Jump to content


Photo

winkopoqk.exe (Trojan.Downloader)


  • This topic is locked This topic is locked
10 replies to this topic

#1 knowsnothin

knowsnothin

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 26 January 2012 - 06:47 PM

Hi Guys
My PC is infected with this Trojan (winkopoqk.exe Trojan.Downloader)
Malewarebytes found the Trojan, but is unable to delete it
Every time I reboot my PC its back, but with a different name
Please can some one help me to get ridof it
The full Malewarebytes log is below

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.26.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: HOME [administrator]

26/01/2012 20:03:55
mbam-log-2012-01-26 (20-36-25).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226417
Time elapsed: 24 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Michael\Local Settings\temp\winkopoqk.exe (Trojan.Downloader) -> No action taken.

(end)

Edit: Please read the Forum FAQ and post the other requested logs. We need the information in order to help you.

Edited by cnm, 26 January 2012 - 06:48 PM.


#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,269 posts

Posted 27 January 2012 - 01:19 PM

Hello knowsnothing.

Please run Malewarebytes (MBAM) again. When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

After that, Please read the Forum FAQ and post the other requested logs. We need the information in order to help you.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 knowsnothin

knowsnothin

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 28 January 2012 - 06:52 AM

Hello knowsnothing.

Please run Malewarebytes (MBAM) again. When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

After that, Please read the Forum FAQ and post the other requested logs. We need the information in order to help you.



Hi cnm
Thanks for helping me
The logs requested are below

DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Michael at 10:53:16 on 2012-01-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.708 [GMT 0:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
D:\usb stick\LaunchU3.exe
svchost.exe
D:\Diskeeper 9 profesional\DkService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\TEMP\winkxjx.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [DiskeeperSystray] "d:\diskeeper 9 profesional\DkIcon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\launch~1.lnk - c:\documents and settings\michael\application data\microsoft\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1326729870309
TCP: Interfaces\{E4C5D842-07E5-4C95-847E-AE4E06B8E3C9} : DhcpNameServer = 192.168.1.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\fnihmp.sys --> c:\windows\system32\drivers\fnihmp.sys [?]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2012-1-17 13225]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-15 2330944]
S3 PciCon;PciCon;\??\j:\pcicon.sys --> j:\PciCon.sys [?]
.
=============== Created Last 30 ================
.
2012-01-26 23:31:36 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-26 15:04:07 -------- d-----w- c:\documents and settings\michael\local settings\application data\Adobe
2012-01-25 21:09:19 -------- d-----w- c:\documents and settings\michael\local settings\application data\WinZip
2012-01-24 20:43:41 -------- d-----w- C:\ComboFix
2012-01-24 13:39:36 -------- d-sh--w- c:\documents and settings\michael\IECompatCache
2012-01-24 12:28:45 -------- d-----w- c:\program files\Microsoft ActiveSync
2012-01-24 12:28:40 -------- d-----w- c:\windows\ShellNew
2012-01-21 18:17:52 -------- d-----w- c:\program files\CCleaner
2012-01-21 14:04:31 -------- d-sha-r- C:\cmdcons
2012-01-21 14:03:34 98816 ----a-w- c:\windows\sed.exe
2012-01-21 14:03:34 518144 ----a-w- c:\windows\SWREG.exe
2012-01-21 14:03:34 256000 ----a-w- c:\windows\PEV.exe
2012-01-21 14:03:34 208896 ----a-w- c:\windows\MBR.exe
2012-01-20 18:42:43 -------- d-----w- c:\windows\system32\MpEngineStore
2012-01-19 16:31:19 -------- d-----w- c:\documents and settings\michael\application data\Windows Search
2012-01-18 12:43:29 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2012-01-18 12:43:29 446464 ----a-w- c:\windows\system32\nvuninst.exe
2012-01-18 12:18:47 -------- d-----w- c:\documents and settings\michael\local settings\application data\ApplicationHistory
2012-01-18 12:00:50 -------- d-----w- c:\windows\system32\XPSViewer
2012-01-18 12:00:30 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-18 12:00:21 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-01-18 12:00:21 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-01-18 12:00:21 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-01-18 12:00:21 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-01-18 12:00:21 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-01-18 12:00:21 117760 ------w- c:\windows\system32\prntvpt.dll
2012-01-18 12:00:20 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-01-18 12:00:20 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-01-18 11:57:35 -------- d-----w- c:\documents and settings\michael\application data\Windows Desktop Search
2012-01-18 11:57:17 -------- d-----w- c:\windows\system32\GroupPolicy
2012-01-18 11:57:17 -------- d-----w- c:\program files\Windows Desktop Search
2012-01-18 11:56:14 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2012-01-18 11:56:13 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2012-01-18 11:56:13 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2012-01-18 11:55:57 -------- d-----w- c:\program files\Windows Media Connect 2
2012-01-18 11:55:02 -------- d-----w- c:\windows\system32\LogFiles
2012-01-18 11:53:48 -------- d-----w- c:\windows\system32\URTTemp
2012-01-18 11:53:32 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-01-18 11:18:36 -------- d-----w- c:\windows\pss
2012-01-17 20:32:29 13225 ----a-w- c:\windows\system32\drivers\Razerlow.sys
2012-01-17 20:23:25 57344 ----a-w- c:\windows\system32\razer.cpl
2012-01-17 18:40:34 -------- d-----w- c:\windows\Downloaded Installations
2012-01-17 18:39:47 299520 ----a-w- c:\windows\uninst.exe
2012-01-16 20:04:03 -------- d-----w- c:\documents and settings\michael\application data\Malwarebytes
2012-01-16 20:03:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-16 20:03:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 19:11:44 -------- d-----w- c:\program files\BT Broadband Desktop Help
2012-01-16 19:02:00 -------- d-----w- c:\documents and settings\michael\local settings\application data\Temp
2012-01-16 18:57:02 -------- d-----w- c:\documents and settings\michael\local settings\application data\Google
2012-01-16 18:56:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-16 17:56:13 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-16 17:56:09 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-01-16 17:55:36 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-01-16 17:53:24 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-01-16 17:53:08 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-01-16 17:52:44 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-01-16 17:52:43 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-01-16 17:52:09 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-01-16 17:47:36 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-01-16 17:47:36 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2012-01-16 17:47:34 -------- d-----w- c:\windows\system32\Lang
2012-01-16 17:36:56 -------- d-----w- c:\windows\system32\scripting
2012-01-16 17:36:56 -------- d-----w- c:\windows\l2schemas
2012-01-16 17:36:55 -------- d-----w- c:\windows\system32\en
2012-01-16 17:36:55 -------- d-----w- c:\windows\system32\bits
2012-01-16 17:33:33 -------- d-----w- c:\windows\network diagnostic
2012-01-16 17:19:59 12800 ------w- c:\windows\system32\credssp.dll
2012-01-16 17:19:58 7168 ------w- c:\windows\system32\bitsprx4.dll
2012-01-16 17:19:58 542720 -c----w- c:\windows\system32\dllcache\blackbox.dll
2012-01-16 17:19:58 233472 ------w- c:\windows\system32\azroles.dll
2012-01-16 17:19:58 229376 -c----w- c:\windows\system32\dllcache\cewmdm.dll
2012-01-16 17:19:57 7168 -c----w- c:\windows\system32\dllcache\asferror.dll
2012-01-16 17:19:56 136192 ------w- c:\windows\system32\aaclient.dll
2012-01-16 17:08:05 -------- d-sh--w- c:\documents and settings\michael\PrivacIE
2012-01-16 17:06:23 -------- d-sh--w- c:\documents and settings\michael\IETldCache
2012-01-16 16:51:47 -------- d-----w- c:\windows\ie8updates
2012-01-16 16:51:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-16 16:51:42 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-01-16 16:51:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-01-16 16:51:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-16 16:51:42 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-01-16 16:51:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-01-16 16:51:42 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-01-16 16:50:21 -------- dc-h--w- c:\windows\ie8
2012-01-16 16:38:46 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-01-16 16:37:36 371200 ------w- c:\windows\system32\browserchoice.exe
2012-01-16 16:36:38 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-01-16 16:36:33 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-01-16 16:36:17 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-01-16 16:35:35 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-01-16 16:35:35 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-01-16 16:35:26 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-01-16 16:33:45 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-01-16 16:32:41 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2012-01-16 16:30:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-01-16 16:30:37 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-01-16 16:30:32 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-01-16 16:29:52 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-01-16 16:29:48 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-01-16 16:23:18 -------- d-----w- c:\windows\system32\PreInstall
2012-01-16 16:23:16 -------- d--h--w- c:\windows\$hf_mig$
2012-01-16 16:04:59 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-01-16 16:04:58 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-01-16 16:04:58 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-01-16 16:04:58 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-01-16 16:04:58 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-01-16 16:03:15 -------- d-sh--w- c:\documents and settings\michael\UserData
2012-01-16 15:59:23 69120 ----a-r- c:\windows\system32\SilSupp.cpl
2012-01-16 15:59:23 211496 ----a-w- c:\windows\system32\drivers\Si3114r5.sys
2012-01-16 15:59:23 17064 ----a-w- c:\windows\system32\drivers\SiWinAcc.sys
2012-01-16 15:57:58 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2012-01-16 15:57:57 129536 ----a-w- c:\windows\system32\ksproxy.ax
2012-01-16 15:57:34 285952 ----a-w- c:\windows\system32\drivers\yk51x86.sys
2012-01-15 19:44:19 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2012-01-15 19:44:15 367936 ----a-w- c:\windows\system32\nvsvc32.exe
2012-01-15 19:44:15 298816 ----a-w- c:\windows\system32\nvcolor.exe
2012-01-15 19:44:14 203072 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-15 19:44:14 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2012-01-15 19:44:13 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2012-01-15 19:44:13 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-01-15 19:44:08 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-01-15 19:44:08 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-01-15 19:44:08 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-01-15 19:43:43 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-01-15 19:43:42 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2012-01-15 19:43:41 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2012-01-15 19:43:41 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2012-01-15 19:43:40 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2012-01-15 19:43:40 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2012-01-15 19:43:40 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-01-15 19:43:40 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-01-15 19:43:39 2449408 ----a-w- c:\windows\system32\nvapi.dll
2012-01-15 19:43:26 -------- d-----w- c:\program files\NVIDIA Corporation
2012-01-15 19:38:17 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-01-15 19:38:17 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-01-15 19:38:17 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2012-01-15 19:38:17 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-01-15 19:38:16 692356 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-01-15 18:50:48 -------- d-----w- c:\documents and settings\michael\local settings\application data\Identities
2012-01-15 17:32:34 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2012-01-15 17:30:41 -------- d-s---w- c:\windows\system32\Microsoft
2012-01-15 17:27:22 -------- d-----w- c:\windows\ServicePackFiles
2012-01-15 17:25:43 2897920 ------w- c:\windows\system32\xpsp2res.dll
2012-01-15 17:25:22 19528 ----a-w- c:\windows\002012_.tmp
2012-01-15 17:25:22 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-01-15 17:25:17 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-01-15 17:24:45 -------- d-----w- c:\windows\EHome
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
.
============= FINISH: 10:53:49.67 ===============


Attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 15/01/2012 16:59:49
System Uptime: 28/01/2012 10:38:53 (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7125
Processor: AMD Athlon™ 64 Processor 3800+ | Socket 939 | 2412/201mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 47.221 GiB free.
D: is FIXED (NTFS) - 47 GiB total, 28.943 GiB free.
E: is FIXED (NTFS) - 87 GiB total, 70.567 GiB free.
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP22: 20/01/2012 17:43:29 - System Checkpoint
RP23: 24/01/2012 12:27:55 - Installed Microsoft Office XP Professional with FrontPage
RP24: 25/01/2012 21:08:37 - Installed WinZip 16.0
RP25: 26/01/2012 15:03:20 - Installed Adobe Reader X (10.1.2).
RP26: 27/01/2012 11:00:21 - Installed U3Launcher
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
BT Broadband Desktop Help
BT Broadband Help
BT Voyager 205 ADSL Router
CCleaner
Diskeeper Professional Edition
Dune 2000
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
NVIDIA Control Panel 285.58
NVIDIA Drivers
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
Razer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
U3Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Westwood Shared Internet Components
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinZip 16.0
.
==== Event Viewer Messages From Past Week ========
.
27/01/2012 00:19:41, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
24/01/2012 20:49:54, error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The pipe state is invalid.
24/01/2012 12:15:43, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
24/01/2012 12:15:33, error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
24/01/2012 12:15:33, error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting.
23/01/2012 21:08:56, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
21/01/2012 14:08:01, error: PlugPlayManager [11] - The device Root\LEGACY_ABP470N5\0000 disappeared from the system without first being prepared for removal.
.
==== End Of File ===========================




Checkup log
Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````




Malewarebytes log
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.28.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: HOME [administrator]

28/01/2012 11:16:19
mbam-log-2012-01-28 (11-49-10).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227070
Time elapsed: 27 minute(s), 40 second(s)

Memory Processes Detected: 1
C:\WINDOWS\Temp\winkxjx.exe (Trojan.Downloader) -> 2168 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\Temp\winkxjx.exe (Trojan.Downloader) -> No action taken.

(end)

#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,269 posts

Posted 28 January 2012 - 02:02 PM

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.


After that:
Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in another reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.

Please use the Posted Image button when replying. I don't need to see my own posts. Thank you!

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 knowsnothin

knowsnothin

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 29 January 2012 - 06:03 AM

Hi cnm
The two requested logs TDSS and Combofix
Thanks

21:58:55.0750 2872 TDSS rootkit removing tool 2.7.5.0 Jan 28 2012 21:10:24
21:58:57.0750 2872 ============================================================
21:58:57.0750 2872 Current date / time: 2012/01/28 21:58:57.0750
21:58:57.0750 2872 SystemInfo:
21:58:57.0750 2872
21:58:57.0750 2872 OS Version: 5.1.2600 ServicePack: 3.0
21:58:57.0750 2872 Product type: Workstation
21:58:57.0750 2872 ComputerName: HOME
21:58:57.0750 2872 UserName: Michael
21:58:57.0750 2872 Windows directory: C:\WINDOWS
21:58:57.0750 2872 System windows directory: C:\WINDOWS
21:58:57.0750 2872 Processor architecture: Intel x86
21:58:57.0750 2872 Number of processors: 1
21:58:57.0750 2872 Page size: 0x1000
21:58:57.0750 2872 Boot type: Normal boot
21:58:57.0750 2872 ============================================================
21:58:59.0281 2872 Drive \Device\Harddisk0\DR0 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:58:59.0281 2872 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:58:59.0531 2872 Initialize success
21:59:08.0734 1428 ============================================================
21:59:08.0734 1428 Scan started
21:59:08.0734 1428 Mode: Manual;
21:59:08.0734 1428 ============================================================
21:59:09.0265 1428 Abiosdsk - ok
21:59:09.0296 1428 abp470n5 - ok
21:59:09.0312 1428 abp480n5 - ok
21:59:09.0375 1428 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:59:09.0375 1428 ACPI - ok
21:59:09.0421 1428 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:59:09.0421 1428 ACPIEC - ok
21:59:09.0453 1428 adpu160m - ok
21:59:09.0500 1428 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:59:09.0500 1428 aec - ok
21:59:09.0546 1428 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:59:09.0546 1428 AFD - ok
21:59:09.0593 1428 Aha154x - ok
21:59:09.0656 1428 aic78u2 - ok
21:59:09.0671 1428 aic78xx - ok
21:59:09.0781 1428 ALCXWDM (4e0aca5290b2966f24c45250a56c2da1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:59:09.0796 1428 ALCXWDM - ok
21:59:09.0828 1428 AliIde - ok
21:59:09.0859 1428 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
21:59:09.0859 1428 AmdPPM - ok
21:59:09.0890 1428 amsint - ok
21:59:09.0953 1428 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:59:09.0953 1428 Arp1394 - ok
21:59:10.0000 1428 asc - ok
21:59:10.0031 1428 asc3350p - ok
21:59:10.0062 1428 asc3550 - ok
21:59:10.0140 1428 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:59:10.0140 1428 AsyncMac - ok
21:59:10.0171 1428 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:59:10.0187 1428 atapi - ok
21:59:10.0203 1428 Atdisk - ok
21:59:10.0234 1428 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:59:10.0234 1428 Atmarpc - ok
21:59:10.0296 1428 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:59:10.0296 1428 audstub - ok
21:59:10.0328 1428 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:59:10.0328 1428 Beep - ok
21:59:10.0406 1428 catchme - ok
21:59:10.0484 1428 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:59:10.0500 1428 cbidf2k - ok
21:59:10.0515 1428 cd20xrnt - ok
21:59:10.0546 1428 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:59:10.0546 1428 Cdaudio - ok
21:59:10.0625 1428 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:59:10.0625 1428 Cdfs - ok
21:59:10.0687 1428 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:59:10.0687 1428 Cdrom - ok
21:59:10.0703 1428 Changer - ok
21:59:10.0734 1428 CmdIde - ok
21:59:10.0781 1428 Cpqarray - ok
21:59:10.0796 1428 dac2w2k - ok
21:59:10.0828 1428 dac960nt - ok
21:59:10.0859 1428 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:59:10.0859 1428 Disk - ok
21:59:10.0921 1428 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:59:10.0921 1428 dmboot - ok
21:59:10.0968 1428 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:59:10.0968 1428 dmio - ok
21:59:11.0015 1428 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:59:11.0015 1428 dmload - ok
21:59:11.0093 1428 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:59:11.0093 1428 DMusic - ok
21:59:11.0125 1428 dpti2o - ok
21:59:11.0156 1428 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:59:11.0156 1428 drmkaud - ok
21:59:11.0203 1428 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:59:11.0203 1428 Fastfat - ok
21:59:11.0234 1428 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:59:11.0234 1428 Fdc - ok
21:59:11.0296 1428 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:59:11.0296 1428 Fips - ok
21:59:11.0359 1428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:59:11.0359 1428 Flpydisk - ok
21:59:11.0390 1428 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:59:11.0406 1428 FltMgr - ok
21:59:11.0437 1428 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:59:11.0437 1428 Fs_Rec - ok
21:59:11.0468 1428 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:59:11.0468 1428 Ftdisk - ok
21:59:11.0468 1428 GMSIPCI - ok
21:59:11.0531 1428 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:59:11.0531 1428 Gpc - ok
21:59:11.0593 1428 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:59:11.0593 1428 hidusb - ok
21:59:11.0640 1428 hpn - ok
21:59:11.0703 1428 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:59:11.0703 1428 HTTP - ok
21:59:11.0734 1428 i2omgmt - ok
21:59:12.0000 1428 i2omp - ok
21:59:12.0062 1428 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:59:12.0062 1428 i8042prt - ok
21:59:12.0125 1428 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:59:12.0125 1428 Imapi - ok
21:59:12.0156 1428 ini910u - ok
21:59:12.0187 1428 IntelIde - ok
21:59:12.0203 1428 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:59:12.0203 1428 ip6fw - ok
21:59:12.0265 1428 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:59:12.0265 1428 IpFilterDriver - ok
21:59:12.0296 1428 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:59:12.0312 1428 IpInIp - ok
21:59:12.0359 1428 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:59:12.0359 1428 IpNat - ok
21:59:12.0390 1428 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:59:12.0390 1428 IPSec - ok
21:59:12.0421 1428 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:59:12.0421 1428 IRENUM - ok
21:59:12.0468 1428 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:59:12.0468 1428 isapnp - ok
21:59:12.0500 1428 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:59:12.0500 1428 Kbdclass - ok
21:59:12.0546 1428 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:59:12.0546 1428 kmixer - ok
21:59:12.0578 1428 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:59:12.0578 1428 KSecDD - ok
21:59:12.0609 1428 lbrtfdc - ok
21:59:12.0703 1428 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:59:12.0703 1428 mnmdd - ok
21:59:12.0796 1428 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:59:12.0796 1428 Modem - ok
21:59:12.0843 1428 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:59:12.0843 1428 Mouclass - ok
21:59:12.0875 1428 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:59:12.0875 1428 mouhid - ok
21:59:12.0968 1428 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:59:12.0968 1428 MountMgr - ok
21:59:13.0000 1428 mraid35x - ok
21:59:13.0156 1428 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:59:13.0156 1428 MREMP50 - ok
21:59:13.0156 1428 MREMPR5 - ok
21:59:13.0171 1428 MRENDIS5 - ok
21:59:13.0187 1428 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:59:13.0187 1428 MRESP50 - ok
21:59:13.0265 1428 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:59:13.0265 1428 MRxDAV - ok
21:59:13.0328 1428 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:59:13.0328 1428 MRxSmb - ok
21:59:13.0421 1428 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:59:13.0421 1428 Msfs - ok
21:59:13.0468 1428 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:59:13.0468 1428 MSKSSRV - ok
21:59:13.0500 1428 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:59:13.0500 1428 MSPCLOCK - ok
21:59:13.0546 1428 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:59:13.0546 1428 MSPQM - ok
21:59:13.0578 1428 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:59:13.0578 1428 mssmbios - ok
21:59:13.0640 1428 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:59:13.0640 1428 Mup - ok
21:59:13.0703 1428 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:59:13.0703 1428 NDIS - ok
21:59:13.0718 1428 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:59:13.0718 1428 NdisTapi - ok
21:59:13.0765 1428 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:59:13.0765 1428 Ndisuio - ok
21:59:13.0828 1428 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:59:13.0828 1428 NdisWan - ok
21:59:13.0859 1428 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:59:13.0859 1428 NDProxy - ok
21:59:13.0906 1428 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:59:13.0906 1428 NetBIOS - ok
21:59:13.0953 1428 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:59:13.0953 1428 NetBT - ok
21:59:14.0015 1428 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:59:14.0015 1428 NIC1394 - ok
21:59:14.0046 1428 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:59:14.0046 1428 Npfs - ok
21:59:14.0109 1428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:59:14.0109 1428 Ntfs - ok
21:59:14.0203 1428 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:59:14.0203 1428 Null - ok
21:59:14.0578 1428 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:59:14.0671 1428 nv - ok
21:59:14.0750 1428 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:59:14.0750 1428 NVENETFD - ok
21:59:14.0796 1428 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:59:14.0796 1428 nvnetbus - ok
21:59:14.0890 1428 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:59:14.0890 1428 NwlnkFlt - ok
21:59:14.0921 1428 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:59:14.0921 1428 NwlnkFwd - ok
21:59:14.0968 1428 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:59:14.0968 1428 ohci1394 - ok
21:59:15.0062 1428 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:59:15.0062 1428 Parport - ok
21:59:15.0093 1428 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:59:15.0093 1428 PartMgr - ok
21:59:15.0125 1428 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:59:15.0125 1428 ParVdm - ok
21:59:15.0140 1428 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:59:15.0140 1428 PCI - ok
21:59:15.0156 1428 PciCon - ok
21:59:15.0187 1428 PCIDump - ok
21:59:15.0218 1428 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:59:15.0218 1428 PCIIde - ok
21:59:15.0250 1428 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:59:15.0250 1428 Pcmcia - ok
21:59:15.0296 1428 PDCOMP - ok
21:59:15.0312 1428 PDFRAME - ok
21:59:15.0343 1428 PDRELI - ok
21:59:15.0359 1428 PDRFRAME - ok
21:59:15.0390 1428 perc2 - ok
21:59:15.0421 1428 perc2hib - ok
21:59:15.0500 1428 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:59:15.0500 1428 PptpMiniport - ok
21:59:15.0531 1428 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:59:15.0531 1428 Processor - ok
21:59:15.0562 1428 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:59:15.0562 1428 PSched - ok
21:59:15.0578 1428 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:59:15.0578 1428 Ptilink - ok
21:59:15.0609 1428 ql1080 - ok
21:59:15.0625 1428 Ql10wnt - ok
21:59:15.0656 1428 ql12160 - ok
21:59:15.0671 1428 ql1240 - ok
21:59:15.0687 1428 ql1280 - ok
21:59:15.0718 1428 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:59:15.0718 1428 RasAcd - ok
21:59:15.0765 1428 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:59:15.0765 1428 Rasl2tp - ok
21:59:15.0812 1428 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:59:15.0812 1428 RasPppoe - ok
21:59:15.0828 1428 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:59:15.0828 1428 Raspti - ok
21:59:15.0875 1428 Razerlow (116c340acf37602d12cac6de6b8107cd) C:\WINDOWS\system32\Drivers\Razerlow.sys
21:59:15.0890 1428 Razerlow - ok
21:59:15.0937 1428 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:59:15.0937 1428 Rdbss - ok
21:59:15.0968 1428 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:59:15.0968 1428 RDPCDD - ok
21:59:16.0078 1428 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:59:16.0078 1428 RDPWD - ok
21:59:16.0125 1428 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:59:16.0125 1428 redbook - ok
21:59:16.0218 1428 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:59:16.0218 1428 Secdrv - ok
21:59:16.0281 1428 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:59:16.0281 1428 serenum - ok
21:59:16.0296 1428 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:59:16.0296 1428 Serial - ok
21:59:16.0343 1428 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:59:16.0343 1428 Sfloppy - ok
21:59:16.0406 1428 Si3114r5 (09889d435edc82435b18c7c311fe5721) C:\WINDOWS\system32\DRIVERS\Si3114r5.sys
21:59:16.0406 1428 Si3114r5 - ok
21:59:16.0453 1428 SiFilter (46b92189fe4db53a09e3a0099aa3084c) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
21:59:16.0453 1428 SiFilter - ok
21:59:16.0468 1428 Simbad - ok
21:59:16.0500 1428 SiRemFil (b688378d258d1ecce4768cdb55d48d92) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
21:59:16.0500 1428 SiRemFil - ok
21:59:16.0515 1428 Sparrow - ok
21:59:16.0562 1428 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:59:16.0562 1428 splitter - ok
21:59:16.0593 1428 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:59:16.0593 1428 sr - ok
21:59:16.0640 1428 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:59:16.0640 1428 Srv - ok
21:59:16.0718 1428 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:59:16.0718 1428 swenum - ok
21:59:16.0765 1428 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:59:16.0765 1428 swmidi - ok
21:59:16.0812 1428 symc810 - ok
21:59:16.0828 1428 symc8xx - ok
21:59:16.0859 1428 sym_hi - ok
21:59:16.0875 1428 sym_u3 - ok
21:59:16.0921 1428 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:59:16.0921 1428 sysaudio - ok
21:59:17.0000 1428 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:59:17.0000 1428 Tcpip - ok
21:59:17.0078 1428 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:59:17.0078 1428 TDPIPE - ok
21:59:17.0140 1428 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:59:17.0140 1428 TDTCP - ok
21:59:17.0171 1428 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:59:17.0171 1428 TermDD - ok
21:59:17.0218 1428 TosIde - ok
21:59:17.0265 1428 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:59:17.0265 1428 Udfs - ok
21:59:17.0312 1428 ultra - ok
21:59:17.0343 1428 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:59:17.0343 1428 Update - ok
21:59:17.0375 1428 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:59:17.0375 1428 usbehci - ok
21:59:17.0406 1428 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:59:17.0406 1428 usbhub - ok
21:59:17.0437 1428 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:59:17.0437 1428 usbohci - ok
21:59:17.0468 1428 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:59:17.0468 1428 usbstor - ok
21:59:17.0515 1428 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:59:17.0515 1428 VgaSave - ok
21:59:17.0531 1428 ViaIde - ok
21:59:17.0578 1428 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:59:17.0578 1428 VolSnap - ok
21:59:17.0625 1428 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:59:17.0625 1428 Wanarp - ok
21:59:17.0640 1428 WDICA - ok
21:59:17.0671 1428 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:59:17.0671 1428 wdmaud - ok
21:59:17.0796 1428 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:59:17.0796 1428 WS2IFSL - ok
21:59:17.0859 1428 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:59:17.0859 1428 WudfPf - ok
21:59:17.0937 1428 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:59:17.0937 1428 WudfRd - ok
21:59:18.0093 1428 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
21:59:18.0093 1428 yukonwxp - ok
21:59:18.0125 1428 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:59:18.0218 1428 \Device\Harddisk0\DR0 - ok
21:59:18.0218 1428 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:59:18.0218 1428 \Device\Harddisk1\DR1 - ok
21:59:18.0234 1428 Boot (0x1200) (30822ae236f78d04657dad9c63e331bd) \Device\Harddisk0\DR0\Partition0
21:59:18.0234 1428 \Device\Harddisk0\DR0\Partition0 - ok
21:59:18.0265 1428 Boot (0x1200) (ea2194d1ede3800c3df1f376568f197e) \Device\Harddisk0\DR0\Partition1
21:59:18.0265 1428 \Device\Harddisk0\DR0\Partition1 - ok
21:59:18.0281 1428 Boot (0x1200) (883fed1255e629291e01a3cae55cf6b8) \Device\Harddisk0\DR0\Partition2
21:59:18.0281 1428 \Device\Harddisk0\DR0\Partition2 - ok
21:59:18.0281 1428 ============================================================
21:59:18.0281 1428 Scan finished
21:59:18.0281 1428 ============================================================
21:59:18.0296 1804 Detected object count: 0
21:59:18.0296 1804 Actual detected object count: 0













COMBOFIX LOG



ComboFix 12-01-28.02 - Michael 28/01/2012 21:20:29.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.640 [GMT 0:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2003-03-31 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-03-31 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-03-31 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2003-03-31 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-03-31 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-03 15:28 . 2003-03-31 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2003-03-31 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2003-03-31 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
[-] 2008-04-14 . 1F88124CA9E09DEF4FD7BD7E9977D023 . 93184 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-01-21_14.10.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-24 17:37 . 2012-01-24 17:37 16384 c:\windows\Temp\Perflib_Perfdata_5fc.dat
+ 2012-01-24 20:49 . 2012-01-24 20:49 16384 c:\windows\Temp\Perflib_Perfdata_5e0.dat
+ 2012-01-24 20:49 . 2012-01-24 20:49 16384 c:\windows\Temp\Perflib_Perfdata_218.dat
+ 1999-11-24 17:40 . 1999-11-24 17:40 40960 c:\windows\system32\VBAME.DLL
+ 1998-03-24 20:54 . 1998-03-24 20:54 15872 c:\windows\system32\SCP32.DLL
+ 1998-08-09 10:07 . 1998-08-09 10:07 94208 c:\windows\system32\MSSTKPRP.DLL
+ 1998-06-17 18:08 . 1998-06-17 18:08 53248 c:\windows\system32\MFC42ENU.DLL
+ 1998-03-26 00:00 . 1998-03-26 00:00 38160 c:\windows\system32\MAPISRVR.EXE
+ 1999-10-17 19:01 . 1999-10-17 19:01 26384 c:\windows\system32\FM20ENU.DLL
+ 2001-01-22 03:25 . 2001-01-22 03:25 32768 c:\windows\system32\ATHPRXY.DLL
+ 2012-01-24 12:28 . 2012-01-24 12:28 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2000-04-03 17:52 . 2000-04-03 17:52 151552 c:\windows\system32\RDOCURS.DLL
+ 1998-12-08 18:53 . 1998-12-08 18:53 212480 c:\windows\system32\PCDLIB32.DLL
+ 2000-05-23 21:45 . 2000-05-23 21:45 118784 c:\windows\system32\MSSTDFMT.DLL
+ 2000-05-11 13:06 . 2000-05-11 13:06 397312 c:\windows\system32\MSRDO20.DLL
+ 1998-10-01 12:00 . 1998-10-01 12:00 520128 c:\windows\system32\MAPI.DLL
+ 2012-01-24 20:49 . 2012-01-24 20:49 112584 c:\windows\system32\FNTCACHE.DAT
+ 2012-01-16 17:20 . 2008-04-13 18:53 635904 c:\windows\network diagnostic\xpnetdiag.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 1999-10-17 19:01 . 1999-10-17 19:01 1129232 c:\windows\system32\FM20.DLL
+ 2012-01-24 12:28 . 2012-01-24 12:28 3485184 c:\windows\Installer\dee5f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1710184]
"DiskeeperSystray"="d:\diskeeper 9 profesional\DkIcon.exe" [2004-10-04 249944]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 93184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 161184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Help.lnk
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2011-05-26 15:04 1659776 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1773056 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-12-01 07:54 147456 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-01-16 18:57 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Nvidea driver october 2011\\setup.exe"=
"c:\\WINDOWS\\system32\\nvsvc32.exe"=
"c:\\Program Files\\NVIDIA Corporation\\nview\\nwiz.exe"=
"c:\\PROGRA~1\\Motive\\ASSTCO~1\\MOTIVE~1.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BT Broadband\\Help\\bin\\matcli.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\Engine\\6\\INTEL3~1\\IKernel.exe"=
"d:\\Diskeeper 9 profesional\\DkService.exe"=
"d:\\Diskeeper 9 profesional\\DkIcon.exe"=
"c:\\Program Files\\BT Broadband\\Help\\bin\\mpbtn.exe"=
.
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [17/01/2012 20:32 13225]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [15/01/2012 19:44 2330944]
S3 PciCon;PciCon;\??\j:\pcicon.sys --> j:\PciCon.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1214440339-839522115-1004Core.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-22 11:33]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1214440339-839522115-1004UA.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-22 11:33]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 20:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2376)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\RUNDLL32.EXE
d:\diskeeper 9 profesional\DkService.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-01-28 21:25:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-24 20:52
.
Pre-Run: 50,447,446,016 bytes free
Post-Run: 50,457,931,776 bytes free
.
- - End Of File - - 96CEA6A801589B31220E5C395BEDFB14

#6 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,269 posts

Posted 29 January 2012 - 11:51 AM

Please run Malwarebytes Anti-Malware (MBAM) again after getting any updates.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. Then please post the log.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#7 knowsnothin

knowsnothin

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 29 January 2012 - 03:32 PM

Hi cnm
Malewarebytes log for you
Thanks




Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.29.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: HOME [administrator]

29/01/2012 20:03:26
mbam-log-2012-01-29 (20-29-29).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220945
Time elapsed: 24 minute(s), 59 second(s)

Memory Processes Detected: 1
C:\WINDOWS\Temp\gnbevs.exe (Trojan.Downloader) -> 2648 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\WINDOWS\Temp\gnbevs.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-682003330-1214440339-839522115-1004\Dc15.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-682003330-1214440339-839522115-1004\Dc16.exe (Trojan.Downloader) -> No action taken.

(end)

#8 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,269 posts

Posted 29 January 2012 - 03:41 PM

That is still showing No action taken. Try running it in Safe Mode (hit F8 several times while booting to get the boot menu).

When the scan is complete, click 'OK', then 'Show Results' to view the results.
Make sure that everything is checked, and click 'Remove Selected'. Then please post the log.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#9 knowsnothin

knowsnothin

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 30 January 2012 - 11:05 AM

Hi cnm
I ran Malewarebytes, checked all the boxes and clicked delete all
Malewarebytes then says it needs to reboot to finish the removal
Ater reboot I did another full scan and they are all back again :(
I also tried to reboot into safe mode, and safe mode with networking
But my PC will not boot into safe mode, it just keeps going around in circles
Hope this makes sense
Thanks

#10 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,269 posts

Posted 30 January 2012 - 12:13 PM

Yes, it makes sense. Please run these two scans:

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report (if any) in your next reply.
  • Click the Back button.
  • Click the Finish button.


After that:
Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool.
Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
__________________

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#11 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,269 posts

Posted 08 February 2012 - 12:05 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button