View Full Version : Fake Virus Detector Infection
Here is my DDS log. I was getting a fake virus detector set of fake warnings. I think it was XP Virus Detector 2010 or something similar. I have Bitdefender, but service was not running properly. Got it started and ran the scan. It found several viruses but could not clean them all automatically. I rebooted and Windows started putting up the "blue screen of death" saying there was a problem with the disk and try to run chkdisk and such. I could get it to boot in Safe Mode (not networking though) and was able to run the DDS tool and save off any data not already backed up. That's it for now. Help!
.
DDS (Ver_2011-06-12.02) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Run by Pete at 20:53:52 on 2011-06-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2762 [GMT -7:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ipswitch\ws_ftp home\wsbho2k0.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [AOL Fast Start] "c:\program files\america online 9.0a\AOL.EXE" -b
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10n_Plugin.exe -update plugin
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/aolpPlugins.10.6.0.6.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.1.100:8080/DvrOcx.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://rsvpn.raytheon.com/dana-cached/setup/JuniperSetupSP1.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D2615061-B9A2-47D2-91AB-A134C0EBFAE1} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pete\application data\mozilla\firefox\profiles\4p0usagx.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/28200/aol/en-us/Suite.aspx|http://www.aol.com/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Avery Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: XUL Cache: {00638964-a227-4a4a-9360-6a55b05751b7} - %profile%\extensions\{00638964-a227-4a4a-9360-6a55b05751b7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
S1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [2008-11-21 64480]
S2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
S2 gupdate1c9d129e73f31b4;Google Update Service (gupdate1c9d129e73f31b4);c:\program files\google\update\GoogleUpdate.exe [2009-5-9 133104]
S2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys --> c:\windows\system32\drivers\portd2k.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-9 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-7-3 23096]
.
=============== Created Last 30 ================
.
2011-06-14 04:34:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-14 04:34:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-11 03:03:22 0 ---ha-w- c:\documents and settings\pete\fjgbsydevb.tmp
2011-05-27 23:20:15 -------- d-----w- c:\documents and settings\pete\local settings\application data\Garmin
.
==================== Find3M ====================
.
2011-06-14 04:11:54 81984 ----a-w- c:\windows\system32\bdod.bin
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-26 23:02:09 264768 ----a-w- c:\windows\system32\bda12F3.tmp
2003-03-05 05:59:22 16204762 ------w- c:\program files\DVD Wizard Pro Complete.exe
2002-04-14 19:20:00 3115916 ------w- c:\program files\dvdwpro.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380013AS rev.8.12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AE3C6F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ae42a10]; MOV EAX, [0x8ae42a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8AE918E0]
3 CLASSPNP[0xF76B7FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8ADE1930]
\Driver\atapi[0x8AED8318] -> IRP_MJ_CREATE -> 0x8AE3C6F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AE3C53B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:56:43.26 ===============
redcar92
2011-06-17, 04:14
Hello pshloss and welcome to the Safernetworking forum,
I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.
Please observe these rules while we work: Read the entire procedure It is important to perform ALL actions in sequence. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with me till you're given the all clear. Malware removal can be stressful but we will clean it. Remember, absence of symptoms does not mean the infection is all gone. Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible.
Please bear with me, I will post back to you as soon as I can.
IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.
Stay with this topic until I give you the all clean post.
Thanks Bill! Looking forward to working with you.
Pete
redcar92
2011-06-18, 01:44
OK Pete, here we go
Please do the following steps:
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
Please read carefully and follow these steps.
Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i1176.photobucket.com/albums/x337/redcar92/WTT/TDSSKiller/TDSSKiller1.png
If an infected file is detected, the default action will be Cure, click on Continue.
http://i1176.photobucket.com/albums/x337/redcar92/WTT/TDSSKiller/TDSSKiller2.png
If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i1176.photobucket.com/albums/x337/redcar92/WTT/TDSSKiller/TDSSKiller3.png
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file in your next post.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]
_log.txt". Please copy and paste the contents of that file in your next post.
Next
Please download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
Next
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***
Download Combofix from any of the links below. Save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are
today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special
recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License
Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://i1176.photobucket.com/albums/x337/redcar92/WTT/CF/CFRCNeeded.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://i1176.photobucket.com/albums/x337/redcar92/WTT/CF/CF2.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Logs to post:
TDSSKiler?????log.txt
checkmbr.txt
Combofix.txt
Bill, seems to have worked well! Everything went per the procedure you gave me. Logs below.
2011/06/17 20:44:42.0671 1280 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/17 20:44:42.0703 1280 ================================================================================
2011/06/17 20:44:42.0703 1280 SystemInfo:
2011/06/17 20:44:42.0703 1280
2011/06/17 20:44:42.0703 1280 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/17 20:44:42.0703 1280 Product type: Workstation
2011/06/17 20:44:42.0703 1280 ComputerName: NEWOFFICE_4700
2011/06/17 20:44:42.0703 1280 UserName: Pete
2011/06/17 20:44:42.0703 1280 Windows directory: C:\WINDOWS
2011/06/17 20:44:42.0703 1280 System windows directory: C:\WINDOWS
2011/06/17 20:44:42.0703 1280 Processor architecture: Intel x86
2011/06/17 20:44:42.0703 1280 Number of processors: 2
2011/06/17 20:44:42.0703 1280 Page size: 0x1000
2011/06/17 20:44:42.0703 1280 Boot type: Safe boot
2011/06/17 20:44:42.0703 1280 ================================================================================
2011/06/17 20:44:50.0437 1280 Initialize success
2011/06/17 20:44:53.0578 1300 ================================================================================
2011/06/17 20:44:53.0578 1300 Scan started
2011/06/17 20:44:53.0578 1300 Mode: Manual;
2011/06/17 20:44:53.0578 1300 ================================================================================
2011/06/17 20:44:58.0031 1300 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/17 20:44:59.0015 1300 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/17 20:44:59.0578 1300 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/17 20:45:00.0125 1300 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/17 20:45:00.0687 1300 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/06/17 20:45:01.0281 1300 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/17 20:45:01.0859 1300 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/06/17 20:45:02.0484 1300 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/17 20:45:03.0062 1300 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/17 20:45:03.0593 1300 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/17 20:45:04.0156 1300 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/17 20:45:04.0671 1300 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/17 20:45:05.0218 1300 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/17 20:45:05.0812 1300 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/17 20:45:06.0359 1300 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/17 20:45:06.0890 1300 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/17 20:45:07.0437 1300 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/17 20:45:08.0171 1300 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/17 20:45:08.0703 1300 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/17 20:45:09.0359 1300 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/17 20:45:09.0968 1300 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/17 20:45:10.0515 1300 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/17 20:45:11.0828 1300 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/17 20:45:12.0750 1300 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/17 20:45:13.0312 1300 ATWPKT2 (0d74d0aa2eccb5e2019b5e10c38afd19) C:\WINDOWS\system32\drivers\ATWPKT2.SYS
2011/06/17 20:45:13.0875 1300 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/17 20:45:14.0468 1300 bdfm (ced6717bd8b67284afcf692b9316b464) C:\WINDOWS\system32\drivers\bdfm.sys
2011/06/17 20:45:15.0078 1300 Bdfndisf (dd3a1af8bdacbf45919f087caa99579b) C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
2011/06/17 20:45:15.0750 1300 bdfsfltr (70975049e22b2efec260816cf505e6e7) C:\WINDOWS\system32\drivers\bdfsfltr.sys
2011/06/17 20:45:16.0078 1300 bdftdif (a7bdb1958d9b8245a0ba83f46abb630c) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
2011/06/17 20:45:16.0390 1300 BDSelfPr (5eaf583c0b1cc2499761ea3b065f5db2) C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys
2011/06/17 20:45:16.0687 1300 BDVEDISK (bc79b27bc351436b07f57d80bec76036) C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys
2011/06/17 20:45:17.0281 1300 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/17 20:45:18.0390 1300 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/17 20:45:18.0890 1300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/17 20:45:19.0390 1300 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/17 20:45:19.0906 1300 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/17 20:45:20.0453 1300 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/17 20:45:21.0031 1300 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/17 20:45:21.0593 1300 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/17 20:45:22.0671 1300 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/17 20:45:23.0250 1300 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/17 20:45:23.0828 1300 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/17 20:45:24.0390 1300 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/17 20:45:24.0953 1300 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/17 20:45:25.0750 1300 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/17 20:45:26.0562 1300 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/17 20:45:27.0125 1300 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/17 20:45:27.0687 1300 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/17 20:45:28.0546 1300 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/17 20:45:29.0218 1300 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/17 20:45:29.0734 1300 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/06/17 20:45:30.0312 1300 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/06/17 20:45:30.0484 1300 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/06/17 20:45:31.0000 1300 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/06/17 20:45:31.0546 1300 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/17 20:45:32.0234 1300 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/17 20:45:32.0796 1300 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/17 20:45:33.0328 1300 FilterService (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/06/17 20:45:33.0921 1300 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/17 20:45:34.0453 1300 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/17 20:45:35.0015 1300 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/17 20:45:35.0578 1300 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/17 20:45:36.0156 1300 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/17 20:45:36.0703 1300 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/17 20:45:37.0234 1300 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/17 20:45:37.0796 1300 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/06/17 20:45:38.0437 1300 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/17 20:45:38.0968 1300 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/17 20:45:39.0546 1300 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/17 20:45:40.0109 1300 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/17 20:45:40.0640 1300 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/17 20:45:41.0250 1300 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/06/17 20:45:42.0125 1300 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/06/17 20:45:43.0015 1300 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/17 20:45:43.0609 1300 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/17 20:45:44.0156 1300 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/17 20:45:44.0703 1300 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/17 20:45:45.0265 1300 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/17 20:45:45.0843 1300 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/17 20:45:46.0359 1300 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/17 20:45:46.0906 1300 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/17 20:45:47.0453 1300 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/17 20:45:48.0000 1300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/17 20:45:48.0531 1300 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/17 20:45:49.0093 1300 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/17 20:45:49.0718 1300 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/17 20:45:50.0593 1300 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/17 20:45:51.0140 1300 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/17 20:45:51.0703 1300 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/17 20:45:52.0281 1300 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/17 20:45:52.0921 1300 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/17 20:45:54.0093 1300 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/06/17 20:45:54.0671 1300 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/06/17 20:45:55.0328 1300 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/06/17 20:45:57.0968 1300 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/06/17 20:46:00.0562 1300 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/17 20:46:01.0109 1300 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/17 20:46:01.0656 1300 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/17 20:46:02.0171 1300 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/06/17 20:46:02.0703 1300 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/17 20:46:03.0250 1300 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/17 20:46:03.0750 1300 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/17 20:46:04.0328 1300 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/17 20:46:05.0046 1300 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/17 20:46:05.0734 1300 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/17 20:46:06.0328 1300 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/17 20:46:06.0828 1300 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/17 20:46:07.0343 1300 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/17 20:46:07.0875 1300 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/17 20:46:08.0390 1300 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/17 20:46:08.0953 1300 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/17 20:46:09.0515 1300 MusCAudio (9cfdafe502c5d9efdb23cb55f32144b7) C:\WINDOWS\system32\drivers\MusCAudio.sys
2011/06/17 20:46:10.0093 1300 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/17 20:46:10.0703 1300 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/17 20:46:11.0296 1300 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/17 20:46:11.0828 1300 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/17 20:46:12.0359 1300 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/17 20:46:12.0921 1300 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/17 20:46:13.0500 1300 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/17 20:46:14.0078 1300 NEOFLTR_630_13725 (e6f4104575eb71b9ba53469f84ce7bbc) C:\WINDOWS\system32\Drivers\NEOFLTR_630_13725.SYS
2011/06/17 20:46:14.0687 1300 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/17 20:46:15.0296 1300 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/17 20:46:15.0968 1300 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/17 20:46:16.0656 1300 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/17 20:46:17.0359 1300 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/17 20:46:18.0484 1300 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/17 20:46:19.0609 1300 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/17 20:46:20.0125 1300 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/17 20:46:20.0687 1300 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/06/17 20:46:21.0812 1300 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/17 20:46:22.0343 1300 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/17 20:46:22.0859 1300 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/17 20:46:23.0406 1300 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/17 20:46:24.0437 1300 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/17 20:46:24.0984 1300 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/17 20:46:27.0468 1300 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/17 20:46:27.0984 1300 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/17 20:46:28.0546 1300 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/17 20:46:29.0625 1300 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/17 20:46:29.0781 1300 Profos (1bfe86c679a43994e36e623fb6898cdb) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
2011/06/17 20:46:30.0343 1300 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/17 20:46:30.0875 1300 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/17 20:46:31.0406 1300 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/17 20:46:31.0953 1300 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/17 20:46:32.0484 1300 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/17 20:46:33.0031 1300 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/17 20:46:33.0578 1300 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/17 20:46:34.0140 1300 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/17 20:46:34.0656 1300 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/17 20:46:35.0484 1300 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/17 20:46:36.0046 1300 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/17 20:46:36.0562 1300 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/17 20:46:37.0156 1300 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/17 20:46:37.0687 1300 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/17 20:46:38.0281 1300 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/17 20:46:38.0890 1300 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/17 20:46:39.0468 1300 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/17 20:46:40.0031 1300 RIOUNIV (f772c4ba29f4117d15c66f63d010d9f0) C:\WINDOWS\system32\Drivers\RIOUNIV.sys
2011/06/17 20:46:40.0718 1300 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/17 20:46:41.0281 1300 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/17 20:46:41.0812 1300 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/17 20:46:42.0421 1300 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/17 20:46:43.0484 1300 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/17 20:46:44.0046 1300 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/17 20:46:44.0750 1300 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/17 20:46:45.0437 1300 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/17 20:46:45.0968 1300 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/17 20:46:46.0546 1300 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/17 20:46:47.0234 1300 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/17 20:46:47.0843 1300 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/06/17 20:46:48.0375 1300 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/06/17 20:46:48.0937 1300 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/17 20:46:49.0468 1300 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/17 20:46:49.0984 1300 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/17 20:46:50.0531 1300 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/17 20:46:51.0093 1300 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/17 20:46:51.0656 1300 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/17 20:46:52.0187 1300 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/17 20:46:52.0734 1300 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/17 20:46:53.0390 1300 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/17 20:46:54.0031 1300 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/17 20:46:54.0531 1300 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/17 20:46:55.0046 1300 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/17 20:46:55.0546 1300 tfsnboio (75b30b9ea32fe7d8bbc332d3b944ad46) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/06/17 20:46:56.0031 1300 tfsncofs (b811a431b14694d88eb5befaa55b4501) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/06/17 20:46:56.0531 1300 tfsndrct (f5e2cf2144f1fe51dadd6e9063d311eb) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/06/17 20:46:57.0031 1300 tfsndres (e32b32045b6b914fd4caae8be6ca7e8a) C:\WINDOWS\system32\dla\tfsndres.sys
2011/06/17 20:46:57.0515 1300 tfsnifs (43034b10a94d1c6f13a1a0e848f51226) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/06/17 20:46:58.0062 1300 tfsnopio (f5ee0faafde37326ea35acbfa5defd3d) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/06/17 20:46:58.0562 1300 tfsnpool (597348eb65b3e19709e9a45ca2b30b61) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/06/17 20:46:59.0078 1300 tfsnudf (767affd52432a0f7e7d39f6ff64401f4) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/06/17 20:46:59.0625 1300 tfsnudfa (2806b2fd00263ccd90cc0638c6139eb0) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/06/17 20:47:00.0187 1300 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/17 20:47:00.0359 1300 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
2011/06/17 20:47:00.0953 1300 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/17 20:47:01.0484 1300 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/17 20:47:02.0140 1300 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/17 20:47:02.0828 1300 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/17 20:47:03.0421 1300 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/17 20:47:03.0984 1300 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/17 20:47:04.0515 1300 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/17 20:47:05.0062 1300 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/17 20:47:05.0593 1300 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/17 20:47:06.0125 1300 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/17 20:47:06.0640 1300 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/17 20:47:07.0140 1300 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/17 20:47:07.0671 1300 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/17 20:47:08.0234 1300 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/17 20:47:08.0750 1300 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/17 20:47:09.0281 1300 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/17 20:47:09.0796 1300 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/17 20:47:10.0406 1300 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/17 20:47:10.0968 1300 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/06/17 20:47:11.0984 1300 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/17 20:47:12.0578 1300 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
2011/06/17 20:47:13.0328 1300 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/17 20:47:14.0234 1300 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/17 20:47:14.0406 1300 MBR (0x1B8) (87f75abb087c82bee3a1fbec42bbabd0) \Device\Harddisk0\DR0
2011/06/17 20:47:14.0421 1300 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/17 20:47:14.0453 1300 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
2011/06/17 20:47:14.0640 1300 ================================================================================
2011/06/17 20:47:14.0640 1300 Scan finished
2011/06/17 20:47:14.0640 1300 ================================================================================
2011/06/17 20:47:14.0687 1292 Detected object count: 1
2011/06/17 20:47:14.0687 1292 Actual detected object count: 1
2011/06/17 20:47:31.0468 1292 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/17 20:47:31.0468 1292 \Device\Harddisk0\DR0 - ok
2011/06/17 20:47:31.0468 1292 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/17 20:47:55.0828 1272 Deinitialize success
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 185):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 aliide.sys
0xF798D000 cmdide.sys
0xF798F000 toside.sys
0xF7991000 viaide.sys
0xF7993000 intelide.sys
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF7995000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF789B000 cpqarray.sys
0xF749A000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7482000 atapi.sys
0xF789F000 aha154x.sys
0xF7717000 sparrow.sys
0xF78A3000 symc810.sys
0xF7627000 aic78xx.sys
0xF78A7000 dac960nt.sys
0xF7637000 ql10wnt.sys
0xF78AB000 amsint.sys
0xF771F000 asc.sys
0xF78AF000 asc3550.sys
0xF7727000 mraid35x.sys
0xF772F000 i2omp.sys
0xF78B3000 ini910u.sys
0xF7647000 ql1240.sys
0xF7657000 aic78u2.sys
0xF7737000 symc8xx.sys
0xF773F000 sym_hi.sys
0xF7747000 sym_u3.sys
0xF774F000 ABP480N5.SYS
0xF7757000 asc3350p.sys
0xF7997000 cd20xrnt.sys
0xF7667000 ultra.sys
0xF786E000 adpu160m.sys
0xF775F000 dpti2o.sys
0xF7677000 ql1080.sys
0xF7687000 ql1280.sys
0xF7697000 ql12160.sys
0xF7767000 perc2.sys
0xF7999000 perc2hib.sys
0xF776F000 hpn.sys
0xF78B7000 cbidf2k.sys
0xF7842000 dac2w2k.sys
0xF76A7000 disk.sys
0xF76B7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7967000 fltmgr.sys
0xF7830000 sr.sys
0xF7952000 drvmcdb.sys
0xF76C7000 PxHelp20.sys
0xF7A38000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7A0B000 NDIS.sys
0xF76D7000 sisagp.sys
0xF76E7000 viaagp.sys
0xF7B38000 Mup.sys
0xF76F7000 agp440.sys
0xF7587000 alim1541.sys
0xF7577000 amdagp.sys
0xF7567000 agpCPQ.sys
0xB9F5C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9760000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB974C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA68F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9728000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA687000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB96F4000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB96D1000 \SystemRoot\system32\DRIVERS\ks.sys
0xB95D2000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB952B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA67F000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9505000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xB946F000 \SystemRoot\system32\drivers\smwdm.sys
0xB944B000 \SystemRoot\system32\drivers\portcls.sys
0xF7537000 \SystemRoot\system32\drivers\drmk.sys
0xF79C7000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7527000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA677000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA66F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9437000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7517000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA6D7000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7507000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA667000 \SystemRoot\system32\drivers\Afc.sys
0xBA6D3000 \SystemRoot\system32\drivers\pfc.sys
0xF79CB000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF74F7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7472000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7797000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF7AB3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7462000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA6C7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9420000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7452000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7442000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF779F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB940F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7432000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xB938F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7422000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB9377000 \SystemRoot\system32\DRIVERS\bdfndisf.sys
0xF79CF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9319000 \SystemRoot\system32\DRIVERS\update.sys
0xBA0A3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\omci.sys
0xF7887000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA7F0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79D3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF794B000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xBA730000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79D7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA41E000 \SystemRoot\System32\Drivers\Null.SYS
0xF79D9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77CF000 \SystemRoot\system32\drivers\ssrtln.sys
0xF77D7000 \SystemRoot\System32\drivers\vga.sys
0xF79DB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79DD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77DF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77E7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA728000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB1276000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB121D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA7C0000 \??\C:\WINDOWS\system32\Drivers\NEOFLTR_630_13725.SYS
0xB11F7000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA7B0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB11D7000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
0xB11AF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB118D000 \SystemRoot\System32\drivers\afd.sys
0xBA790000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB1162000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB10F2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA780000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA760000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB10DA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79F5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB12E9000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA6A7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA08B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04A000 \SystemRoot\System32\ati2cqag.dll
0xBF084000 \SystemRoot\System32\ati3duag.dll
0xBF2A7000 \SystemRoot\System32\ativvaxx.dll
0xBF31C000 \SystemRoot\System32\ATMFD.DLL
0xB9F8C000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7A65000 \SystemRoot\system32\dla\tfsndres.sys
0xAFF5C000 \SystemRoot\system32\dla\tfsnifs.sys
0xAFFFA000 \SystemRoot\system32\dla\tfsnopio.sys
0xF79CD000 \SystemRoot\system32\dla\tfsnpool.sys
0xB93CF000 \SystemRoot\system32\dla\tfsnboio.sys
0xB9F7C000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7A67000 \SystemRoot\system32\dla\tfsndrct.sys
0xAFF43000 \SystemRoot\system32\dla\tfsnudf.sys
0xAFF2A000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAFE62000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAFBCD000 \SystemRoot\system32\drivers\wdmaud.sys
0xAFEAA000 \SystemRoot\system32\drivers\sysaudio.sys
0xAF9BA000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAF867000 \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys
0xB9847000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xAF567000 \SystemRoot\system32\DRIVERS\srv.sys
0xAFC02000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAF005000 \SystemRoot\system32\drivers\bdfsfltr.sys
0xBA6AF000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xAEE15000 \SystemRoot\System32\Drivers\HTTP.sys
0xAEDD1000 \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys
0xAEB2B000 \SystemRoot\system32\drivers\bdfm.sys
0xAEB00000 \SystemRoot\system32\drivers\kmixer.sys
0xAEADC000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll
Processes (total 51):
0 System Idle Process
4 System
872 C:\WINDOWS\SYSTEM32\smss.exe
920 csrss.exe
944 C:\WINDOWS\SYSTEM32\winlogon.exe
988 C:\WINDOWS\SYSTEM32\services.exe
1000 C:\WINDOWS\SYSTEM32\lsass.exe
1196 C:\WINDOWS\SYSTEM32\svchost.exe
1260 svchost.exe
1384 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
1436 C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
1524 C:\WINDOWS\SYSTEM32\svchost.exe
1596 svchost.exe
1680 svchost.exe
1872 C:\WINDOWS\SYSTEM32\spoolsv.exe
520 svchost.exe
604 C:\WINDOWS\explorer.exe
624 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
648 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
892 C:\Program Files\Bonjour\mDNSResponder.exe
1360 C:\WINDOWS\SYSTEM32\svchost.exe
1488 C:\WINDOWS\SYSTEM32\svchost.exe
1556 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1988 C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
180 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
204 C:\Program Files\QuickTime\QTTask.exe
1756 C:\Program Files\iTunes\iTunesHelper.exe
224 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
1592 C:\WINDOWS\SYSTEM32\ctfmon.exe
284 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
308 C:\Program Files\Messenger\msmsgs.exe
416 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
768 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
2064 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
2324 C:\WINDOWS\SYSTEM32\svchost.exe
2520 C:\WINDOWS\SYSTEM32\svchost.exe
2668 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2908 C:\WINDOWS\SYSTEM32\svchost.exe
2988 wdfmgr.exe
3036 C:\WINDOWS\wanmpsvc.exe
3148 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3376 C:\WINDOWS\SYSTEM32\wuauclt.exe
3460 C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
3532 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2856 C:\Program Files\iPod\bin\iPodService.exe
904 alg.exe
1648 C:\WINDOWS\SYSTEM32\msiexec.exe
3096 C:\WINDOWS\SYSTEM32\wscntfy.exe
1248 wmiprvse.exe
3448 C:\Program Files\Google\Update\GoogleUpdate.exe
1420 C:\Documents and Settings\Pete\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST380013AS, Rev: 8.12
PhysicalDrive1 Model Number: ST3120026AS, Rev: 3.56
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365
111 GB \\.\PhysicalDrive1 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
Done!
ComboFix 11-06-17.04 - Pete 06/17/2011 21:20:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2581 [GMT -7:00]
Running from: c:\documents and settings\Pete\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Derek\Application Data\Mozilla\Firefox\Profiles\gq61dpo4.default\extensions\{00638964-a227-4a4a-9360-6a55b05751b7}
c:\documents and settings\Derek\Application Data\Mozilla\Firefox\Profiles\gq61dpo4.default\extensions\{00638964-a227-4a4a-9360-6a55b05751b7}\chrome\xulcache.jar
c:\documents and settings\Derek\Application Data\Mozilla\Firefox\Profiles\gq61dpo4.default\extensions\{00638964-a227-4a4a-9360-6a55b05751b7}\defaults\preferences\xulcache.js
c:\documents and settings\Derek\Application Data\Mozilla\Firefox\Profiles\gq61dpo4.default\extensions\{00638964-a227-4a4a-9360-6a55b05751b7}\install.rdf
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\7l674wmo.default\extensions\{00638964-a227-4a4a-9360-6a55b05751b7}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\7l674wmo.default\extensions\{00638964-a227-4a4a-9360-6a55b05751b7}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\7l674wmo.default\extensions\{00638964-a227-4a4a-9360-6a55b05751b7}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\7l674wmo.default\extensions\{00638964-a227-4a4a-9360-6a55b05751b7}\install.rdf
c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\4p0usagx.default\extensions\{00638964-a227-4a4a-9360-6a55b05751b7}
c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\4p0usagx.default\extensions\{00638964-a227-4a4a-9360-6a55b05751b7}\chrome\xulcache.jar
c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\4p0usagx.default\extensions\{00638964-a227-4a4a-9360-6a55b05751b7}\defaults\preferences\xulcache.js
c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\4p0usagx.default\extensions\{00638964-a227-4a4a-9360-6a55b05751b7}\install.rdf
c:\documents and settings\Pete\g2mdlhlpx.exe
c:\documents and settings\Pete\WINDOWS
c:\program files\MyWaySA
.
.
((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-18 03:56 . 2011-06-18 03:56 -------- d-----w- c:\windows\LastGood
2011-06-15 03:51 . 2011-06-15 03:51 -------- d-----w- c:\program files\ERUNT
2011-06-14 04:34 . 2011-06-14 04:34 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-11 03:27 . 2011-06-11 03:27 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-06-11 03:03 . 2011-06-11 03:03 0 ---ha-w- c:\documents and settings\Pete\fjgbsydevb.tmp
2011-05-27 23:20 . 2011-05-27 23:20 -------- d-----w- c:\documents and settings\Pete\Local Settings\Application Data\Garmin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-26 23:02 . 2011-03-26 23:02 264768 ----a-w- c:\windows\system32\bda12F3.tmp
2003-03-05 05:59 . 2005-05-29 03:40 16204762 ------w- c:\program files\DVD Wizard Pro Complete.exe
2002-04-14 19:20 . 2005-05-29 03:40 3115916 ------w- c:\program files\dvdwpro.exe
2011-01-18 16:09 . 2009-08-09 03:50 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 06:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\America Online 9.0a\AOL.EXE" [2005-07-12 50776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-29 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2011-01-18 843144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
c:\documents and settings\Pete\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pete^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Pete\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2005-07-12 05:17 50776 ------w- c:\program files\America Online 9.0a\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-25 18:52 339968 ------w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
2009-02-23 18:30 69632 ----a-w- c:\program files\BitDefender\BitDefender 2009\IEShow.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ------w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-11-16 09:05 127035 ------w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-08-24 00:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro8Agent]
2008-09-11 12:27 189056 ------w- c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ------w- c:\program files\Common Files\AOL\1127796691\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 03:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 18:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 23:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-05 04:03 136600 ------w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-29 18:17 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 07:01 110592 ------w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VSSERV"=2 (0x2)
"RioMSC"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IntuitUpdateService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9d129e73f31b4"=2 (0x2)
"EPSONStatusAgent2"=2 (0x2)
"DSBrokerService"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"=
"c:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127796691\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127796691\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{B1054C0C-0C16-41E1-8A9D-35F065793E92}\\setup\\hpznui01.exe"=
.
R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\SYSTEM32\DRIVERS\NEOFLTR_630_13725.sys [11/21/2008 1:37 AM 64480]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [10/6/2008 6:16 PM 82696]
R3 bdfm;BDFM;c:\windows\SYSTEM32\DRIVERS\bdfm.sys [9/18/2008 12:09 PM 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\SYSTEM32\DRIVERS\bdfndisf.sys [2/12/2009 4:52 PM 104456]
S2 gupdate1c9d129e73f31b4;Google Update Service (gupdate1c9d129e73f31b4);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2009 9:43 PM 133104]
S2 portD;ABS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys --> c:\windows\system32\DRIVERS\portd2k.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [1/20/2009 7:16 PM 172032]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2009 9:43 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 MusCAudio;MusCAudio;c:\windows\SYSTEM32\DRIVERS\MusCAudio.sys [7/3/2009 9:36 PM 23096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
.
2011-06-12 c:\windows\Tasks\GBM - New Backup Job-Full.job
- c:\program files\Genie-Soft\GBMPro8\GBM8.exe [2008-07-21 12:27]
.
2011-06-12 c:\windows\Tasks\GBM - Weekly started 6-23-09-Full.job
- c:\program files\Genie-Soft\GBMPro8\GBM8.exe [2008-07-21 12:27]
.
2011-06-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-25 23:15]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 04:43]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 04:43]
.
2011-06-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 06:44]
.
2011-06-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 05:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.1.100:8080/DvrOcx.cab
FF - ProfilePath - c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\4p0usagx.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/28200/aol/en-us/Suite.aspx|http://www.aol.com/
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-gStart - c:\garmin\gStart.exe
AddRemove-MapOverlay Plugin_is1 - c:\documents and settings\All Users\Application Data\ZoneFiveSoftware\SportTracks\2.0\Plugins\Installed\0d1e39ae-cd7f-4d03-a0a6-1cd3b9e0fa3e\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 21:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7CACDF5A-0E2D-A998-38B4B1D490EAE887}\{83892839-8EE2-C547-3E6DBF0265E34072}\{B9A8F094-A05A-7BFC-2DD781993331EE07}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8CD4472C-E90F-9EEE-8658179FAD84CDE4}\{86C14694-A4A0-6014-B9D2B6867C4357D1}\{413E2BB7-2C4D-BBD1-7F39BC4CF716110E}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
Completion time: 2011-06-17 21:32:32
ComboFix-quarantined-files.txt 2011-06-18 04:32
.
Pre-Run: 3,592,130,560 bytes free
Post-Run: 4,600,913,920 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DD2788608EAA118543F8F47EF5ABEE86
redcar92
2011-06-19, 03:56
Hello pshloss,
Things are looking better already.
I see that you have the Asktoolbar installed on your PC. This is not malware as such but it can be a nuisance. You can remove this by going to Control Panel -> Add or Remove Programs, scroll down to Ask Toolbar and remove.
Next
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
Next
Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/mbam/mbam-setup.exe).
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Next
Please use Internet Explorer to download and run the following scan: Eset Online Scanner (http://www.eset.com/onlinescan/)
Place a check mark in the box YES, I accept the Terms Of Use
Click the Start button.
Now click the Install button.
Click Start. The scanner engine will initialize and update.
Do Not place a check mark in the box beside Remove found threats.
Click the Scan button. The scan will now run, please be patient.
When the scan finishes if there are any infections you will see a List of found threats.
Click Export to text file
Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
If no threats are found there will be no list, this is good, just tell me that no threats were found.
Logs to post:
mbam.txt
results of ESET scan if any
How is PC behaving now.
Bill,
I uninstalled Ask Toolbar and Bing Bar.
I followed the remaining instructions successfully. The ESET scanner did find threats, so I guess we are not done. Computer is working pretty well. Will boot normally, connect to internet, etc. My HP 8500 Officejet printer (USB) is not connecting, but it has been finicky for a while- not sure this is related. Have not done any troubleshooting on that yet. Here are logs:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6893
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/18/2011 11:04:20 PM
mbam-log-2011-06-18 (23-04-20).txt
Scan type: Quick scan
Objects scanned: 202273
Time elapsed: 6 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWaySearchAssistantDE.Auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWaySearchAssistantDE.Auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ESET SCAN FOUND THREATS:
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acslang.exe probably a variant of Win32/StartPage.HSZAKFT trojan
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe probably a variant of Win32/StartPage.HSZAKFT trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2293\A0286547.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2293\A0286548.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2293\A0286549.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2293\A0286550.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2295\A0286586.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2295\A0286587.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2295\A0286588.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2295\A0286589.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2298\A0287839.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2298\A0287840.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2298\A0287841.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2298\A0287842.manifest Win32/TrojanDownloader.Tracur.F trojan
redcar92
2011-06-19, 21:40
Greetings pshloss,
Great going, now. :bigthumb: ESET showed a list of files, all but the first two will be removed shortly, but we need to check the first two.
Go to My Computer-> Tools-> Folder Options-> View tab:
Under the Hidden files and folders heading:
Select - Show hidden files and folders.
Uncheck- Hide protected operating system files (recommended) option.
Also, make sure there is no checkmark beside Hide file extensions for known file types.
Click OK. (Remember to Hide files and folders once done)
Please go to one of the below sites to scan the following files:
jotti.org (http://virusscan.jotti.org/)
Kaspersky Virus File Scanner (http://www.kaspersky.com/scanforvirus.html )
Virus Total (http://www.virustotal.com)
click on Browse, and upload the following file for analysis:
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acslang.exe
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe
Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
Bill, I ran jotti and here are the results:
acslang.exe Sophos found Malware/Generic-L
acssetup.exe CleanAV found Trojan Agent-169695
I attached screen shots- I think.
redcar92
2011-06-20, 05:00
Hello pshloss,
The 2 file are false positives, ie they may appear to be bad but really isn't. So onward now. :yes:
Your Java appears to be down level.
Navigate to Control Panel then open on Programs and Features (Vista / Windows7), or Add Remove Programs (XP).
Highlight each Java item listed then Remove or Uninstall.
Visit this site (http://www.java.com/en/download/index.jsp) to down load and install the latest Java.
Next
Your Adobe appears to be down level also.
Please visit this site Click on the Adobe Reader icon on the right side and you will be presented with the correct Adobe for your system.
Down load and install this Adobe please.
Please let me know when done and we will continue.
Bill,
Java removal and re-install went fine. Now at Java 6 Update 26. Had problems with Adobe Reader, though. I uninstalled version 9, then went to http://get.adobe.com/reader/ (you didn't give me a link- I think you meant to). That site's download tried to install an Active X, but the Publisher was Unknown and IE8 blocked it. I tried to adjust some security settings for Active X but that just seemed to make it worse, so I changed them back. So no Adobe reader at the moment.
Also, I just wanted to remind you there were 12 other threats the ESET scan identified and you said would be removed shortly. Do I need to do something about those?
I really appreciate the help!
Pete
redcar92
2011-06-20, 06:23
Pete, my apologies:red::scratch:
It should be
Your Adobe appears to be down level
Please visit this site (http://www.adobe.com/downloads/) Click on the Adobe Reader icon on the right side and you will be presented with the correct Adobe for your system.
Down load and install this Adobe please.
When we remove combofix those other 12 nasties will go also.
Bill, it turns out it is the same site. Anyway, I am getting an error (see attached screen shot) when I try to download. This started after I messed with the IE8 Active X security settings, but I changed them back right away. I tried Firefox and rebooting and no dice.
redcar92
2011-06-20, 20:37
Alright Pete,
Let's see if we can get you back on track.
First
Go to, Control Panel/Add Remove Programs and remove the Adobe Download Manager Software.
Further, click Start/Search/All Files and Folders and type getPlus in the file name line and hit the Search button.
Right click and delete/remove any files that have getPlus in the title.
When done try to updated your Adobe and let me know results.
Bill,
Whew! OK, was able to get remants of getplus removed and Adobe Reader X, version 10.1.0 installed and tested OK.:bigthumb:
Ready for the next step!
Pete
One more thing...the installer mentioned that my hard drive needs to be defragmented therefore performance would be slower than usual.
redcar92
2011-06-21, 17:19
Way to go Pete, :bigthumb:
Things are looking good from my end but I would like one last DDS log please.
Double click dds.scr to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
Please include the contents of the following in your reply using Copy / Paste:
DDS.txt
Bill here are DDS scan results (dds.txt and attach.txt):
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Pete at 21:16:42 on 2011-06-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2189 [GMT -7:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ipswitch\ws_ftp home\wsbho2k0.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [AOL Fast Start] "c:\program files\america online 9.0a\AOL.EXE" -b
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/aolpPlugins.10.6.0.6.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.1.100:8080/DvrOcx.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://rsvpn.raytheon.com/dana-cached/setup/JuniperSetupSP1.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D2615061-B9A2-47D2-91AB-A134C0EBFAE1} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pete\application data\mozilla\firefox\profiles\4p0usagx.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/28200/aol/en-us/Suite.aspx|http://www.aol.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [2008-11-21 64480]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104456]
S2 gupdate1c9d129e73f31b4;Google Update Service (gupdate1c9d129e73f31b4);c:\program files\google\update\GoogleUpdate.exe [2009-5-9 133104]
S2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys --> c:\windows\system32\drivers\portd2k.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-9 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-18 39984]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-7-3 23096]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2011-06-20 03:02:32 29544 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2011-06-20 02:45:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-20 02:45:37 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-20 02:45:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-19 06:13:59 -------- d-----w- c:\program files\ESET
2011-06-19 05:54:50 -------- d-----w- c:\documents and settings\pete\application data\Malwarebytes
2011-06-19 05:54:43 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-19 05:54:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-19 05:54:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 05:54:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-18 04:18:03 -------- d-sha-r- C:\cmdcons
2011-06-18 04:10:14 98816 ----a-w- c:\windows\sed.exe
2011-06-18 04:10:14 518144 ----a-w- c:\windows\SWREG.exe
2011-06-18 04:10:14 256512 ----a-w- c:\windows\PEV.exe
2011-06-18 04:10:14 208896 ----a-w- c:\windows\MBR.exe
2011-06-18 03:54:29 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-14 04:34:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-14 04:34:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-11 03:03:22 0 ---ha-w- c:\documents and settings\pete\fjgbsydevb.tmp
2011-06-06 19:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-06 19:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-05-27 23:20:15 -------- d-----w- c:\documents and settings\pete\local settings\application data\Garmin
.
==================== Find3M ====================
.
2011-06-21 03:51:32 81984 ----a-w- c:\windows\system32\bdod.bin
2011-05-02 15:31:52 692736 ------w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ------w- c:\windows\system32\drivers\mup.sys
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2003-03-05 05:59:22 16204762 ------w- c:\program files\DVD Wizard Pro Complete.exe
2002-04-14 19:20:00 3115916 ------w- c:\program files\dvdwpro.exe
.
============= FINISH: 21:18:22.20 ===============
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Pete at 21:16:42 on 2011-06-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2189 [GMT -7:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ipswitch\ws_ftp home\wsbho2k0.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [AOL Fast Start] "c:\program files\america online 9.0a\AOL.EXE" -b
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/aolpPlugins.10.6.0.6.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.1.100:8080/DvrOcx.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://rsvpn.raytheon.com/dana-cached/setup/JuniperSetupSP1.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D2615061-B9A2-47D2-91AB-A134C0EBFAE1} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pete\application data\mozilla\firefox\profiles\4p0usagx.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/28200/aol/en-us/Suite.aspx|http://www.aol.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [2008-11-21 64480]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104456]
S2 gupdate1c9d129e73f31b4;Google Update Service (gupdate1c9d129e73f31b4);c:\program files\google\update\GoogleUpdate.exe [2009-5-9 133104]
S2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys --> c:\windows\system32\drivers\portd2k.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-9 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-18 39984]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-7-3 23096]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2011-06-20 03:02:32 29544 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2011-06-20 02:45:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-20 02:45:37 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-20 02:45:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-19 06:13:59 -------- d-----w- c:\program files\ESET
2011-06-19 05:54:50 -------- d-----w- c:\documents and settings\pete\application data\Malwarebytes
2011-06-19 05:54:43 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-19 05:54:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-19 05:54:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 05:54:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-18 04:18:03 -------- d-sha-r- C:\cmdcons
2011-06-18 04:10:14 98816 ----a-w- c:\windows\sed.exe
2011-06-18 04:10:14 518144 ----a-w- c:\windows\SWREG.exe
2011-06-18 04:10:14 256512 ----a-w- c:\windows\PEV.exe
2011-06-18 04:10:14 208896 ----a-w- c:\windows\MBR.exe
2011-06-18 03:54:29 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-14 04:34:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-14 04:34:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-11 03:03:22 0 ---ha-w- c:\documents and settings\pete\fjgbsydevb.tmp
2011-06-06 19:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-06 19:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-05-27 23:20:15 -------- d-----w- c:\documents and settings\pete\local settings\application data\Garmin
.
==================== Find3M ====================
.
2011-06-21 03:51:32 81984 ----a-w- c:\windows\system32\bdod.bin
2011-05-02 15:31:52 692736 ------w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ------w- c:\windows\system32\drivers\mup.sys
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2003-03-05 05:59:22 16204762 ------w- c:\program files\DVD Wizard Pro Complete.exe
2002-04-14 19:20:00 3115916 ------w- c:\program files\dvdwpro.exe
.
============= FINISH: 21:18:22.20 ===============
redcar92
2011-06-23, 03:32
Hello pshloss,
Things are looking from this end, :bigthumb: so let's do some cleanup now.:cleaning:
The following will implement some cleanup procedures as well as reset System Restore points and remove those 12 files shown in ESET report:
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
Reinable Anti-virus now please.
On your desktop Right click and select delete on the following files:
TDSSKILLER.zip
TDSSKILLER.exe
TDSSKILLER.txt
MBRCHECK.exe
MBRCHECK.txt
DDS.scr
DDS.txt
Attach.txt
You should keep TFC, ERUNT, Malwarebytes and ESET. Update and run these programs on a regular basis to keep your PC running well.
Congratulations, your PC looks ALL CLEAN,:yes::yahoo::2thumb: below I have included a number of recommendations for how to protect your computer against malware infections.
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them (http://www.microsoft.com/protect/yourself/password/create.mspx) Then consider a password keeper (http://keepass.info/), to keep all your passwords safe.
Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
Download TFC to your desktop (http://oldtimer.geekstogo.com/TFC.exe)
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.
WOT, Web of Trust (http://www.mywot.com/), warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Should you have any more questions or issues please post to this topic soon as it will close in a few days if no response.
Thanks Pete, for your hard work and patience.
[
Green to go
Yellow for caution
Red to stop
WOT has an addon available for both Firefox and IE
Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (http://www.snapfiles.com/get/erunt.html) (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention. (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
PC Safety and Security--What Do I Need?. (http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html)
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.
If you have any questions or issues please post now. This topic will close a few days after the last post.
Pete, thank you for your hard work and patience. :greeting:
Bill, clean-up step went fine. Thanks so much for your help! I will study the recommendations for protection over the next few days and see if I have any questions on them.
The only questions I have right now is: what was the original infection? Do you have an idea how it is spread? which tool removed it?
Thanks again,
Pete