View Full Version : Malware - PC Crashes / Browser redirects
sanjupan
2011-01-30, 14:17
I think a Malware was introduced on my machine. MY PC crashes everytime I open Firefox now. Chrome gets hung. Only IE runs. The IE browser redirects to sites randomly even when genuine sites are clicked.
Appreciate your help.
Thanks.
DDS log
----------------------
DDS (Ver_10-12-12.02) - NTFSx86
Run by Sanjana at 7:04:49.15 on Sun 01/30/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3539.2239 [GMT -5:00]
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\System32\jureg.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Data\MalwareRemoval\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\users\sanjana\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://connect.barcap.com/workplace/webifiers/wficat.cab
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winnt/AXNTEE.dll
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webvpn-rd02.jpmorganchase.com/dana-cached/sc/JuniperSetupClient.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 wvauth
================= FIREFOX ===================
FF - ProfilePath - c:\users\sanjana\appdata\roaming\mozilla\firefox\profiles\lps6crmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\sanjana\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\sanjana\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\sanjana\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-10-5 76288]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-1-31 260648]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-31 122368]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-31 6114816]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1caaec57f5ab489;Google Update Service (gupdate1caaec57f5ab489);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 133104]
S3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-31 29472]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-1-31 47104]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-1-31 49152]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-1-31 38400]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-26 1343400]
S3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\microsoft.net\framework\v4.0.30128\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30128\wpf\WPFFontCache_v0400.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
=============== Created Last 30 ================
2011-01-27 16:28:33 -------- d-----w- c:\users\sanjana\hob
2011-01-27 16:28:18 -------- d-----w- c:\users\sanjana\hob_jportal
2011-01-23 05:51:37 0 ----a-w- c:\users\sanjana\appdata\local\Vpumebirit.bin
2011-01-23 05:51:35 -------- d-----w- c:\users\sanjana\appdata\local\{53DB150E-4600-44D5-9952-E9C8A98CD7FE}
2011-01-23 05:49:45 -------- d-----w- c:\progra~2\eAeLb06504
==================== Find3M ====================
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: SAMSUNG_ rev.2AC1 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87470555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x874767b0]; MOV EAX, [0x8747682c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C7E458] -> \Device\Harddisk0\DR0[0x8744B030]
3 CLASSPNP[0x8C99D59E] -> ntkrnlpa!IofCallDriver[0x82C7E458] -> [0x8771DE60]
\Driver\iaStor[0x87451AF0] -> IRP_MJ_CREATE -> 0x87470555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskSAMSUNG_HM250HI_________________________2AC101C4#4&80d3227&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 7:05:31.01 ===============
Blottedisk
2011-01-31, 08:56
Hi sanjupan :)
My name is Blottedisk, I'll be happy to assist you with all your malware problems you have on your computer. Solving any malware-related problem may or may not solve other issues you have with your machine. Before we start fixing your computer, there are a few points you need to know:
Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Please follow these steps:
Step 1 | Please download GMER from one of the following locations and save it to your desktop:
Main Mirror (http://gmer.net/download.php ) - This version will download a randomly named file (Recommended)
Zipped Mirror (http://gmer.net/gmer.zip ) - This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
--------------------------------------------------------------------
Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection (http://forums.whatthetech.com/index.php?showtopic=96260 ) so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Make sure all options are checked except:
IAT/EAT
Drives/Partition other than Systemdrive, which is typically C:\
Show All (This is important, so do not miss it.)
http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_th.gif (http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_screen2-1.gif )
Click the image to enlarge it
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode (http://www.computerhope.com/issues/chsafe.htm ).
Step 2 | Please download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe ) to your desktop.
Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
Please post back including:
gmer.log
MBRCheck logfile
sanjupan
2011-02-01, 03:44
Thanks for your response.
GMER Log
----------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-31 20:39:41
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 SAMSUNG_ rev.2AC1
Running: mcd8ewmc.exe; Driver: C:\Users\Sanjana\AppData\Local\Temp\pwldypow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C5F599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C83F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtProtectVirtualMemory 77B65360 5 Bytes JMP 0029000A
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtWriteVirtualMemory 77B65EE0 5 Bytes JMP 002A000A
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!KiUserExceptionDispatcher 77B66448 5 Bytes JMP 0028000A
.text C:\Windows\system32\svchost.exe[1088] ole32.dll!CoCreateInstance 77A1590C 5 Bytes JMP 00C5000A
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!GetCursorPos 774EC198 5 Bytes JMP 013A000A
.text C:\Program Files\real\realplayer\Update\realsched.exe[3412] kernel32.dll!SetUnhandledExceptionFilter 76603162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\Explorer.EXE[3424] ntdll.dll!NtProtectVirtualMemory 77B65360 5 Bytes JMP 0224000A
.text C:\Windows\Explorer.EXE[3424] ntdll.dll!NtWriteVirtualMemory 77B65EE0 5 Bytes JMP 0245000A
.text C:\Windows\Explorer.EXE[3424] ntdll.dll!KiUserExceptionDispatcher 77B66448 5 Bytes JMP 0223000A
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000006a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskSAMSUNG_HM250HI_________________________2AC101C4#4&80d3227&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\701a049d7f05
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???l?????k???????????b??????s???mrxsmb??????MSDMine??_???l?l????????????????????????@%systemroot%\system32\drivers\RdpRefMp.sys,-101?G???k?k?k?k0l?l?k???k?k?k?k?k?k?l???????l??????????????????? ???????5???l??volume_snapshot_install??????????k???????????????a???????e???????????????????k??????BD???l?????????????????s?????k???k???k???????????D???????????????????l?l.i???k???????????l???l???e??@%SystemRoot%\system32\vmstorfltres.dll,-1000????????????????????5??????????????????????????????? "??k???????????????????????????????l?l?????????%???????????????????l???k?k?k?k?l?l?l??? ???????k?????k?????k?~??????????"??????????R???e?k?k?k?k???k???l??? ???????k???????????k?~????????b????????????????k??????????????????????????FH?????k?&???????l???I??s???TCP/IP Registry Compatibility??????????????????s&????l???????????????????\??Microsoft????l???l????N??l????????D??????????l??? ??????????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??? ???l??????????????BD???l??? ???????k?????k?????k?~??????????%? ???????B?????N??l?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????2B??????????? ?????????????????????1????????????????????? ?????????????????????1??????????????????????N???????????D?????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????B???????????{36fc9e60-c465-11cf-8056-444553540000}??ic??????????????????????????????????? ?????????????????????1????????????????????????????????????????????????????????????????????? ?????????????????????1????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????????????? ???????n?????????????~??????????????????????1?????? ?????????????????????~??"???&?????????????????????????????????????????? ???????????????? ????~??"???&?????q?????????????????????????????????????????????????????????]??????????????l??????wpdmtp.inf:Generic.NTx86:MTP:6.1.7600.16385:usb\class_06&subclass_01&prot_01?????????????????????????????%??ic???????????????????????????4??4E??6.1.7600.16385?95C??????????????????????????????????MTP USB
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\701a049d7f05 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???s?e???????e???????????????????v???????????!???e??????????????t?????????????????????????????????????????R??s????????h??????????s??????p???????????????? ???????s???????????s????????&????? ??????????????????????????????e????? ???????o?????s?? ??s????????$?????????c????????s?????????e????@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193??????????????????????????????s????????h?????"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"???????????????t??????s?????s?????? ????????????????s?????????n????@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192??????????s???+??????? ???s??????????????LocalSystem?????????????????????????????????????t????s???????s??????????????????SeTcbPrivilege?SeAssignPrimaryTokenPrivilege?SeTakeOwnershipPrivilege?SeBackupPrivilege?SeRestorePrivilege?SeImpersonatePrivilege?????????,??s???????????????????????????????????????s?s?s?s?s?s?s?s?s?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???s?????????????????????u?u?u??? ???????o?????s????????????????T????????????????????.??????????????????????System32\Drivers\ksecdd.sys??????????????????????????????0??e2??Root\*6TO4MP\0005???oem3.inf?????????????????????:???:????(??s?????????e??????????????8??s????????h?????????????????t???t???????t????????????B???v???????s???s???????????????????s???????e??????????????????????????????? ???????s???????????p????????0????? ?????????????????????????????s?????????????????????????????????????????????????? ???????o?????s?????s??????????R????????V??\SystemRoot\system32\DRIVERS\iaStorV.sys?l??SCSI Miniport?????R??s???????????d??iastorv.inf_x86_neutral_18cccb83b34e1453?????s?s?s?s?s?s?s?????????????g???????s?e???????e???????????????????v???????????!???e??????????????t?????????????????????????????????????????R??s????????h??????????s??????p???????????????? ???????s???????????s????????&????? ??????????????????????????????e????? ???????o?????s?? ??s????????$?????????c????????s?????????e????@%systemroot%\Microsoft.NET\Fra
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
---- EOF - GMER 1.0.15 ----
sanjupan
2011-02-01, 03:45
MBRCheck log
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Latitude E5500
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 197):
0x82C1C000 \SystemRoot\system32\ntkrnlpa.exe
0x8302C000 \SystemRoot\system32\halmacpi.dll
0x8761A000 \SystemRoot\system32\kdcom.dll
0x83215000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8328D000 \SystemRoot\system32\PSHED.dll
0x8329E000 \SystemRoot\system32\BOOTVID.dll
0x832A6000 \SystemRoot\system32\CLFS.SYS
0x832E8000 \SystemRoot\system32\CI.dll
0x83403000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83474000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83482000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x834CA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x834D3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x834DB000 \SystemRoot\system32\DRIVERS\pci.sys
0x83505000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x83510000 \SystemRoot\System32\drivers\partmgr.sys
0x83521000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x83529000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x83534000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x83544000 \SystemRoot\System32\drivers\volmgrx.sys
0x8358F000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x835BD000 \SystemRoot\System32\drivers\mountmgr.sys
0x8360D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x836E7000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x836F0000 \SystemRoot\system32\drivers\fltmgr.sys
0x83724000 \SystemRoot\system32\drivers\fileinfo.sys
0x83735000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8C43D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C56C000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C597000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8373F000 \SystemRoot\System32\Drivers\cng.sys
0x8C5AA000 \SystemRoot\System32\drivers\pcw.sys
0x8C5B8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C619000 \SystemRoot\system32\drivers\ndis.sys
0x8C6D0000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C70E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C825000 \SystemRoot\System32\drivers\tcpip.sys
0x8C96E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C99F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C9A8000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C9E7000 \SystemRoot\System32\Drivers\spldr.sys
0x8C733000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C9EF000 \SystemRoot\system32\DRIVERS\PBADRV.sys
0x8C800000 \SystemRoot\System32\Drivers\mup.sys
0x8C810000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C760000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C792000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C7A3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x91EEF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91F0E000 \SystemRoot\System32\Drivers\Null.SYS
0x91F15000 \SystemRoot\System32\Drivers\Beep.SYS
0x91F1C000 \SystemRoot\System32\drivers\vga.sys
0x91F28000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91F49000 \SystemRoot\System32\drivers\watchdog.sys
0x91F56000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91F5E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91F66000 \SystemRoot\system32\drivers\rdprefmp.sys
0x91F6E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91F79000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91F87000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91F9E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8379C000 \SystemRoot\system32\drivers\afd.sys
0x91FA9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91FDB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8C7C8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91FE2000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8C7E7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C5C1000 \SystemRoot\system32\DRIVERS\serial.sys
0x8C600000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C5DB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x83393000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91FF3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C7F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C9FA000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8C5EB000 \SystemRoot\System32\drivers\discache.sys
0x9042F000 \SystemRoot\system32\drivers\csc.sys
0x90493000 \SystemRoot\System32\Drivers\dfsc.sys
0x904AB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x904B9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x92835000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x92E57000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92F0E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92F47000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x92F52000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x92F9D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92FAC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x93603000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x93BE2000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x904DA000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x92FCB000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x92800000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x93BEC000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x92819000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9051B000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x90554000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90561000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9056E000 \SystemRoot\system32\DRIVERS\serenum.sys
0x92FF7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x92831000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90578000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90581000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90593000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x905A0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x905B2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x905CA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x905D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90400000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90418000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C400000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C417000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8C421000 \SystemRoot\system32\DRIVERS\VClone.sys
0x835D3000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x93BFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9301F000 \SystemRoot\system32\DRIVERS\ks.sys
0x93053000 \SystemRoot\system32\DRIVERS\umbus.sys
0x93061000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x930A5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x930B6000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x9311E000 \SystemRoot\system32\DRIVERS\portcls.sys
0x9314D000 \SystemRoot\system32\DRIVERS\drmk.sys
0x93166000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x97730000 \SystemRoot\System32\win32k.sys
0x93189000 \SystemRoot\System32\drivers\Dxapi.sys
0x93193000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91E00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x931A0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x931B1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97990000 \SystemRoot\System32\TSDDD.dll
0x931BC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x931C7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x931DA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x931E1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x931E3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x931EF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x979C0000 \SystemRoot\System32\cdd.dll
0x93000000 \SystemRoot\system32\drivers\luafv.sys
0x8DC3C000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0x8DC73000 \SystemRoot\system32\drivers\WudfPf.sys
0x8DC8D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8DC9D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8DCE3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8DCF3000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x8DCFD000 \SystemRoot\system32\DRIVERS\purendis.sys
0x8DD07000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8DD23000 \SystemRoot\system32\drivers\HTTP.sys
0x8DDA8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8DDC1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8DDD3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8DC00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x833D4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB243D000 \SystemRoot\system32\drivers\peauth.sys
0xB24D4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB24DE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB24FF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB250C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB255B000 \SystemRoot\System32\DRIVERS\srv.sys
0xB25AC000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB25D6000 \??\C:\Users\Sanjana\AppData\Local\Temp\pwldypow.sys
0x77B20000 \Windows\System32\ntdll.dll
0x48260000 \Windows\System32\smss.exe
0x77D60000 \Windows\System32\apisetschema.dll
0x00620000 \Windows\System32\autochk.exe
0x77CD0000 \Windows\System32\comdlg32.dll
0x77CC0000 \Windows\System32\nsi.dll
0x779C0000 \Windows\System32\ole32.dll
0x77920000 \Windows\System32\usp10.dll
0x77870000 \Windows\System32\rpcrt4.dll
0x77C60000 \Windows\System32\difxapi.dll
0x77730000 \Windows\System32\urlmon.dll
0x776F0000 \Windows\System32\ws2_32.dll
0x77620000 \Windows\System32\msctf.dll
0x77600000 \Windows\System32\imm32.dll
0x775B0000 \Windows\System32\Wldap32.dll
0x774E0000 \Windows\System32\user32.dll
0x774D0000 \Windows\System32\normaliz.dll
0x774C0000 \Windows\System32\psapi.dll
0x77460000 \Windows\System32\shlwapi.dll
0x76810000 \Windows\System32\shell32.dll
0x767E0000 \Windows\System32\imagehlp.dll
0x76750000 \Windows\System32\clbcatq.dll
0x76740000 \Windows\System32\lpk.dll
0x76690000 \Windows\System32\msvcrt.dll
0x765B0000 \Windows\System32\kernel32.dll
0x763B0000 \Windows\System32\iertutil.dll
0x76310000 \Windows\System32\advapi32.dll
0x762C0000 \Windows\System32\gdi32.dll
0x76120000 \Windows\System32\setupapi.dll
0x76020000 \Windows\System32\wininet.dll
0x75F90000 \Windows\System32\oleaut32.dll
0x75F70000 \Windows\System32\sechost.dll
0x75E50000 \Windows\System32\crypt32.dll
0x75E00000 \Windows\System32\KernelBase.dll
0x75DE0000 \Windows\System32\devobj.dll
0x75DB0000 \Windows\System32\wintrust.dll
0x75D20000 \Windows\System32\comctl32.dll
0x75CF0000 \Windows\System32\cfgmgr32.dll
0x75CE0000 \Windows\System32\msasn1.dll
Processes (total 90):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
472 csrss.exe
524 C:\Windows\System32\wininit.exe
532 csrss.exe
580 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
628 C:\Windows\System32\winlogon.exe
772 C:\Windows\System32\svchost.exe
836 C:\Program Files\Fingerprint Sensor\AtService.exe
872 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
1324 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\svchost.exe
1664 C:\Windows\System32\spoolsv.exe
1724 C:\Windows\System32\svchost.exe
1860 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
1912 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1964 C:\Program Files\Bonjour\mDNSResponder.exe
1992 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2020 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
340 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
392 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1504 WmiPrvSE.exe
1892 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
2056 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
2068 C:\Windows\System32\java.exe
2100 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2296 unsecapp.exe
2304 C:\Windows\System32\conhost.exe
2596 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2696 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2748 C:\Windows\System32\svchost.exe
2788 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
3016 WmiPrvSE.exe
3272 C:\Windows\System32\taskhost.exe
3348 C:\Windows\System32\dwm.exe
3424 C:\Windows\explorer.exe
3888 C:\Windows\System32\svchost.exe
3980 C:\Windows\System32\svchost.exe
4032 C:\Program Files\DellTPad\Apoint.exe
4040 C:\Program Files\IDT\WDM\sttray.exe
4056 C:\Windows\System32\hkcmd.exe
4064 C:\Windows\System32\igfxpers.exe
4072 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
4080 C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
4092 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
1408 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
1380 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
1388 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
2684 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
2892 C:\Windows\System32\jureg.exe
636 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
3164 C:\Windows\System32\schtasks.exe
3512 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2836 C:\Windows\System32\conhost.exe
3656 C:\Windows\System32\igfxsrvc.exe
3412 C:\Program Files\real\realplayer\Update\realsched.exe
4228 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
4408 C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
4432 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4448 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
4700 C:\Windows\System32\igfxext.exe
4836 C:\Windows\System32\SearchIndexer.exe
5060 C:\Program Files\DellTPad\ApMsgFwd.exe
5080 C:\Program Files\DellTPad\hidfind.exe
5268 C:\Program Files\DellTPad\ApntEx.exe
5352 C:\Program Files\Windows Media Player\wmpnetwk.exe
5488 C:\Windows\System32\conhost.exe
3960 C:\Windows\System32\svchost.exe
3816 C:\Windows\System32\svchost.exe
700 C:\Windows\System32\svchost.exe
3620 C:\Windows\System32\audiodg.exe
2948 C:\Windows\System32\taskeng.exe
5932 C:\Windows\System32\SearchFilterHost.exe
944 C:\Program Files\Internet Explorer\iexplore.exe
5244 C:\Program Files\Internet Explorer\iexplore.exe
5252 C:\Program Files\Internet Explorer\iexplore.exe
1944 C:\Windows\System32\dllhost.exe
3920 C:\Windows\System32\SearchProtocolHost.exe
2832 dllhost.exe
5644 dllhost.exe
5040 C:\Data\MalwareRemoval\MBRCheck.exe
2540 C:\Windows\System32\conhost.exe
4532 C:\Program Files\real\realplayer\realplay.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
Blottedisk
2011-02-02, 01:46
Hi,
Please download Combofix from either of the links below but rename it to gentleman.exe before saving it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html )
--------------------------------------------------------------------
Right-click and choose "Run as administrator" on the renamed Combofix.exe & follow the prompts. When finished, it will produce a report for you.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix )
sanjupan
2011-02-02, 05:55
I am getting the Blue Screen when I download and run Gentleman.exe (Combofix.exe).
Do you want me to run this in Safe Mode or something. Not sure if that will resolve it.
:confused:
Thanks
Blottedisk
2011-02-03, 02:36
Yes please, try to run it in safe mode.
sanjupan
2011-02-03, 03:51
Unfortunately the same result. My laptop crashes when I run the renamed ComboFix.exe. Please advise.
Blottedisk
2011-02-03, 17:58
Hi,
It may be the infection interfering with Combofix. Please follow these steps:
Step 1 | Please download TDSSKiller from one of the following mirrors and save it in your desktop:
This is THE Mirror (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and right click on TDSSKiller.exe and choose "Run as administrator" to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious-1.png
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 2 | Please try to run Combofix again, following the procedure from my previous post.
sanjupan
2011-02-04, 06:11
TDSkiller log
2011/02/03 22:43:39.0815 8016 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/03 22:43:40.0018 8016 ================================================================================
2011/02/03 22:43:40.0018 8016 SystemInfo:
2011/02/03 22:43:40.0018 8016
2011/02/03 22:43:40.0018 8016 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/03 22:43:40.0018 8016 Product type: Workstation
2011/02/03 22:43:40.0018 8016 ComputerName: SANJPC
2011/02/03 22:43:40.0018 8016 UserName: Sanjana
2011/02/03 22:43:40.0018 8016 Windows directory: C:\Windows
2011/02/03 22:43:40.0018 8016 System windows directory: C:\Windows
2011/02/03 22:43:40.0018 8016 Processor architecture: Intel x86
2011/02/03 22:43:40.0018 8016 Number of processors: 2
2011/02/03 22:43:40.0018 8016 Page size: 0x1000
2011/02/03 22:43:40.0018 8016 Boot type: Normal boot
2011/02/03 22:43:40.0018 8016 ================================================================================
2011/02/03 22:43:40.0330 8016 Initialize success
2011/02/03 22:43:49.0269 6960 ================================================================================
2011/02/03 22:43:49.0269 6960 Scan started
2011/02/03 22:43:49.0269 6960 Mode: Manual;
2011/02/03 22:43:49.0269 6960 ================================================================================
2011/02/03 22:43:49.0986 6960 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/03 22:43:50.0080 6960 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
2011/02/03 22:43:50.0142 6960 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/03 22:43:50.0252 6960 acpials (79d6b28027c398b728ce7cd0570248b0) C:\Windows\system32\DRIVERS\acpials.sys
2011/02/03 22:43:50.0314 6960 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/03 22:43:50.0392 6960 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/03 22:43:50.0454 6960 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/03 22:43:50.0532 6960 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/03 22:43:50.0642 6960 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/02/03 22:43:50.0704 6960 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/03 22:43:50.0782 6960 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/02/03 22:43:50.0938 6960 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/03 22:43:50.0954 6960 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/02/03 22:43:50.0969 6960 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/03 22:43:51.0000 6960 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/03 22:43:51.0047 6960 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/03 22:43:51.0110 6960 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/03 22:43:51.0188 6960 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/03 22:43:51.0250 6960 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/03 22:43:51.0375 6960 ApfiltrService (12c94784e4fb5c5e45db8596b292c48a) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/02/03 22:43:51.0453 6960 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/02/03 22:43:51.0671 6960 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/02/03 22:43:51.0718 6960 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/03 22:43:51.0827 6960 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/03 22:43:51.0905 6960 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/03 22:43:52.0077 6960 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
2011/02/03 22:43:52.0217 6960 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/02/03 22:43:52.0295 6960 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/02/03 22:43:52.0436 6960 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/02/03 22:43:52.0545 6960 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/03 22:43:52.0607 6960 Blfp (d2f8d15f4852920e1f6b769e982414ad) C:\Windows\system32\DRIVERS\basp.sys
2011/02/03 22:43:52.0670 6960 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/03 22:43:52.0701 6960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/03 22:43:52.0732 6960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/03 22:43:52.0763 6960 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/02/03 22:43:52.0779 6960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/03 22:43:52.0810 6960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/03 22:43:52.0826 6960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/03 22:43:52.0872 6960 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/02/03 22:43:52.0935 6960 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/03 22:43:52.0997 6960 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/02/03 22:43:53.0075 6960 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/02/03 22:43:53.0122 6960 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/02/03 22:43:53.0216 6960 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
2011/02/03 22:43:53.0294 6960 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
2011/02/03 22:43:53.0356 6960 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/02/03 22:43:53.0450 6960 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/02/03 22:43:53.0481 6960 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/02/03 22:43:53.0793 6960 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/03 22:43:53.0840 6960 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/03 22:43:53.0886 6960 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/03 22:43:53.0949 6960 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/02/03 22:43:54.0011 6960 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/03 22:43:54.0027 6960 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/03 22:43:54.0058 6960 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/02/03 22:43:54.0105 6960 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/03 22:43:54.0152 6960 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/03 22:43:54.0183 6960 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/03 22:43:54.0276 6960 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/02/03 22:43:54.0339 6960 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/02/03 22:43:54.0401 6960 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/02/03 22:43:54.0448 6960 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/02/03 22:43:54.0542 6960 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/02/03 22:43:54.0620 6960 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/03 22:43:54.0776 6960 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/02/03 22:43:55.0010 6960 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/02/03 22:43:55.0088 6960 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/03 22:43:55.0244 6960 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/03 22:43:55.0290 6960 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/02/03 22:43:55.0306 6960 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/02/03 22:43:55.0337 6960 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/03 22:43:55.0368 6960 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/02/03 22:43:55.0400 6960 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/02/03 22:43:55.0415 6960 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/03 22:43:55.0446 6960 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/02/03 22:43:55.0478 6960 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/02/03 22:43:55.0509 6960 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/03 22:43:55.0556 6960 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/03 22:43:55.0649 6960 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/03 22:43:55.0712 6960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/03 22:43:55.0758 6960 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/03 22:43:55.0790 6960 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/03 22:43:55.0805 6960 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/03 22:43:55.0821 6960 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/03 22:43:55.0868 6960 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/03 22:43:55.0899 6960 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/03 22:43:55.0977 6960 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/03 22:43:56.0039 6960 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/02/03 22:43:56.0070 6960 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/03 22:43:56.0133 6960 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/03 22:43:56.0226 6960 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
2011/02/03 22:43:56.0273 6960 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/03 22:43:56.0445 6960 igfx (a70c995199a47f326eef4f9f5e6267a1) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/02/03 22:43:56.0726 6960 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/03 22:43:56.0804 6960 IntcHdmiAddService (e63cd0d9aa8d406cabde5aa718936f40) C:\Windows\system32\drivers\IntcHdmi.sys
2011/02/03 22:43:56.0850 6960 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/03 22:43:56.0866 6960 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/03 22:43:56.0897 6960 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/03 22:43:56.0960 6960 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/03 22:43:56.0991 6960 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/02/03 22:43:57.0038 6960 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/02/03 22:43:57.0069 6960 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/03 22:43:57.0100 6960 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/03 22:43:57.0162 6960 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/03 22:43:57.0209 6960 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/03 22:43:57.0240 6960 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/03 22:43:57.0318 6960 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/03 22:43:57.0396 6960 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/03 22:43:57.0459 6960 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/03 22:43:57.0490 6960 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/03 22:43:57.0521 6960 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/03 22:43:57.0552 6960 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/03 22:43:57.0584 6960 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/02/03 22:43:57.0615 6960 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/03 22:43:57.0630 6960 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/03 22:43:57.0740 6960 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/02/03 22:43:57.0786 6960 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/03 22:43:57.0849 6960 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/03 22:43:57.0927 6960 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/03 22:43:57.0958 6960 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/02/03 22:43:57.0989 6960 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/03 22:43:58.0005 6960 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/03 22:43:58.0036 6960 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/02/03 22:43:58.0098 6960 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/03 22:43:58.0130 6960 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/03 22:43:58.0161 6960 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/03 22:43:58.0192 6960 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/03 22:43:58.0208 6960 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/03 22:43:58.0301 6960 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
2011/02/03 22:43:58.0332 6960 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/02/03 22:43:58.0379 6960 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/03 22:43:58.0395 6960 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/03 22:43:58.0442 6960 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/03 22:43:58.0473 6960 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/03 22:43:58.0520 6960 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/02/03 22:43:58.0551 6960 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/02/03 22:43:58.0582 6960 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/03 22:43:58.0629 6960 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/02/03 22:43:58.0660 6960 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/03 22:43:58.0707 6960 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/02/03 22:43:58.0785 6960 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/03 22:43:58.0847 6960 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/02/03 22:43:58.0894 6960 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/03 22:43:58.0925 6960 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/03 22:43:58.0972 6960 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/03 22:43:58.0988 6960 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/03 22:43:59.0034 6960 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/02/03 22:43:59.0097 6960 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/03 22:43:59.0128 6960 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/03 22:43:59.0362 6960 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
2011/02/03 22:43:59.0612 6960 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/03 22:43:59.0674 6960 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/02/03 22:43:59.0705 6960 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/03 22:43:59.0752 6960 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/02/03 22:43:59.0799 6960 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/02/03 22:43:59.0830 6960 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/03 22:43:59.0861 6960 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/03 22:43:59.0924 6960 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/03 22:43:59.0939 6960 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/03 22:44:00.0080 6960 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/02/03 22:44:00.0111 6960 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/02/03 22:44:00.0173 6960 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/02/03 22:44:00.0220 6960 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
2011/02/03 22:44:00.0251 6960 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/02/03 22:44:00.0282 6960 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/03 22:44:00.0314 6960 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/03 22:44:00.0345 6960 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/02/03 22:44:00.0392 6960 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/02/03 22:44:00.0501 6960 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
2011/02/03 22:44:00.0610 6960 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/03 22:44:00.0641 6960 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/02/03 22:44:00.0704 6960 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/03 22:44:00.0750 6960 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
2011/02/03 22:44:00.0813 6960 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/03 22:44:00.0906 6960 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/03 22:44:00.0953 6960 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/03 22:44:00.0984 6960 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/03 22:44:01.0000 6960 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/03 22:44:01.0047 6960 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/03 22:44:01.0109 6960 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/03 22:44:01.0140 6960 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/03 22:44:01.0172 6960 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/03 22:44:01.0203 6960 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/03 22:44:01.0250 6960 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/03 22:44:01.0281 6960 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/03 22:44:01.0343 6960 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/02/03 22:44:01.0390 6960 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/03 22:44:01.0421 6960 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/03 22:44:01.0468 6960 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/02/03 22:44:01.0562 6960 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/02/03 22:44:01.0640 6960 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/02/03 22:44:01.0702 6960 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/02/03 22:44:01.0749 6960 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys
2011/02/03 22:44:01.0780 6960 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/02/03 22:44:01.0858 6960 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
2011/02/03 22:44:01.0874 6960 risdpcie (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys
2011/02/03 22:44:01.0920 6960 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/02/03 22:44:01.0967 6960 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys
2011/02/03 22:44:02.0045 6960 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/02/03 22:44:02.0123 6960 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/03 22:44:02.0186 6960 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/02/03 22:44:02.0248 6960 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/03 22:44:02.0279 6960 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/03 22:44:02.0388 6960 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/03 22:44:02.0482 6960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/03 22:44:02.0576 6960 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/03 22:44:02.0607 6960 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/02/03 22:44:02.0622 6960 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/03 22:44:02.0700 6960 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/03 22:44:02.0747 6960 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/03 22:44:02.0810 6960 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/03 22:44:02.0856 6960 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/03 22:44:02.0888 6960 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/02/03 22:44:02.0919 6960 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/03 22:44:02.0934 6960 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/03 22:44:03.0044 6960 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/02/03 22:44:03.0153 6960 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\Windows\system32\DRIVERS\sonypvs1.sys
2011/02/03 22:44:03.0184 6960 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/02/03 22:44:03.0278 6960 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/03 22:44:03.0324 6960 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/03 22:44:03.0340 6960 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/03 22:44:03.0418 6960 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/03 22:44:03.0512 6960 STHDA (674be634b14a6c773d2f4f46b7a1628b) C:\Windows\system32\DRIVERS\stwrt.sys
2011/02/03 22:44:03.0590 6960 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/02/03 22:44:03.0636 6960 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/02/03 22:44:03.0652 6960 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/03 22:44:03.0761 6960 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/02/03 22:44:03.0886 6960 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/03 22:44:03.0917 6960 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/03 22:44:03.0980 6960 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/02/03 22:44:04.0011 6960 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/02/03 22:44:04.0026 6960 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/03 22:44:04.0058 6960 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/03 22:44:04.0104 6960 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/03 22:44:04.0167 6960 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/03 22:44:04.0182 6960 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/03 22:44:04.0214 6960 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/03 22:44:04.0276 6960 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/03 22:44:04.0338 6960 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/03 22:44:04.0401 6960 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/03 22:44:04.0463 6960 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/02/03 22:44:04.0541 6960 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/02/03 22:44:04.0557 6960 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/03 22:44:04.0604 6960 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/03 22:44:04.0619 6960 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/03 22:44:04.0650 6960 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/03 22:44:04.0697 6960 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/03 22:44:04.0728 6960 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/03 22:44:04.0760 6960 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/03 22:44:04.0791 6960 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/03 22:44:04.0869 6960 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/02/03 22:44:04.0962 6960 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/02/03 22:44:05.0009 6960 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/03 22:44:05.0072 6960 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/03 22:44:05.0103 6960 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/02/03 22:44:05.0134 6960 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/03 22:44:05.0181 6960 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/02/03 22:44:05.0212 6960 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/02/03 22:44:05.0243 6960 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/03 22:44:05.0290 6960 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/02/03 22:44:05.0321 6960 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/02/03 22:44:05.0337 6960 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/03 22:44:05.0352 6960 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/02/03 22:44:05.0430 6960 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/03 22:44:05.0493 6960 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/03 22:44:05.0680 6960 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
2011/02/03 22:44:05.0727 6960 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/02/03 22:44:05.0758 6960 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/02/03 22:44:05.0836 6960 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/02/03 22:44:05.0883 6960 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/03 22:44:05.0914 6960 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/03 22:44:05.0914 6960 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/03 22:44:06.0023 6960 WavxDMgr (4011d285c449dd833040045cb0f0e3fe) C:\Windows\system32\DRIVERS\WavxDMgr.sys
2011/02/03 22:44:06.0070 6960 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/02/03 22:44:06.0101 6960 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/03 22:44:06.0195 6960 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/03 22:44:06.0226 6960 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/02/03 22:44:06.0351 6960 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/02/03 22:44:06.0398 6960 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/03 22:44:06.0444 6960 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/03 22:44:06.0476 6960 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/02/03 22:44:06.0522 6960 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/03 22:44:06.0632 6960 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/03 22:44:06.0632 6960 ================================================================================
2011/02/03 22:44:06.0632 6960 Scan finished
2011/02/03 22:44:06.0632 6960 ================================================================================
2011/02/03 22:44:06.0647 5964 Detected object count: 1
2011/02/03 22:44:30.0936 5964 \HardDisk0 - will be cured after reboot
2011/02/03 22:44:30.0936 5964 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/03 22:44:37.0114 3320 Deinitialize success
sanjupan
2011-02-04, 06:13
Combofix.log
ComboFix 11-01-31.02 - Sanjana 02/03/2011 22:55:11.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3539.2301 [GMT -5:00]
Running from: c:\users\Sanjana\Desktop\Gentleman.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Sanjana\AppData\Local\{53DB150E-4600-44D5-9952-E9C8A98CD7FE}
c:\users\Sanjana\AppData\Local\{53DB150E-4600-44D5-9952-E9C8A98CD7FE}\chrome\content\overlay.xul
c:\users\Sanjana\AppData\Local\{53DB150E-4600-44D5-9952-E9C8A98CD7FE}\install.rdf
c:\users\Sanjana\AppData\Local\ayetaciw.dll
c:\users\Sanjana\AppData\Roaming\Local
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\aihwspzctzzz.avi.ddr
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\aihwspzctzzz.avi.ddp
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\xasttl.mp4
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\xasttl.mp4.ddr
.
((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.
2011-02-04 04:03 . 2011-02-04 04:03 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-02-04 04:03 . 2011-02-04 04:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-02-04 04:03 . 2011-02-04 04:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-04 03:49 . 2011-02-04 03:49 -------- d-----w- C:\32788R22FWJFW
2011-01-27 16:28 . 2011-01-27 16:28 -------- d-----w- c:\users\Sanjana\hob
2011-01-23 07:23 . 2011-01-23 07:23 -------- d-----w- c:\windows\Sun
2011-01-23 05:51 . 2011-01-30 11:09 0 ----a-w- c:\users\Sanjana\AppData\Local\Vpumebirit.bin
2011-01-23 05:49 . 2011-01-30 11:47 -------- d-----w- c:\programdata\eAeLb06504
2011-01-07 02:58 . 2011-01-11 05:05 -------- d-----w- c:\users\Sanjana\AppData\Roaming\ImgBurn
2011-01-07 02:37 . 2011-01-07 02:37 -------- d-----w- c:\program files\ImgBurn
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 03:45 . 2010-02-05 01:18 0 ----a-w- c:\users\Sanjana\AppData\Local\WavXMapDrive.bat
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-10 04:33 . 2010-12-23 03:50 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5843D9DB-F9CD-4AA8-80A8-334D84F11667}\mpengine.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-10-06 1826816]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2010-01-31 55072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2010-12-29 274608]
c:\users\Sanjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Google Update"="c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1caaec57f5ab489;Google Update Service (gupdate1caaec57f5ab489);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 133104]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-31 29472]
R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-26 1343400]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-10-06 76288]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
Contents of the 'Scheduled Tasks' folder
2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]
2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]
2011-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000Core.job
- c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]
2011-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000UA.job
- c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]
2011-02-02 c:\windows\Tasks\Norton Security Scan for Sanjana.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-28 14:06]
2011-02-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1208262141-4149667152-2894938055-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winnt/AXNTEE.dll
FF - ProfilePath - c:\users\Sanjana\AppData\Roaming\Mozilla\Firefox\Profiles\lps6crmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7f,af,35,60,0d,ba,19,77,58,09,13,4d,26,61,d8,9a,e5,f8,6d,09,79,
c0,32,d9,a3,ec,dd,34,40,6d,92,49,27,d7,b2,7f,00,8d,82,32,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{7a41ce08-36ed-4270-8a34-880f76d8acda}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012e
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,8a,df,a8,03,3f,97,a3,12,d7,99,f3,3a,88,2b,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2352)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\java.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2011-02-03 23:10:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-04 04:10
ComboFix2.txt 2010-09-25 05:31
Pre-Run: 137,791,590,400 bytes free
Post-Run: 137,188,327,424 bytes free
- - End Of File - - 1700EFA665FBB49FEDF0E80AA9014754
Blottedisk
2011-02-06, 20:32
Hi sanjupan,
Please follow these steps:
Step 1 | Please download mbr.exe from one of the following mirrors and save it to your desktop:
This is THE Mirror (http://www2.gmer.net/mbr/mbr.exe)
--------------------------------------------------------------------
Double click on mbr.exe to run it (Vista/Windows 7 users double click the file and choose "Run as administrator").
Please open the file mbr.log and post it's contents in your next reply. You will find this file in the same location as mbr.exe (probably in your desktop)
Step 2 | Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
--------------------------------------------------------------------
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:dir
c:\users\Sanjana\hob /s
c:\programdata\eAeLb06504 /s
:contents
c:\users\Sanjana\AppData\Local\WavXMapDrive.bat
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Step 3 | ComboFix - CFScript
WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
Please open Notepad and copy/paste all the text below... into the window:
DDS::
uInternet Settings,ProxyOverride = *.local
Save it to your desktop as CFScript.txt
Please disable any Antivirus or Firewall you have active, as shown in this topic (http://www.bleepingcomputer.com/forums/topic114351.html). Please close all open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
http://i526.photobucket.com/albums/cc345/MPKwings/ComboFixScriptDrag.gif
This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
Please copy/paste the contents of log.txt... in your next reply.
** Enable your Antivirus and Firewall, before connecting to the Internet again! **
sanjupan
2011-02-07, 00:34
MBR Log
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: SAMSUNG_ rev.2AC1 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
sanjupan
2011-02-07, 00:34
SystemLook 04.09.10 by jpshortstuff
Log created at 17:30 on 06/02/2011 by Sanjana
Administrator - Elevation successful
========== dir ==========
c:\users\Sanjana\hob - Parameters: "/s"
---Files---
None found.
c:\users\Sanjana\hob\jwt d------ [16:28 27/01/2011]
c:\users\Sanjana\hob\jwt\.jwscache d------ [16:28 27/01/2011]
c:\users\Sanjana\hob\jwt\.jwscache\lib d------ [16:28 27/01/2011]
rel91.gif --a---- 144 bytes [16:28 27/01/2011] [16:28 27/01/2011]
c:\programdata\eAeLb06504 - Parameters: "/s"
---Files---
eAeLb06504 --a---- 94 bytes [05:49 23/01/2011] [05:58 23/01/2011]
No folders found.
========== contents ==========
c:\users\Sanjana\AppData\Local\WavXMapDrive.bat - Opened succesfully.
-= EOF =-
sanjupan
2011-02-07, 01:03
Combofix log
ComboFix 11-02-05.01 - Sanjana 02/06/2011 17:54:24.4.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3539.2467 [GMT -5:00]
Running from: c:\users\Sanjana\Desktop\Gentleman.exe
Command switches used :: c:\users\Sanjana\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2011-01-06 to 2011-02-06 )))))))))))))))))))))))))))))))
.
2011-02-06 23:00 . 2011-02-06 23:00 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-02-06 23:00 . 2011-02-06 23:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-02-06 23:00 . 2011-02-06 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-06 08:00 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-02-06 08:00 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-02-04 12:19 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADC27CD4-2D32-4C2E-A9B0-49785918A33D}\mpengine.dll
2011-02-04 12:19 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-02-04 12:19 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-04 12:19 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-04 04:10 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2011-02-04 03:54 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-01-27 16:28 . 2011-01-27 16:28 -------- d-----w- c:\users\Sanjana\hob
2011-01-23 07:23 . 2011-01-23 07:23 -------- d-----w- c:\windows\Sun
2011-01-23 05:51 . 2011-01-30 11:09 0 ----a-w- c:\users\Sanjana\AppData\Local\Vpumebirit.bin
2011-01-23 05:49 . 2011-01-30 11:47 -------- d-----w- c:\programdata\eAeLb06504
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-06 22:23 . 2010-02-05 01:18 0 ----a-w- c:\users\Sanjana\AppData\Local\WavXMapDrive.bat
2011-02-02 22:11 . 2010-02-05 02:35 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-10-06 1826816]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2010-01-31 55072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2010-12-29 274608]
c:\users\Sanjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Google Update"="c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1caaec57f5ab489;Google Update Service (gupdate1caaec57f5ab489);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 133104]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-31 29472]
R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-26 1343400]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-10-06 76288]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
Contents of the 'Scheduled Tasks' folder
2011-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]
2011-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]
2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000Core.job
- c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]
2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000UA.job
- c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]
2011-02-06 c:\windows\Tasks\Norton Security Scan for Sanjana.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-28 14:06]
2011-02-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1208262141-4149667152-2894938055-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winnt/AXNTEE.dll
FF - ProfilePath - c:\users\Sanjana\AppData\Roaming\Mozilla\Firefox\Profiles\lps6crmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7f,af,35,60,0d,ba,19,77,58,09,13,4d,26,61,d8,9a,e5,f8,6d,09,79,
c0,32,d9,a3,ec,dd,34,40,6d,92,49,27,d7,b2,7f,00,8d,82,32,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{7a41ce08-36ed-4270-8a34-880f76d8acda}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012e
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,8a,df,a8,03,3f,97,a3,12,d7,99,f3,3a,88,2b,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4180)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2011-02-06 18:01:34
ComboFix-quarantined-files.txt 2011-02-06 23:01
ComboFix2.txt 2011-02-04 04:10
ComboFix3.txt 2010-09-25 05:31
Pre-Run: 138,927,542,272 bytes free
Post-Run: 138,919,854,080 bytes free
- - End Of File - - 25AB5F66568FB2EB50F4C27022988B68
Blottedisk
2011-02-08, 02:23
Hi there,
The logs look much better. How's your machine running now?
Please follow these steps:
Step 1 | Please open and post the contents of the file Attach.txt. You will find this file in the same locations as DDS, probably in your desktop.
Step 2 | Please go here: http://virusscan.jotti.org / (http://virusscan.jotti.org/ )
When the jotti page has finished loading, click the "Browse" button and navigate to the following files and click Submit:
c:\users\Sanjana\hob\jwt\.jwscache\lib\rel91.gif
c:\programdata\eAeLb06504\eAeLb06504
Copy the results and paste them here
Note: You will not be able to upload and scan all files at once. You will have to submit and scan each file separately.
Step 3 | Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php ) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Step 4 | Let's perform an ESET Online Scan
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html ).
Please go here (http://www.eset.com/onlinescan/ ) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif (Selecting Uninstall application on close if you so wish)
sanjupan
2011-02-08, 06:41
I dont see the file Attach.txt for last time on desktop.
The one I see is for 30 Jan on my local folder. Do I need to run DDS or anything to get it?
Blottedisk
2011-02-10, 01:48
Hi there,
No need to rerun DDS. That one from 30 January would be fine, please post it's contents. After that, proceed with the rest of the procedure.
Blottedisk
2011-02-13, 00:49
Hi,
Are you still there?
sanjupan
2011-02-15, 03:29
Step1
-------
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2010 8:17:46 PM
System Uptime: 1/30/2011 6:48:31 AM (1 hours ago)
Motherboard: Dell Inc. | | 0DW634
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2509/266mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 218 GiB total, 125.579 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP92: 11/28/2010 7:04:24 PM - Windows Backup
RP93: 12/5/2010 7:00:18 PM - Windows Backup
RP94: 12/12/2010 7:00:19 PM - Windows Backup
RP95: 12/19/2010 7:01:53 PM - Windows Backup
RP96: 12/22/2010 10:49:55 PM - Windows Update
RP97: 12/27/2010 12:48:29 AM - Windows Backup
RP98: 1/9/2011 7:34:51 PM - Windows Backup
RP99: 1/16/2011 7:10:33 PM - Windows Backup
RP100: 1/24/2011 7:31:44 AM - Scheduled Checkpoint
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
All Day Battery Life Configuration
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Software
Aventail Access Manager
Aventail Web Proxy Agent
Aventail Webifiers
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
Citrix Presentation Server Web Client for Win32
Confidence Online(tm) for Web Applications
Crystal Reports for Visual Studio
DCP32MMWrapper
Definition update for Microsoft Office 2010 (KB982726)
Dell Backup and Recovery Manager
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Document Manager Lite
Dotfuscator Software Services - Community Edition
EMBASSY Security Center
EMBASSY Security Setup
ERUNT 1.1j
ESC Home Page Plugin
Gemalto
Google Chrome
Google Talk Plugin
Google Update Helper
HxD Hex Editor version 1.7.7.0
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
IntelŪ Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Juniper Networks Setup Client
Juniper Terminal Services Client
Junk Mail filter update
Linksys EasyLink Advisor
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Choice Guard
Microsoft Help Viewer 1.0
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4418
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Macro Tools
Mozilla Firefox (3.6.3)
Mp3tag v2.46a
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Scan
NTRU TCG Software Stack
PowerDVD DX
Preboot Manager
Private Information Manager
Pure Networks Platform
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Word 2010 (KB2345000)
Security Wizards
Service Pack 1 for SQL Server 2008 (KB968369)
SO32MMWrapper
Sony USB Driver
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
Trusted Drive Manager
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (KB982305)
UPEK TouchChip Fingerprint Reader
VC80CRTRedist - 8.0.50727.4053
Veoh Web Player
VirtualCloneDrive
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.4
Vuze
Wave Infrastructure Installer
Wave Support Software
Web Deployment Tool
WebEx
WebEx Support Manager for Internet Explorer
WIDCOMM Bluetooth Software
Winamp
Winamp Detector Plug-in
Winamp Remote
Windows 7 Upgrade Advisor
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
1/30/2011 7:03:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/30/2011 7:03:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
1/30/2011 7:03:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
1/30/2011 7:03:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
1/30/2011 7:03:38 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
1/30/2011 7:02:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 6:49:22 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
1/30/2011 6:41:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/30/2011 6:38:48 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/30/2011 6:38:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/30/2011 6:38:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/30/2011 6:38:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/30/2011 6:38:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/30/2011 6:38:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/30/2011 6:38:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 6:25:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xc00102e8, 0x00000002, 0x00000000, 0x8367645d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013011-28626-01.
1/30/2011 6:11:37 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).
1/30/2011 6:11:37 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 5 time(s).
1/30/2011 6:11:37 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 5 time(s).
1/29/2011 6:54:30 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
1/29/2011 6:54:30 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
1/29/2011 6:54:30 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
1/29/2011 5:08:28 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/29/2011 5:08:28 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/29/2011 5:08:28 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/29/2011 5:08:26 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
1/29/2011 10:14:17 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s).
1/29/2011 10:14:17 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s).
1/29/2011 10:14:17 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 7:16:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/27/2011 2:03:07 PM, Error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
1/27/2011 11:32:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
1/27/2011 11:32:45 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/27/2011 11:32:15 AM, Error: Service Control Manager [7022] - The Server service hung on starting.
1/27/2011 11:32:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
1/27/2011 11:30:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
1/27/2011 11:30:25 AM, Error: Service Control Manager [7001] - The Application Information service depends on the User Profile Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
1/27/2011 11:30:25 AM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/27/2011 11:29:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
1/27/2011 11:29:55 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/25/2011 9:31:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00009087 (0x00000000, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012511-21247-01.
1/25/2011 9:22:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000001, 0x83647e85). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012511-21309-01.
1/25/2011 9:18:56 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000001, 0x8364ee85). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012511-23571-01.
1/25/2011 12:12:37 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 6 time(s).
1/25/2011 12:12:37 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 6 time(s).
1/25/2011 11:06:06 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00-1D-BC-16-DC-FF. Network operations on this system may be disrupted as a result.
1/25/2011 11:06:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/25/2011 10:17:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x8fdb2a0b, 0x00000002, 0x00000001, 0x836281da). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012511-23353-01.
1/24/2011 1:28:26 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s).
1/23/2011 2:50:59 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s).
1/23/2011 2:02:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
1/23/2011 1:04:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x820d62f1, 0x8c81ba60, 0x8c81b640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012311-21434-01.
1/23/2011 1:01:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82cfb2f1, 0x8e51fa60, 0x8e51f640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012311-25771-01.
==== End Of File ===========================
------------------------------------------------------
Step2
-------
Filename: rel91.gif
http://virusscan.jotti.org/en/scanresult/fadae4ea504c5414994face4599c232e54ebea54
2011-02-14 Found nothing 2011-02-15 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-15 Found nothing
2011-02-15 Found nothing 2011-02-13 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing
=============
Filename: eAeLb06504
http://virusscan.jotti.org/en/scanresult/e3119aafc2d56fac6276cb06ee411649e108dd61
2011-02-10 Found nothing 2011-02-15 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-15 Found nothing
2011-02-15 Found nothing 2011-02-13 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing
sanjupan
2011-02-15, 03:52
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5765
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
2/14/2011 8:48:02 PM
mbam-log-2011-02-14 (20-48-02).txt
Scan type: Quick scan
Objects scanned: 186236
Time elapsed: 7 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
sanjupan
2011-02-15, 05:50
Step 4 | Let's perform an ESET Online Scan
============
Hi
How much time does this take ?
Its been 60 mins and its still scanning one of the .iso installation files by Microsoft.
Please advise
Thanks and regards
Sanjay
Blottedisk
2011-02-15, 06:42
Hi Sanjay,
Yes, Online Scanners like this often take several hours to complete. I would suggest you run the scan at night, and if possible, let it running the rest of the day. It's important that you provide me with it's results.
The rest of the logs are looking fine. How're your browser running?
sanjupan
2011-02-15, 06:45
Thanks.
Can I disconnect my internet when its scanning?
sanjupan
2011-02-15, 15:01
ESET scan log
C:\Qoobox\Quarantine\C\Users\Sanjana\AppData\Local\ayetaciw.dll.vir a variant of Win32/Cimag.FT trojan
C:\Users\Public\Documents\Server\hlp.dat probably a variant of Win32/Agent.JCVPCMR trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\43120580-37e6314a Java/TrojanDownloader.Agent.NBK trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\653a8b4a-2482c0d8 probably a variant of Win32/Agent.FPEXZHL trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7a087e0b-340f2d40 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-634e45ea multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\308c10c-46579c39 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6b2b5d8c-41e726b4 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\15397e0d-7f42dd1c a variant of Java/TrojanDownloader.OpenStream.NAY trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\48173611-6b28a619 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\16f80713-5915a4a4 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\8cc76d3-57b25d78 a variant of Java/Exploit.Agent.NAL trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\5f546d95-515d52fd multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-17b0d7ca multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\42f2dad8-6a223b6f probably a variant of Win32/Agent.RPSVWU trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7b7b6759-76a96a10 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\53c8c5da-44d9b878 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\48c654db-5a6528b1 probably a variant of Win32/Agent.HRYTTOE trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\20d825dc-71923437 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\26d395dc-1903ca14 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-1a42ef06 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\743fee9f-74daa67c multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-2004b95f multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\35d18421-58060da7 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\187b0ca2-5a475499 probably a variant of Win32/Agent.FPEXZHL trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\43ddf822-35b7d5ff multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\41e8aee3-407cc926 probably a variant of Win32/Agent.HRYTTOE trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-4b4d12e9 probably a variant of Win32/Agent.HRYTTOE trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\546b8c27-4a2b8e78 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\40591084-2bc9dd3f Java/TrojanDownloader.Agent.NBL trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5ebca369-3def0ec0 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\34a3fab-62c16d5b multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\752509ab-2596151f probably a variant of Win32/Agent.HRYTTOE trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\f6e936c-1489abc4 a variant of OSX/Exploit.Smid.C trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\4084a7b0-1835644b multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-40f8015a probably a variant of Win32/Agent.DYXWUMY trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\6a183b45-16a9ac88 probably a variant of Win32/Agent.HRYTTOE trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\425fc2f3-3663729c probably a variant of Win32/Agent.RPSVWU trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-7ba92068 probably a variant of Win32/Agent.DYXWUMY trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7971bb76-26972c50 multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\1192d4f9-74dea01b multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\fd18ba-48640a7b multiple threats
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\23146dfe-1e91f3dd a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\43e0867f-2eb57fe0 Java/TrojanDownloader.Agent.NBL trojan
C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\3f5641c8-18f911d0 Java/TrojanDownloader.Agent.NBK trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4812d38c-56443801 multiple threats
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\44d775d7-1278bf7f multiple threats
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1131b71b-28fe058d a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3c257486-775cb703 multiple threats
Blottedisk
2011-02-17, 01:42
Hi there,
We are almost done. How's the computer running now?
Please follow these steps:
Step 1 | Please go to the following site to scan a file: Virus Total (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fwww.virustotal.com )
Click on Browse, and upload the following file for analysis:
C:\Users\Public\Documents\Server\hlp.dat
Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
Step 2 | Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components
and update.
Click on the following link to visit java website:
Java Runtime Environment (JRE)
6 (http://www.oracle.com/technetwork/java/javase/downloads/index.html
)
Scroll down to where it says "JDK 6 Update 23 (JDK or JRE)".
Click the "Download" button to the right column (JRE).
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: " I
agree to the Java SE Runtime Environment 6 with JavaFX License
Agreement". Click on Continue. The page will refresh.
Click on the link to download Windows Offline Installation
and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Now go to Start > Settings > Control Panel, double-click on
Add/Remove Programs and remove all older
versions of Java.
Check (highlight) any item with Java Runtime Environment
(JRE or J2SE or Java(TM) 6) in the name [Java(TM) 6 Update 21 and Java(TM) 6 Update 3.]
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the recently downloaded java
installer icon to install the newest version.
After the install is complete, go into the Control Panel
(using Classic View) and double-click the Java Icon. (looks like a
coffee cup)
On the General tab, under Temporary Internet Files, click the
Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave
BOTH Checked
Applications and AppletsTrace and Log Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from
the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.
sanjupan
2011-02-18, 06:24
When I browse and click on "Send File" it does not do anything.
The status bar in IE shows "Error on page" message. I clicked on details i get below message.
==============================================
Webpage error details
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; InfoPath.3)
Timestamp: Fri, 18 Feb 2011 03:55:02 UTC
Message: 'tagName' is null or not an object
Line: 73
Char: 4
Code: 0
URI: http://www.virustotal.com/
===============================================
Blottedisk
2011-02-19, 02:35
Then please upload the file to Jotti:
Go here: http://virusscan.jotti.org / (http://virusscan.jotti.org/ )
When the jotti page has finished loading, click the "Browse" button and navigate to the following file and click Submit:
C:\Users\Public\Documents\Server\hlp.dat
Copy the results and paste them here
sanjupan
2011-02-19, 05:11
Results
http://virusscan.jotti.org/en/scanresult/c22b8e8e9a9fd237d8b65ed602639a24653d3229
2011-02-19 Found nothing 2011-02-19 Found nothing
2011-02-18 Found nothing 2011-02-18 Trojan.Win32.Bamital
2011-02-18 Found nothing Scanning, please wait...
2011-02-18 Found nothing 2011-02-18 Found nothing
2011-02-18 Found nothing 2011-02-18 Found nothing
2011-02-18 Found nothing 2011-02-18 Found nothing
2011-02-18 Found nothing 2011-02-19 Mal/Bamital-A
2011-02-19 Found nothing 2011-02-18 Found nothing
2011-02-18 Found nothing 2011-02-18 Found nothing
2011-02-19 Found nothing
sanjupan
2011-02-19, 05:12
http://virusscan.jotti.org/en/scanresult/c22b8e8e9a9fd237d8b65ed602639a24653d3229
2011-02-19 Found nothing 2011-02-19 Found nothing
2011-02-18 Found nothing 2011-02-18 Trojan.Win32.Bamital
2011-02-18 Found nothing 2011-02-18 Found nothing
2011-02-18 Found nothing 2011-02-18 Found nothing
2011-02-18 Found nothing 2011-02-18 Found nothing
2011-02-18 Found nothing 2011-02-18 Found nothing
2011-02-18 Found nothing 2011-02-19 Mal/Bamital-A
2011-02-19 Found nothing 2011-02-18 Found nothing
2011-02-18 Found nothing 2011-02-18 Found nothing
2011-02-19 Found nothing
sanjupan
2011-02-19, 05:14
For Step 2....The
"Java Runtime Environment (JRE) 6" link is not working.
Any alternate ?
Blottedisk
2011-02-19, 05:50
My apologies, here is the link again:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
sanjupan
2011-02-20, 02:23
Thanks.
On this update page
There two options with "JDK 6 Update 23" -
JDK 6 Update 23 with Java EE
and
JDK 6 Update 23 with NetBeans 6.9.1
There is also an option "JDK 6 Update 24 with JavaFX 1.3.1 SDK" .
which one should I choose ?
Blottedisk
2011-02-20, 02:25
Java has been updated in the meanwhile. You should scroll down to and download "JDK 6 Update 24 (JDK or JRE)" now.
sanjupan
2011-02-22, 05:00
Completed Step 2. of installing JDK.
Please advise on the next step.
Thanks.
Blottedisk
2011-02-23, 03:09
Hi Sanjay,
Your logs look ok, so we are almost done. How is your computer running now? Are you still experiencing any redirects?
I notice you do not have an Antivirus, to clean you without one would be a waste of time as you will get re-infected. Choose, download and install only ONE of the following applications:
Avast - http://www.avast.com/eng/download-avast-home.html (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fwww.avast.com%2Feng%2Fdownload-avast-home.html )
Antivir - http://www.free-av.com/ (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fwww.free-av.com%2F )
I don't see any evidence of a 3rd Party Firewall installed on your computer either. Can you please tell me if you have one installed, and verify that it is active.
If you have Windows Firewall enabled, thatīs ok.
If you do not have a Firewall installed, please go to one of the links below and download and install ONLY one.
Comodo - http://www.personalfirewall.comodo.com/ (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fwww.personalfirewall.comodo.com%2F )
Outpost Firewall FREE - http://www.agnitum.com/products/outpostfree/ (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fwww.agnitum.com%2Fproducts%2Foutpostfree%2F )
Blottedisk
2011-02-27, 03:32
Hi there?