Click.giftload Victim...another
Hey,
Hope someone on this forum can help me- I'm not the best at this kind of stuff so feel free to dumb it down for me a bit.
Have got the Click.Giftload problem that others have and maybe another. Fake security pop ups are driving me crazy, my computer has slowed to a crawl and cuts to the blue screen of death every 2 hours or so. It annoyingly changes my windows theme to classic all the time, sometimes the windows XP option disappears when I try to change it back. Windows automatic updates seems to be on, although it keeps popping up saying it's off- I am also unable to update anything myself from the windows site.
I'm using quite an old computer, Windows XP Home and use Firefox exclusively. I have AVG Free which finds nothing when I run it. Spybot can find the virus but doesn't do anything with it- it just finds it over and over again. I downloaded Malaware Bytes which found it the first time, but cut to a blue screen and I haven't been able to run it fully without this happening again. All 3 are fully updated.
Thanks in advance, I appreciate any help.........Lorelei.
Here is DSS log...
s .
DDS (Ver_11-03-05.01) - NTFSx86
Run by Lorelei Walker at 20:36:03.21 on 14/05/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.99 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Documents and Settings\Kathryn Sharkey.THOMAS-H63N1KI6\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/firefox
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} -
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IE Privacy Keeper] "c:\program files\unh solutions\ie privacy keeper\IEPrivacyKeeper.exe" -startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120596427687
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122}
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://g:\resources\IntraLaunch.CAB
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/msnmessengersetupdownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {C6637286-300D-11D4-AE0A-0010830243BD}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD}
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\kathry~1.tho\applic~1\mozilla\firefox\profiles\sw3vmvw9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - );user_pref(general.useragent.extra.zencast,
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-19 243152]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-3 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2011-4-1 64000]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-12 136176]
S3 Avdieaacwch;Avdieaacwch;c:\windows\system32\drivers\rdpdr.sys [2006-1-27 196224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-12 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
.
=============== Created Last 30 ================
.
2011-05-13 23:20:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 23:19:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 21:04:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-07 01:56:12 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-07 01:56:12 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-07 01:56:12 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-07 01:56:11 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-07 01:56:11 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-07 01:56:10 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-07 01:56:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-07 01:56:09 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-01 02:28:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\fB31002DoMfE31002
2011-04-30 18:02:24 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-30 18:02:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-30 17:42:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\lH31002MdBlM31002
2011-04-28 13:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-15 01:26:35 -------- d-----w- c:\docume~1\kathry~1.tho\locals~1\applic~1\Trusteer
.
==================== Find3M ====================
.
2011-04-05 22:41:32 3398 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2005-02-10 11:47:51 0 -csh--r- c:\program files\q330994.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380021A rev.3.19 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x833194F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8331f7d0]; MOV EAX, [0x8331f84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x8334AAB8]
3 CLASSPNP[0xF8695FD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\00000065[0x83388F18]
5 ACPI[0xF85EC620] -> nt!IofCallDriver[0x804E37C5] -> [0x83385D98]
\Driver\atapi[0x83347328] -> IRP_MJ_CREATE -> 0x833194F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8331933B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:38:45.53 ===============
Hope I've done this right....
Ran TDSSKiller, it found something and cured it, then rebooted.
Here's the report...
2011/05/17 23:53:24.0962 3992 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/17 23:53:25.0292 3992 ================================================================================
2011/05/17 23:53:25.0292 3992 SystemInfo:
2011/05/17 23:53:25.0292 3992
2011/05/17 23:53:25.0292 3992 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/17 23:53:25.0292 3992 Product type: Workstation
2011/05/17 23:53:25.0292 3992 ComputerName: H63N1KI6
2011/05/17 23:53:25.0292 3992 UserName: Lorelai Walker
2011/05/17 23:53:25.0292 3992 Windows directory: C:\WINDOWS
2011/05/17 23:53:25.0292 3992 System windows directory: C:\WINDOWS
2011/05/17 23:53:25.0292 3992 Processor architecture: Intel x86
2011/05/17 23:53:25.0292 3992 Number of processors: 1
2011/05/17 23:53:25.0292 3992 Page size: 0x1000
2011/05/17 23:53:25.0292 3992 Boot type: Normal boot
2011/05/17 23:53:25.0292 3992 ================================================================================
2011/05/17 23:53:26.0564 3992 Initialize success
2011/05/17 23:53:32.0142 1380 ================================================================================
2011/05/17 23:53:32.0142 1380 Scan started
2011/05/17 23:53:32.0142 1380 Mode: Manual;
2011/05/17 23:53:32.0142 1380 ================================================================================
2011/05/17 23:53:34.0735 1380 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/17 23:53:34.0855 1380 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/17 23:53:35.0126 1380 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/17 23:53:35.0306 1380 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/17 23:53:35.0536 1380 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/05/17 23:53:36.0057 1380 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/05/17 23:53:36.0438 1380 ALCXWDM (4d4593c10f2c90d48da9fd1b14ace825) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/17 23:53:36.0868 1380 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/17 23:53:37.0239 1380 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/05/17 23:53:37.0469 1380 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/17 23:53:37.0719 1380 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/17 23:53:37.0870 1380 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/17 23:53:38.0050 1380 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/17 23:53:38.0300 1380 Avdieaacwch (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\drivers\rdpdr.sys
2011/05/17 23:53:38.0560 1380 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2011/05/17 23:53:38.0671 1380 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2011/05/17 23:53:38.0771 1380 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
2011/05/17 23:53:38.0881 1380 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/17 23:53:39.0131 1380 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/17 23:53:39.0311 1380 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/17 23:53:39.0622 1380 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/17 23:53:39.0822 1380 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/17 23:53:40.0043 1380 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/17 23:53:40.0633 1380 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/17 23:53:40.0904 1380 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/17 23:53:41.0194 1380 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/17 23:53:41.0434 1380 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/17 23:53:41.0605 1380 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/17 23:53:41.0765 1380 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/17 23:53:42.0025 1380 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/17 23:53:42.0195 1380 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/17 23:53:42.0436 1380 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/17 23:53:42.0646 1380 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/17 23:53:42.0886 1380 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/17 23:53:43.0167 1380 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/17 23:53:43.0347 1380 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/17 23:53:43.0587 1380 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/05/17 23:53:43.0828 1380 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/17 23:53:43.0948 1380 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/17 23:53:44.0398 1380 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/17 23:53:44.0639 1380 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/17 23:53:44.0789 1380 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/17 23:53:45.0160 1380 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/17 23:53:45.0480 1380 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/17 23:53:45.0680 1380 Intels51 (eb6d8e9cd813596b6d59d878337a4998) C:\WINDOWS\system32\DRIVERS\Intels51.sys
2011/05/17 23:53:46.0061 1380 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/17 23:53:46.0261 1380 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/17 23:53:46.0491 1380 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/17 23:53:46.0682 1380 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/17 23:53:46.0792 1380 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/17 23:53:47.0022 1380 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/17 23:53:47.0282 1380 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/17 23:53:47.0473 1380 Jukebox3 (c4d1e49a7d853a6fdfe8ec2906ae5aaa) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
2011/05/17 23:53:47.0693 1380 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/17 23:53:47.0963 1380 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/17 23:53:48.0124 1380 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/17 23:53:48.0184 1380 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/17 23:53:48.0464 1380 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/17 23:53:48.0634 1380 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/17 23:53:48.0694 1380 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/17 23:53:48.0885 1380 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/17 23:53:49.0075 1380 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/17 23:53:49.0235 1380 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/17 23:53:49.0515 1380 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/17 23:53:49.0616 1380 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/17 23:53:49.0826 1380 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/17 23:53:50.0016 1380 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/17 23:53:50.0216 1380 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/17 23:53:50.0417 1380 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/17 23:53:50.0477 1380 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/17 23:53:50.0737 1380 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/05/17 23:53:50.0937 1380 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/17 23:53:51.0138 1380 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/17 23:53:51.0348 1380 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/17 23:53:51.0528 1380 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/17 23:53:51.0718 1380 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/17 23:53:51.0959 1380 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/17 23:53:52.0079 1380 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/17 23:53:52.0249 1380 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/17 23:53:52.0490 1380 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/17 23:53:52.0770 1380 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/17 23:53:52.0880 1380 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/17 23:53:53.0120 1380 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/17 23:53:53.0441 1380 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/17 23:53:53.0761 1380 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/17 23:53:54.0142 1380 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/17 23:53:54.0332 1380 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/17 23:53:54.0552 1380 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/17 23:53:54.0663 1380 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/17 23:53:54.0903 1380 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/17 23:53:55.0113 1380 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/17 23:53:55.0203 1380 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/17 23:53:55.0454 1380 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/17 23:53:55.0634 1380 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/17 23:53:55.0864 1380 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/05/17 23:53:56.0465 1380 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/17 23:53:56.0645 1380 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/17 23:53:56.0916 1380 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/17 23:53:57.0126 1380 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/17 23:53:57.0296 1380 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/17 23:53:57.0807 1380 RapportCerberus_26169 (df1f468a6016c4950cfc169ae77d84cd) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys
2011/05/17 23:53:57.0947 1380 RapportEI (1602ff4aec5c2246ac387e49e474dd7b) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/05/17 23:53:58.0087 1380 RapportKELL (12031844f5ad4126eab4c410623f7789) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2011/05/17 23:53:58.0227 1380 RapportPG (1c303f85986c3dfcb01cc67f185c32e5) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/05/17 23:53:58.0348 1380 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/17 23:53:58.0568 1380 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/17 23:53:58.0748 1380 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/17 23:53:59.0008 1380 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/17 23:53:59.0219 1380 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/17 23:53:59.0439 1380 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/17 23:53:59.0699 1380 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/17 23:54:00.0010 1380 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/05/17 23:54:00.0270 1380 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/17 23:54:00.0410 1380 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/17 23:54:00.0601 1380 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/17 23:54:00.0871 1380 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/17 23:54:01.0131 1380 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/17 23:54:01.0352 1380 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/05/17 23:54:01.0562 1380 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/17 23:54:01.0962 1380 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/17 23:54:02.0083 1380 SQTECH905C (545a8412a9349074132330ad5b30e09a) C:\WINDOWS\system32\Drivers\Capt905c.sys
2011/05/17 23:54:02.0403 1380 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/17 23:54:02.0653 1380 Srv (4f8a43adef66f135564085a9dca96a26) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/17 23:54:02.0974 1380 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/17 23:54:03.0164 1380 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/17 23:54:03.0374 1380 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/17 23:54:03.0685 1380 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/17 23:54:03.0855 1380 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/17 23:54:04.0105 1380 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/17 23:54:04.0296 1380 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/17 23:54:04.0476 1380 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/17 23:54:04.0846 1380 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/17 23:54:05.0137 1380 UPATC (2345843f5a031a943176e9e4954c288d) C:\WINDOWS\system32\DRIVERS\upatc.sys
2011/05/17 23:54:05.0397 1380 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/17 23:54:05.0628 1380 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/17 23:54:05.0838 1380 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/17 23:54:06.0038 1380 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/17 23:54:06.0178 1380 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/17 23:54:06.0359 1380 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/17 23:54:06.0609 1380 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/17 23:54:06.0789 1380 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/17 23:54:06.0979 1380 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/05/17 23:54:07.0190 1380 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/17 23:54:07.0460 1380 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/17 23:54:07.0650 1380 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/17 23:54:07.0911 1380 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/17 23:54:08.0061 1380 WmBEnum (588c1df21321ec51eebff2c8909d1587) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/05/17 23:54:08.0221 1380 WmFilter (3b45b7bfd513d3313e895d187849e3a3) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/05/17 23:54:08.0451 1380 WmVirHid (fe7d6991fd5894f06aae95dc78e79948) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/05/17 23:54:08.0612 1380 WmXlCore (dcbb4688ee775912444b9010cd3fe9b6) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/05/17 23:54:08.0852 1380 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/17 23:54:09.0022 1380 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/17 23:54:09.0202 1380 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/17 23:54:09.0393 1380 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/17 23:54:09.0603 1380 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/17 23:54:09.0803 1380 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/17 23:54:09.0813 1380 ================================================================================
2011/05/17 23:54:09.0813 1380 Scan finished
2011/05/17 23:54:09.0813 1380 ================================================================================
2011/05/17 23:54:09.0853 1040 Detected object count: 1
2011/05/17 23:54:19.0256 1040 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/17 23:54:19.0256 1040 \HardDisk0 - ok
2011/05/17 23:54:19.0256 1040 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/17 23:54:52.0922 2668 Deinitialize success
Log after running COMBOFIX
Should I be switching my antiviruses etc back on already- I'm not even sure if I was able to stop them all prior to running Combofix, but here's the log.
Thank-you :crowned:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Walker\Application Data\Xeywd
c:\documents and settings\Walker\Application Data\Xeywd\zaxes.odc
c:\documents and settings\Walker\Start Menu\Programs\System Tool
c:\documents and settings\Walker\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\documents and settings\Walker\WINDOWS
c:\program files\filesubmit
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-13 23:20 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 23:19 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 21:04 . 2011-05-13 21:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-07 01:56 . 2011-05-07 01:56 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-07 01:56 . 2011-05-07 01:56 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-07 01:56 . 2011-05-07 01:56 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-07 01:56 . 2011-05-07 01:56 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-07 01:56 . 2011-05-07 01:56 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-07 01:56 . 2011-05-07 01:56 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-07 01:56 . 2011-05-07 01:56 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-07 01:56 . 2011-05-07 01:56 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 13:42 . 2011-05-05 13:42 0 ----a-w- c:\documents and settings\Walker\ntuser.tmp
2011-05-01 02:28 . 2011-05-03 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\fB31002DoMfE31002
2011-04-30 18:02 . 2011-04-30 18:02 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-30 17:42 . 2011-04-30 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\lH31002MdBlM31002
2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-22 21:54 . 2011-04-22 21:54 -------- d-----w- c:\documents and settings\Walker\Local Settings\Application Data\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 22:41 . 2011-03-31 23:27 3398 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2005-02-10 11:47 . 2004-11-10 14:30 0 -csh--r- c:\program files\q330994.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-05-07 01:56 . 2011-05-07 01:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE Privacy Keeper"="c:\program files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-12-03 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-30 1654784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Walker\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2008-04-14 00:11 625664 ----a-w- c:\windows\system32\catsrvut.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PC Connection Manager.lnk]
backup=c:\windows\pss\PC Connection Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^H63N1KI6^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 22:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 06:00 33648 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 11:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 11:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 11:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-07-27 17:01 68096 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
2007-10-12 07:33 202016 -c--a-w- c:\program files\TalkTalk\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [03/05/2011 02:19 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/04/2011 14:34 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/04/2011 14:34 158904]
R2 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [01/04/2011 14:20 64000]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/04/2011 14:34 870200]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/08/2010 20:49 136176]
S3 Avdieaacwch;Avdieaacwch;c:\windows\system32\drivers\rdpdr.sys [27/01/2006 19:53 196224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/08/2010 20:49 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [29/08/2002 13:00 14336]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [28/04/2011 14:34 53816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-12 19:48]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-12 19:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/firefox
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://g:\resources\IntraLaunch.CAB
FF - ProfilePath - c:\documents and settings\H63N1KI6\Application Data\Mozilla\Firefox\Profiles\sw3vmvw9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - user.js: general.useragent.extra.zencast - );user_pref(general.useragent.extra.zencast,
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-ares ultra - c:\program files\Ares Ultra\Ares Ultra.exe
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-18 04:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-1532298954-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F71501F-0A8F-B548-77D8-A869FAD7956B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacjlabliplkoada"=hex:6b,61,63,6d,66,6d,67,66,66,62,69,69,6d,6c,65,61,6b,6d,
6a,6e,6e,62,00,00
"jaiakdhnjhdicambgmhi"=hex:6b,61,63,6d,66,6d,67,66,66,62,69,69,6d,6c,65,61,6b,
6d,6a,6e,6e,62,00,00
"faiponchmedf"=hex:69,61,6f,6d,6a,6b,65,61,64,68,63,6c,64,6c,63,65,6b,63,00,00
.
Completion time: 2011-05-18 04:52:06
ComboFix-quarantined-files.txt 2011-05-18 03:51
ComboFix2.txt 2010-05-19 15:49
.
Pre-Run: 13,870,997,504 bytes free
Post-Run: 13,913,698,304 bytes free
.
- - End Of File - - D0BA14A172EDC7EE61B407DD267AB73A
I need a high-5 icon.....
I'm so happy to say that my computer's problems appear to be fixed. No pop ups, changes or blue screens:laugh: So far so good.
Combofix report below- I don't think it found anything, I wasn't asked to cure or restart etc.
* Created a new restore point
.
FILE ::
"c:\program files\q330994.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))
.
.
2011-05-18 18:16 . 2011-05-18 18:16 -------- d-----w- c:\documents and settings\Walker\Application Data\AVG10
2011-05-18 04:28 . 2011-05-18 04:28 -------- d-----w- c:\documents and settings\H63N1KI6\Application Data\AVG10
2011-05-18 04:07 . 2011-05-18 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-05-13 23:20 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 23:19 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 21:04 . 2011-05-13 21:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-07 01:56 . 2011-05-07 01:56 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-07 01:56 . 2011-05-07 01:56 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-07 01:56 . 2011-05-07 01:56 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-07 01:56 . 2011-05-07 01:56 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-07 01:56 . 2011-05-07 01:56 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-07 01:56 . 2011-05-07 01:56 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-07 01:56 . 2011-05-07 01:56 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-07 01:56 . 2011-05-07 01:56 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 13:42 . 2011-05-05 13:42 0 ----a-w- c:\documents and settings\ntuser.tmp
2011-05-01 02:28 . 2011-05-03 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\fB31002DoMfE31002
2011-04-30 18:02 . 2011-04-30 18:02 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-30 17:42 . 2011-04-30 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\lH31002MdBlM31002
2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-22 21:54 . 2011-04-22 21:54 -------- d-----w- c:\documents and settings\Local Settings\Application Data\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 22:41 . 2011-03-31 23:27 3398 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2005-02-10 11:47 . 2004-11-10 14:30 0 -csh--r- c:\program files\q330994.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-05-07 01:56 . 2011-05-07 01:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\docume~1\alluse~1\applic~1\fB31002DoMfE31002 ----
.
2011-05-01 02:28 . 2011-05-02 01:21 192 ----a-w- c:\docume~1\alluse~1\applic~1\fB31002DoMfE31002\fB31002DoMfE31002
.
---- Directory of c:\docume~1\alluse~1\applic~1\lH31002MdBlM31002 ----
.
2011-04-30 17:42 . 2011-04-30 17:53 192 ----a-w- c:\docume~1\alluse~1\applic~1\lH31002MdBlM31002\lH31002MdBlM31002
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-18_03.47.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-05-20 03:00 . 2011-05-20 03:00 16384 c:\windows\TEMP\Perflib_Perfdata_600.dat
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 640000 c:\windows\system32\dllcache\dbghelp.dll
+ 2011-05-18 04:14 . 2011-05-18 04:14 219648 c:\windows\Installer\28dbdc.msi
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2005-07-05 21:20 . 2011-04-29 10:29 42829768 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE Privacy Keeper"="c:\program files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-12-03 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-30 1654784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2008-04-14 00:11 625664 ----a-w- c:\windows\system32\catsrvut.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PC Connection Manager.lnk]
backup=c:\windows\pss\PC Connection Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^H63N1KI6^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 22:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 06:00 33648 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 11:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 11:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 11:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-07-27 17:01 68096 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
2007-10-12 07:33 202016 -c--a-w- c:\program files\TalkTalk\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [03/05/2011 02:19 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/04/2011 14:34 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/04/2011 14:34 158904]
R2 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [01/04/2011 14:20 64000]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/04/2011 14:34 870200]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/08/2010 20:49 136176]
S3 Avdieaacwch;Avdieaacwch;c:\windows\system32\drivers\rdpdr.sys [27/01/2006 19:53 196224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/08/2010 20:49 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [29/08/2002 13:00 14336]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [28/04/2011 14:34 53816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-12 19:48]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-12 19:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/firefox
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://g:\resources\IntraLaunch.CAB
FF - ProfilePath - c:\documents and settings\H63N1KI6\Application Data\Mozilla\Firefox\Profiles\sw3vmvw9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - user.js: general.useragent.extra.zencast - );user_pref(general.useragent.extra.zencast,
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-20 04:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-1532298954-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F71501F-0A8F-B548-77D8-A869FAD7956B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacjlabliplkoada"=hex:6b,61,63,6d,66,6d,67,66,66,62,69,69,6d,6c,65,61,6b,6d,
6a,6e,6e,62,00,00
"jaiakdhnjhdicambgmhi"=hex:6b,61,63,6d,66,6d,67,66,66,62,69,69,6d,6c,65,61,6b,
6d,6a,6e,6e,62,00,00
"faiponchmedf"=hex:69,61,6f,6d,6a,6b,65,61,64,68,63,6c,64,6c,63,65,6b,63,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3880)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-20 04:24:46
ComboFix-quarantined-files.txt 2011-05-20 03:24
ComboFix2.txt 2011-05-18 03:52
ComboFix3.txt 2010-05-19 15:49
.
Pre-Run: 13,882,036,224 bytes free
Post-Run: 13,856,366,592 bytes free
.
- - End Of File - - 2C595597631D506E574BA5C71D9EB446
:rockon: