22:50:26.0156 2900 lbrtfdc - ok
22:50:26.0187 2900 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
22:50:26.0187 2900 MBAMProtector - ok
22:50:26.0203 2900 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:50:26.0203 2900 mnmdd - ok
22:50:26.0218 2900 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:50:26.0234 2900 Modem - ok
22:50:26.0234 2900 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:50:26.0250 2900 Mouclass - ok
22:50:26.0281 2900 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:50:26.0281 2900 mouhid - ok
22:50:26.0281 2900 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:50:26.0296 2900 MountMgr - ok
22:50:26.0328 2900 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:50:26.0343 2900 MpFilter - ok
22:50:26.0421 2900 MpKsle46cb458 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B08BF6F2-89B8-4335-99B5-86460F91282B}\MpKsle46cb458.sys
22:50:26.0421 2900 MpKsle46cb458 - ok
22:50:26.0437 2900 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:50:26.0437 2900 mraid35x - ok
22:50:26.0453 2900 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:50:26.0453 2900 MRxDAV - ok
22:50:26.0468 2900 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:50:26.0484 2900 MRxSmb - ok
22:50:26.0500 2900 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:50:26.0515 2900 Msfs - ok
22:50:26.0531 2900 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
22:50:26.0531 2900 MSHUSBVideo - ok
22:50:26.0562 2900 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:50:26.0578 2900 MSKSSRV - ok
22:50:26.0593 2900 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:50:26.0593 2900 MSPCLOCK - ok
22:50:26.0609 2900 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:50:26.0609 2900 MSPQM - ok
22:50:26.0640 2900 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:50:26.0640 2900 mssmbios - ok
22:50:26.0671 2900 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:50:26.0671 2900 MSTEE - ok
22:50:26.0687 2900 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:50:26.0703 2900 Mup - ok
22:50:26.0718 2900 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:50:26.0734 2900 NABTSFEC - ok
22:50:26.0750 2900 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:50:26.0765 2900 NDIS - ok
22:50:26.0781 2900 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:50:26.0781 2900 NdisIP - ok
22:50:26.0812 2900 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:50:26.0828 2900 NdisTapi - ok
22:50:26.0843 2900 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:50:26.0859 2900 Ndisuio - ok
22:50:26.0875 2900 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:50:26.0890 2900 NdisWan - ok
22:50:26.0906 2900 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:50:26.0921 2900 NDProxy - ok
22:50:26.0921 2900 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:50:26.0937 2900 NetBIOS - ok
22:50:26.0953 2900 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:50:26.0968 2900 NetBT - ok
22:50:26.0984 2900 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:50:27.0000 2900 Npfs - ok
22:50:27.0015 2900 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:50:27.0046 2900 Ntfs - ok
22:50:27.0062 2900 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:50:27.0062 2900 Null - ok
22:50:27.0171 2900 nv (551f664b90d83e6822ddca0509b29bc5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:50:27.0312 2900 nv - ok
22:50:27.0343 2900 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:50:27.0343 2900 NwlnkFlt - ok
22:50:27.0359 2900 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:50:27.0359 2900 NwlnkFwd - ok
22:50:27.0375 2900 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:50:27.0390 2900 Parport - ok
22:50:27.0406 2900 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:50:27.0406 2900 PartMgr - ok
22:50:27.0421 2900 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:50:27.0421 2900 ParVdm - ok
22:50:27.0437 2900 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
22:50:27.0453 2900 PBADRV - ok
22:50:27.0453 2900 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:50:27.0468 2900 PCI - ok
22:50:27.0484 2900 PCIDump - ok
22:50:27.0500 2900 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:50:27.0500 2900 PCIIde - ok
22:50:27.0500 2900 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:50:27.0515 2900 Pcmcia - ok
22:50:27.0531 2900 PDCOMP - ok
22:50:27.0546 2900 PDFRAME - ok
22:50:27.0546 2900 PDRELI - ok
22:50:27.0562 2900 PDRFRAME - ok
22:50:27.0562 2900 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:50:27.0578 2900 perc2 - ok
22:50:27.0593 2900 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:50:27.0593 2900 perc2hib - ok
22:50:27.0640 2900 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:50:27.0656 2900 PptpMiniport - ok
22:50:27.0687 2900 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:50:27.0718 2900 PSched - ok
22:50:27.0750 2900 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:50:27.0765 2900 Ptilink - ok
22:50:27.0781 2900 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:50:27.0781 2900 ql1080 - ok
22:50:27.0796 2900 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:50:27.0812 2900 Ql10wnt - ok
22:50:27.0812 2900 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:50:27.0828 2900 ql12160 - ok
22:50:27.0828 2900 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:50:27.0843 2900 ql1240 - ok
22:50:27.0843 2900 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:50:27.0859 2900 ql1280 - ok
22:50:27.0890 2900 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:50:27.0890 2900 RasAcd - ok
22:50:27.0906 2900 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:50:27.0921 2900 Rasl2tp - ok
22:50:27.0953 2900 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:50:27.0984 2900 RasPppoe - ok
22:50:28.0015 2900 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:50:28.0015 2900 Raspti - ok
22:50:28.0078 2900 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:50:28.0109 2900 Rdbss - ok
22:50:28.0140 2900 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:50:28.0156 2900 RDPCDD - ok
22:50:28.0218 2900 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:50:28.0250 2900 rdpdr - ok
22:50:28.0343 2900 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:50:28.0390 2900 RDPWD - ok
22:50:28.0437 2900 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:50:28.0468 2900 redbook - ok
22:50:28.0500 2900 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:50:28.0515 2900 Secdrv - ok
22:50:28.0546 2900 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:50:28.0562 2900 Serenum - ok
22:50:28.0593 2900 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:50:28.0625 2900 Serial - ok
22:50:28.0687 2900 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
22:50:28.0703 2900 SFAUDIO - ok
22:50:28.0734 2900 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:50:28.0734 2900 Sfloppy - ok
22:50:28.0750 2900 Simbad - ok
22:50:28.0765 2900 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:50:28.0812 2900 sisagp - ok
22:50:28.0843 2900 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:50:28.0859 2900 SLIP - ok
22:50:28.0890 2900 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:50:28.0890 2900 Sparrow - ok
22:50:28.0937 2900 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:50:28.0937 2900 splitter - ok
22:50:28.0953 2900 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:50:28.0968 2900 sr - ok
22:50:29.0000 2900 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:50:29.0000 2900 Srv - ok
22:50:29.0046 2900 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
22:50:29.0062 2900 StillCam - ok
22:50:29.0078 2900 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:50:29.0093 2900 streamip - ok
22:50:29.0109 2900 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:50:29.0125 2900 swenum - ok
22:50:29.0156 2900 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:50:29.0171 2900 swmidi - ok
22:50:29.0187 2900 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:50:29.0187 2900 symc810 - ok
22:50:29.0203 2900 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:50:29.0203 2900 symc8xx - ok
22:50:29.0218 2900 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:50:29.0234 2900 sym_hi - ok
22:50:29.0250 2900 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:50:29.0250 2900 sym_u3 - ok
22:50:29.0281 2900 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:50:29.0296 2900 sysaudio - ok
22:50:29.0390 2900 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:50:29.0406 2900 Tcpip - ok
22:50:29.0421 2900 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:50:29.0421 2900 TDPIPE - ok
22:50:29.0437 2900 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:50:29.0437 2900 TDTCP - ok
22:50:29.0453 2900 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:50:29.0468 2900 TermDD - ok
22:50:29.0484 2900 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:50:29.0484 2900 TosIde - ok
22:50:29.0500 2900 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:50:29.0515 2900 Udfs - ok
22:50:29.0531 2900 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:50:29.0531 2900 ultra - ok
22:50:29.0546 2900 UltraMonMirror (26401a2c5e5466857077eadaaec7cdd0) C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
22:50:29.0562 2900 UltraMonMirror - ok
22:50:29.0609 2900 UltraMonUtility (6fc85b4505eefbfdfc817787e4b3e26f) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
22:50:29.0609 2900 UltraMonUtility - ok
22:50:29.0640 2900 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:50:29.0640 2900 Update - ok
22:50:29.0687 2900 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:50:29.0703 2900 usbaudio - ok
22:50:29.0734 2900 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:50:29.0750 2900 usbccgp - ok
22:50:29.0781 2900 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:50:29.0796 2900 usbehci - ok
22:50:29.0812 2900 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:50:29.0828 2900 usbhub - ok
22:50:29.0843 2900 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:50:29.0859 2900 usbprint - ok
22:50:29.0906 2900 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:50:29.0906 2900 USBSTOR - ok
22:50:29.0921 2900 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:50:29.0937 2900 usbuhci - ok
22:50:29.0968 2900 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:50:29.0968 2900 usbvideo - ok
22:50:29.0984 2900 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:50:29.0984 2900 VgaSave - ok
22:50:30.0000 2900 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:50:30.0015 2900 viaagp - ok
22:50:30.0015 2900 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:50:30.0031 2900 ViaIde - ok
22:50:30.0046 2900 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:50:30.0062 2900 VolSnap - ok
22:50:30.0078 2900 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:50:30.0093 2900 Wanarp - ok
22:50:30.0125 2900 WavxDMgr (81f117b7834fa0b78c2354208d185528) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
22:50:30.0156 2900 WavxDMgr - ok
22:50:30.0156 2900 WDICA - ok
22:50:30.0187 2900 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:50:30.0218 2900 wdmaud - ok
22:50:30.0234 2900 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:50:30.0250 2900 WmiAcpi - ok
22:50:30.0281 2900 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:50:30.0281 2900 WSTCODEC - ok
22:50:30.0312 2900 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:50:30.0328 2900 \Device\Harddisk0\DR0 - ok
22:50:30.0328 2900 Boot (0x1200) (3fae8c30b67e84020ed08bd13c1552d2) \Device\Harddisk0\DR0\Partition0
22:50:30.0328 2900 \Device\Harddisk0\DR0\Partition0 - ok
22:50:30.0328 2900 ============================================================
22:50:30.0328 2900 Scan finished
22:50:30.0328 2900 ============================================================
22:50:30.0328 3804 Detected object count: 1
22:50:30.0328 3804 Actual detected object count: 1
22:50:59.0750 3804 Cdrom ( ForgedFile.Multi.Generic ) - skipped by user
22:50:59.0750 3804 Cdrom ( ForgedFile.Multi.Generic ) - User select action: Skip

Back to top

#7 Broni Re: [RESOLVED] Malware infected Windows XP

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 02:05 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 12 October 2011 - 02:53 AM

Please don't make posting font so small. It's hard to read.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Back to top

#8 yu677gh Re: [RESOLVED] Malware infected Windows XP

Member

58 posts
Joined: June 08, 2011
2 topics
Skin: IP.Board
Local time: 05:05 AM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

Time Online: 4h 40m 19s

Posted 12 October 2011 - 03:04 AM

I didn't realize, but Avast and Microsoft Security Essentials were running and I've got the ComboFix Warning!! error box. I have not clicked OK, but cannot turn off those 2 programs

Back to top

#9 Broni Re: [RESOLVED] Malware infected Windows XP

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 02:05 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 12 October 2011 - 03:06 AM

Eventually you have to uninstall one of those programs.

For now, run Combofix from safe mode and disregard any warnings.

Back to top

#10 yu677gh Re: [RESOLVED] Malware infected Windows XP

Member

58 posts
Joined: June 08, 2011
2 topics
Skin: IP.Board
Local time: 05:05 AM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

Time Online: 4h 40m 19s

Posted 12 October 2011 - 03:19 AM

running ComboFix, message stated that rootkit virus imbedded in tcp/ip which is a difficult infection.. ComboFix on stage_4 now..

Back to top

#11 Broni Re: [RESOLVED] Malware infected Windows XP

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 02:05 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 12 October 2011 - 03:25 AM

OK....

Back to top

#12 yu677gh Re: [RESOLVED] Malware infected Windows XP

Member

58 posts
Joined: June 08, 2011
2 topics
Skin: IP.Board
Local time: 05:05 AM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

Time Online: 4h 40m 19s

Posted 12 October 2011 - 03:35 AM

all stages completed, machine rebooted

ComboFix's Log:

ComboFix 11-10-11.05 - DanConn1 10/11/2011 23:18:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2641 [GMT -4:00]
Running from: c:\documents and settings\DanConn1\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\DanConn1\Application Data\ldr.ini
c:\documents and settings\DanConn1\Desktop\Guard Online .lnk
c:\documents and settings\DanConn1\Start Menu\Programs\Guard Online
c:\documents and settings\DanConn1\Start Menu\Programs\Startup\crss.exe
c:\program files\Internet Explorer\2A0.tmp
c:\program files\Internet Explorer\2D.tmp
c:\program files\Internet Explorer\2E.tmp
c:\program files\Internet Explorer\32.tmp
c:\program files\Internet Explorer\37.tmp
c:\program files\Internet Explorer\38.tmp
c:\program files\Internet Explorer\39.tmp
c:\program files\Internet Explorer\6.tmp
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\windows\$NtUninstallKB28624$
c:\windows\$NtUninstallKB28624$\3264369341\@
c:\windows\$NtUninstallKB28624$\3264369341\bckfg.tmp
c:\windows\$NtUninstallKB28624$\3264369341\cfg.ini
c:\windows\$NtUninstallKB28624$\3264369341\Desktop.ini
c:\windows\$NtUninstallKB28624$\3264369341\keywords
c:\windows\$NtUninstallKB28624$\3264369341\kwrd.dll
c:\windows\$NtUninstallKB28624$\3264369341\L\rohepcid
c:\windows\$NtUninstallKB28624$\3264369341\lsflt7.ver
c:\windows\$NtUninstallKB28624$\3264369341\U\00000001.@
c:\windows\$NtUninstallKB28624$\3264369341\U\00000002.@
c:\windows\$NtUninstallKB28624$\3264369341\U\80000000.@
c:\windows\$NtUninstallKB28624$\3264369341\U\80000032.@
c:\windows\$NtUninstallKB28624$\874944404
c:\windows\3176305346
c:\windows\system32\d3d9caps.dat
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_c29252bd
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 03:17 . 2008-05-02 10:49 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2011-10-12 03:17 . 2008-05-02 10:49 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-12 02:49 . 2011-10-12 02:49 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B08BF6F2-89B8-4335-99B5-86460F91282B}\offreg.dll
2011-10-12 02:41 . 2011-09-21 13:00 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B08BF6F2-89B8-4335-99B5-86460F91282B}\mpengine.dll
2011-10-12 02:37 . 2011-10-12 02:37 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-12 01:18 . 2011-10-12 01:18 -------- d-----w- c:\documents and settings\DanConn1\Application Data\kjUVelOBtPySiDo
2011-10-12 01:18 . 2011-10-12 01:18 -------- d-----w- c:\documents and settings\DanConn1\Application Data\iEL9gTXqjC
2011-10-12 00:11 . 2011-10-12 00:11 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-12 00:10 . 2011-10-12 00:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-12 00:10 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-12 00:09 . 2011-10-12 00:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-11 23:50 . 2011-10-11 23:50 -------- d-----w- c:\documents and settings\DanConn1\Application Data\RnG4aQHqjCl2n4
2011-10-11 23:50 . 2011-10-11 23:50 -------- d-----w- c:\documents and settings\DanConn1\Application Data\tEKUVrlOBx
2011-10-11 23:46 . 2011-10-11 23:46 -------- d-----w- c:\documents and settings\DanConn1\Application Data\KibD3pnG5Q6W8R9
2011-10-11 23:46 . 2011-10-11 23:46 -------- d-----w- c:\documents and settings\DanConn1\Application Data\NvD2obF4p5Q7E8R
2011-10-11 22:55 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-11 22:55 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-11 22:55 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-11 22:55 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-11 22:55 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-11 22:55 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-10-11 22:55 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-10-11 22:55 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-10-11 22:55 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-11 22:55 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-11 22:55 . 2011-10-11 22:55 -------- d-----w- c:\program files\AVAST Software
2011-10-11 22:55 . 2011-10-11 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-11 22:15 . 2011-10-11 22:15 -------- d-----w- c:\documents and settings\DanConn1\Application Data\Malwarebytes
2011-10-11 22:15 . 2011-10-11 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-11 20:18 . 2011-10-11 20:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-10-11 20:04 . 2011-10-11 20:04 -------- d-----w- c:\documents and settings\DanConn1\Application Data\swwkkVrlOtAuSiF
2011-10-11 20:04 . 2011-10-11 20:04 -------- d-----w- c:\documents and settings\DanConn1\Application Data\GF4pmH5sW7E8TqY
2011-10-11 20:01 . 2011-10-11 20:01 -------- d-----w- c:\documents and settings\DanConn1\Application Data\aA1uvD2ob4m5Q7E
2011-10-11 20:01 . 2011-10-11 20:01 -------- d-----w- c:\documents and settings\DanConn1\Application Data\FfRL9gTXqUeIrPy
2011-10-11 00:08 . 2011-10-11 00:08 -------- d-----w- c:\documents and settings\DanConn1\Application Data\GL8gTZqjYw
2011-10-11 00:08 . 2011-10-11 00:08 -------- d-----w- c:\documents and settings\DanConn1\Application Data\B1ivD2onFaHsJ
2011-10-09 21:32 . 2011-10-09 21:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-10-09 21:07 . 2011-10-09 21:07 -------- d-----w- c:\documents and settings\DanConn1\Application Data\HqjYCekIVzN
2011-10-09 21:07 . 2011-10-09 21:07 -------- d-----w- c:\documents and settings\DanConn1\Application Data\GxA0uvS2oFpGsJd
2011-10-09 21:07 . 2011-10-09 21:07 -------- d-----w- c:\documents and settings\DanConn1\Application Data\VkIBrzPNyAuDoFp
2011-09-23 05:49 . 2011-09-23 05:49 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{79F95992-966C-4563-91D8-25190DFC1D30}\offreg.dll
2011-09-23 05:49 . 2011-09-12 23:14 7269712 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{79F95992-966C-4563-91D8-25190DFC1D30}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 03:29 . 2010-08-09 19:47 0 ----a-w- c:\documents and settings\DanConn1\Local Settings\Application Data\WavXMapDrive.bat
2011-09-09 09:12 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-12 02:44 . 2010-08-11 12:22 7152464 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-15 13:29 . 2008-04-25 16:16 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 16:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 16:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-06 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-03-04 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-10 13918208]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-04-14 159616]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-04-05 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-13 304640]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-25 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
KaVoom! KM.lnk - c:\program files\KaVoom! KM\KaVoomKM.exe [2007-1-31 1679360]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\KaVoom! KM\\KaVoomKM.exe"=
"c:\\Program Files\\Brother\\Brmfl08g\\FAXRX.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IQuoteBNPP\\iquote32.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [7/28/2010 11:26 AM 24064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/11/2011 6:55 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/11/2011 6:55 PM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/11/2011 6:55 PM 20568]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7/28/2010 7:49 AM 13336]
R2 KaVoom! KM;KaVoom! KM;c:\program files\KaVoom! KM\KaVoomKM.exe [1/31/2007 3:03 PM 1679360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/11/2011 8:10 PM 366152]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 9:22 PM 11776]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [7/28/2010 11:26 AM 166568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/11/2011 8:10 PM 22216]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [9/24/2006 9:23 PM 3584]
S1 MpKsle46cb458;MpKsle46cb458;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B08BF6F2-89B8-4335-99B5-86460F91282B}\MpKsle46cb458.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B08BF6F2-89B8-4335-99B5-86460F91282B}\MpKsle46cb458.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2010 7:21 PM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2010 7:21 PM 136176]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [10/10/2010 3:51 PM 30576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 23:21]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 23:21]
.
2011-10-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-10-12 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-10-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-825295080-3674085378-4195136442-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-10-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-825295080-3674085378-4195136442-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-aUVrlONtx08234A - c:\windows\system32\xH5sQJ7dE8RqYw.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-11 23:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\System32\WCR10.dll
.
- - - - - - - > 'explorer.exe'(1852)
c:\windows\system32\WININET.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\windows\system32\MSVCR71.dll
c:\program files\UltraMon\RTSUltraMonHook.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\UltraMon\Resources\en\RTSUltraMonHookRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
.
**************************************************************************
.
Completion time: 2011-10-11 23:34:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-12 03:33
.
Pre-Run: 474,579,234,816 bytes free
Post-Run: 475,540,492,288 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0583C75208A20984C03CA4A553AD9B64

Back to top

#13 Broni Re: [RESOLVED] Malware infected Windows XP

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 02:05 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 12 October 2011 - 03:45 AM

Well done :)

You should be able to uninstall one of your AV programs before running following fix.

How is computer doing?

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box
Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

Folder::
c:\documents and settings\DanConn1\Application Data\kjUVelOBtPySiDo
c:\documents and settings\DanConn1\Application Data\iEL9gTXqjC
c:\documents and settings\DanConn1\Application Data\RnG4aQHqjCl2n4
c:\documents and settings\DanConn1\Application Data\tEKUVrlOBx
c:\documents and settings\DanConn1\Application Data\KibD3pnG5Q6W8R9
c:\documents and settings\DanConn1\Application Data\NvD2obF4p5Q7E8R
c:\documents and settings\DanConn1\Application Data\swwkkVrlOtAuSiF
c:\documents and settings\DanConn1\Application Data\GF4pmH5sW7E8TqY
c:\documents and settings\DanConn1\Application Data\aA1uvD2ob4m5Q7E
c:\documents and settings\DanConn1\Application Data\FfRL9gTXqUeIrPy
c:\documents and settings\DanConn1\Application Data\GL8gTZqjYw
c:\documents and settings\DanConn1\Application Data\B1ivD2onFaHsJ
c:\documents and settings\DanConn1\Application Data\HqjYCekIVzN
c:\documents and settings\DanConn1\Application Data\GxA0uvS2oFpGsJd
c:\documents and settings\DanConn1\Application Data\VkIBrzPNyAuDoFp


Driver::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Back to top

#14 yu677gh Re: [RESOLVED] Malware infected Windows XP

Member

58 posts
Joined: June 08, 2011
2 topics
Skin: IP.Board
Local time: 05:05 AM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

Time Online: 4h 40m 19s

Posted 12 October 2011 - 03:57 AM

computer seems to be running well. :-)

going through ComboFix stages again..

Back to top

#15 yu677gh Re: [RESOLVED] Malware infected Windows XP

Member

58 posts
Joined: June 08, 2011
2 topics
Skin: IP.Board
Local time: 05:05 AM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

Time Online: 4h 40m 19s

Posted 12 October 2011 - 03:57 AM

uninstalled Avast..

Back to top

#16 Broni Re: [RESOLVED] Malware infected Windows XP

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 02:05 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 12 October 2011 - 03:59 AM

Cool :)

Back to top

#17 yu677gh Re: [RESOLVED] Malware infected Windows XP

Member

58 posts
Joined: June 08, 2011
2 topics
Skin: IP.Board
Local time: 05:05 AM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

Time Online: 4h 40m 19s

Posted 12 October 2011 - 04:04 AM

ComboFix 11-10-11.05 - DanConn1 10/11/2011 23:56:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2242 [GMT -4:00]
Running from: c:\documents and settings\DanConn1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DanConn1\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\DanConn1\Application Data\aA1uvD2ob4m5Q7E
c:\documents and settings\DanConn1\Application Data\aA1uvD2ob4m5Q7E\Guard Online .ico
c:\documents and settings\DanConn1\Application Data\B1ivD2onFaHsJ
c:\documents and settings\DanConn1\Application Data\FfRL9gTXqUeIrPy
c:\documents and settings\DanConn1\Application Data\GF4pmH5sW7E8TqY
c:\documents and settings\DanConn1\Application Data\GL8gTZqjYw
c:\documents and settings\DanConn1\Application Data\GL8gTZqjYw\Guard Online .ico
c:\documents and settings\DanConn1\Application Data\GxA0uvS2oFpGsJd
c:\documents and settings\DanConn1\Application Data\GxA0uvS2oFpGsJd\Guard Online .ico
c:\documents and settings\DanConn1\Application Data\HqjYCekIVzN
c:\documents and settings\DanConn1\Application Data\iEL9gTXqjC
c:\documents and settings\DanConn1\Application Data\iEL9gTXqjC\Guard Online .ico
c:\documents and settings\DanConn1\Application Data\KibD3pnG5Q6W8R9
c:\documents and settings\DanConn1\Application Data\KibD3pnG5Q6W8R9\Guard Online .ico
c:\documents and settings\DanConn1\Application Data\kjUVelOBtPySiDo
c:\documents and settings\DanConn1\Application Data\NvD2obF4p5Q7E8R
c:\documents and settings\DanConn1\Application Data\RnG4aQHqjCl2n4
c:\documents and settings\DanConn1\Application Data\RnG4aQHqjCl2n4\Guard Online .ico
c:\documents and settings\DanConn1\Application Data\swwkkVrlOtAuSiF
c:\documents and settings\DanConn1\Application Data\swwkkVrlOtAuSiF\Guard Online .ico
c:\documents and settings\DanConn1\Application Data\tEKUVrlOBx
c:\documents and settings\DanConn1\Application Data\VkIBrzPNyAuDoFp
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 03:17 . 2008-05-02 10:49 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2011-10-12 03:17 . 2008-05-02 10:49 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-12 02:49 . 2011-10-12 02:49 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B08BF6F2-89B8-4335-99B5-86460F91282B}\offreg.dll
2011-10-12 02:41 . 2011-09-21 13:00 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B08BF6F2-89B8-4335-99B5-86460F91282B}\mpengine.dll
2011-10-12 02:37 . 2011-10-12 02:37 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-12 00:11 . 2011-10-12 00:11 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-12 00:10 . 2011-10-12 00:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-12 00:10 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-12 00:09 . 2011-10-12 00:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-11 22:55 . 2011-10-12 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-11 22:55 . 2011-10-11 22:55 -------- d-----w- c:\program files\AVAST Software
2011-10-11 22:15 . 2011-10-11 22:15 -------- d-----w- c:\documents and settings\DanConn1\Application Data\Malwarebytes
2011-10-11 22:15 . 2011-10-11 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-11 20:18 . 2011-10-11 20:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-10-09 21:32 . 2011-10-09 21:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-23 05:49 . 2011-09-23 05:49 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{79F95992-966C-4563-91D8-25190DFC1D30}\offreg.dll
2011-09-23 05:49 . 2011-09-12 23:14 7269712 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{79F95992-966C-4563-91D8-25190DFC1D30}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 03:29 . 2010-08-09 19:47 0 ----a-w- c:\documents and settings\DanConn1\Local Settings\Application Data\WavXMapDrive.bat
2011-09-09 09:12 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-12 02:44 . 2010-08-11 12:22 7152464 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-15 13:29 . 2008-04-25 16:16 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 16:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 16:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-06 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-03-04 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-10 13918208]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-04-14 159616]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-04-05 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-13 304640]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-25 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
KaVoom! KM.lnk - c:\program files\KaVoom! KM\KaVoomKM.exe [2007-1-31 1679360]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\KaVoom! KM\\KaVoomKM.exe"=
"c:\\Program Files\\Brother\\Brmfl08g\\FAXRX.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IQuoteBNPP\\iquote32.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [7/28/2010 11:26 AM 24064]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7/28/2010 7:49 AM 13336]
R2 KaVoom! KM;KaVoom! KM;c:\program files\KaVoom! KM\KaVoomKM.exe [1/31/2007 3:03 PM 1679360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/11/2011 8:10 PM 366152]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 9:22 PM 11776]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [7/28/2010 11:26 AM 166568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/11/2011 8:10 PM 22216]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [9/24/2006 9:23 PM 3584]
S1 MpKsle46cb458;MpKsle46cb458;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B08BF6F2-89B8-4335-99B5-86460F91282B}\MpKsle46cb458.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B08BF6F2-89B8-4335-99B5-86460F91282B}\MpKsle46cb458.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2010 7:21 PM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2010 7:21 PM 136176]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [10/10/2010 3:51 PM 30576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 23:21]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 23:21]
.
2011-10-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-10-12 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-10-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-825295080-3674085378-4195136442-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-10-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-825295080-3674085378-4195136442-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-12 00:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\System32\WCR10.dll
.
Completion time: 2011-10-12 00:03:41
ComboFix-quarantined-files.txt 2011-10-12 04:03
ComboFix2.txt 2011-10-12 03:34
.
Pre-Run: 475,585,261,568 bytes free
Post-Run: 475,571,941,376 bytes free
.
- - End Of File - - 93828904013E8D68EDC452E05B3DCECB

Back to top

#18 Broni Re: [RESOLVED] Malware infected Windows XP

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 02:05 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 12 October 2011 - 04:06 AM

Looks good :)

With this type of infection we need to check permissions settings.

Lets run the following tool. This will help determine which files need permissions restored.

Please download and save Junction.zip

Unzip it and place Junction.exe in the Windows directory (C:\Windows).
Go to Start>Run (Vista and Windows 7 users use "Start search" box).
Copy and paste the following command in the Run box and click OK (Vista and Windows 7 users press "Enter"):

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system.
Wait until a log file opens.
Copy and paste the log in your next reply.

Back to top

#19 yu677gh Re: [RESOLVED] Malware infected Windows XP

Member

58 posts
Joined: June 08, 2011
2 topics
Skin: IP.Board
Local time: 05:05 AM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

Time Online: 4h 40m 19s

Posted 12 October 2011 - 04:15 AM

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin: Access is denied.

..

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\Documents and Settings\DanConn1\Desktop\aswMBR.exe: Access is denied.

Failed to open \\?\c:\\Documents and Settings\DanConn1\Desktop\aswMBR2.exe: Access is denied.

Failed to open \\?\c:\\Documents and Settings\DanConn1\Desktop\Copy of aswMBR3.exe: Access is denied.

Failed to open \\?\c:\\Documents and Settings\DanConn1\Desktop\rgjdnvyb.exe: Access is denied.

.

...

...

...

...

...

...

...

...

...

...

...

...

...

Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\scannerTT.exe: Access is denied.

...

Failed to open \\?\c:\\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe: Access is denied.

...

...

..
Failed to open \\?\c:\\Program Files\Windows Defender\MsMpEng.exe: Access is denied.

.
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.

...

...

...

...

.\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
..

...

...

...

...

...
Failed to open \\?\c:\\WINDOWS\system32\MRT.exe: Access is denied.

...

...

Back to top

#20 Broni Re: [RESOLVED] Malware infected Windows XP

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 02:05 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 12 October 2011 - 04:19 AM

Please download GrantPerms.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe (32-bit system) or GrantPerms64.exe (64-bit system)
Copy and paste the following in the edit box:

c:\\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin
c:\\Documents and Settings\DanConn1\Desktop\aswMBR.exe
c:\\Documents and Settings\DanConn1\Desktop\aswMBR2.exe
c:\\Documents and Settings\DanConn1\Desktop\Copy of aswMBR3.exe
c:\\Documents and Settings\DanConn1\Desktop\rgjdnvyb.exe
c:\\Program Files\Malwarebytes' Anti-Malware\scannerTT.exe
c:\\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\\Program Files\Windows Defender\MsMpEng.exe
c:\\Qoobox\BackEnv
c:\\WINDOWS\system32\MRT.exe

Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.

You programs should now be able to run normally.
Let me know.