|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#16
March 4th, 2011, 02:35 AM
|
||||
|
||||
|
Sure does look like a clean sweep of things, and Eset is confirming no other infection is being picked up. Surprisingly enough, useless stuff like Error Fix still thrives across the web, including this 3 star Editor rating at CNET's download of it.
Looking clean, so before we do some final cleaning up steps of our work now, post back how everything is running please. 
|
|
#17
March 4th, 2011, 04:49 AM
|
|||
|
|||
|
My computer still is slow. It takes quite some time starting up. When i open it and it goes to the black still with windows and has that blue loading bar, it loads a long time. Sometimes there would be a sudden pause, and the volumes jams up there.
|
|
#18
March 4th, 2011, 05:22 AM
|
||||
|
||||
|
I did notice this earlier:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa] "notification packages"= scecli RSIT would only pick up that Registry key if it did not match the known settings, which appear more like this: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa] "notification packages"=scecli Used for user login processes, and the first example suggests some value is there "before" scecli. ComboFix does catch those as well though. Late where I am, but let's take a few different looks, and maybe take this back up as time permits tomorrow. Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Click here and download Kaspersky's TDSSKiller to your desktop, then unzip that and place a copy of the TDSSKiller.exe file on your desktop. Then click that to open the scanner. In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested. When the scan completes it will create a log file on your C drive. Similar in name to this: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt Your copy will be different - some of those numbers will reflect the date/time it was just run by you there. Copy/paste those contents back here please. ----------- Open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
|
|
#19
March 4th, 2011, 05:36 AM
|
|||
|
|||
|
the kaspersky didn't find anything
2011/03/03 20:34:41.0015 0336 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30 2011/03/03 20:34:41.0500 0336 ================================================== ============================== 2011/03/03 20:34:41.0500 0336 SystemInfo: 2011/03/03 20:34:41.0500 0336 2011/03/03 20:34:41.0500 0336 OS Version: 5.1.2600 ServicePack: 2.0 2011/03/03 20:34:41.0500 0336 Product type: Workstation 2011/03/03 20:34:41.0500 0336 ComputerName: USER-2561BA0F00 2011/03/03 20:34:41.0500 0336 UserName: user 2011/03/03 20:34:41.0500 0336 Windows directory: D:\WINDOWS 2011/03/03 20:34:41.0500 0336 System windows directory: D:\WINDOWS 2011/03/03 20:34:41.0500 0336 Processor architecture: Intel x86 2011/03/03 20:34:41.0500 0336 Number of processors: 1 2011/03/03 20:34:41.0500 0336 Page size: 0x1000 2011/03/03 20:34:41.0500 0336 Boot type: Normal boot 2011/03/03 20:34:41.0500 0336 ================================================== ============================== 2011/03/03 20:34:42.0062 0336 Initialize success 2011/03/03 20:34:49.0406 1068 ================================================== ============================== 2011/03/03 20:34:49.0406 1068 Scan started 2011/03/03 20:34:49.0406 1068 Mode: Manual; 2011/03/03 20:34:49.0406 1068 ================================================== ============================== 2011/03/03 20:34:50.0375 1068 ACPI (a10c7534f7223f4a73a948967d00e69b) D:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/03/03 20:34:50.0656 1068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys 2011/03/03 20:34:51.0093 1068 aec (841f385c6cfaf66b58fbd898722bb4f0) D:\WINDOWS\system32\drivers\aec.sys 2011/03/03 20:34:51.0390 1068 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) D:\WINDOWS\System32\drivers\afd.sys 2011/03/03 20:34:52.0468 1068 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) D:\WINDOWS\system32\drivers\ALCXSENS.SYS 2011/03/03 20:34:53.0031 1068 ALCXWDM (3af2bf7df2aff16a44e604ddce1cb256) D:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/03/03 20:34:54.0125 1068 AsyncMac (02000abf34af4c218c35d257024807d6) D:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/03/03 20:34:54.0359 1068 atapi (cdfe4411a69c224bd1d11b2da92dac51) D:\WINDOWS\system32\DRIVERS\atapi.sys 2011/03/03 20:34:54.0750 1068 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) D:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/03/03 20:34:55.0000 1068 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys 2011/03/03 20:34:55.0218 1068 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys 2011/03/03 20:34:55.0453 1068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys 2011/03/03 20:34:55.0875 1068 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys 2011/03/03 20:34:56.0093 1068 Cdfs (cd7d5152df32b47f4e36f710b35aae02) D:\WINDOWS\system32\drivers\Cdfs.sys 2011/03/03 20:34:56.0328 1068 Cdrom (af9c19b3100fe010496b1a27181fbf72) D:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/03/03 20:34:57.0500 1068 Disk (00ca44e4534865f8a3b64f7c0984bff0) D:\WINDOWS\system32\DRIVERS\disk.sys 2011/03/03 20:34:57.0953 1068 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) D:\WINDOWS\system32\drivers\dmboot.sys 2011/03/03 20:34:58.0453 1068 dmio (f5e7b358a732d09f4bcf2824b88b9e28) D:\WINDOWS\system32\drivers\dmio.sys 2011/03/03 20:34:58.0750 1068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys 2011/03/03 20:34:58.0984 1068 DMusic (a6f881284ac1150e37d9ae47ff601267) D:\WINDOWS\system32\drivers\DMusic.sys 2011/03/03 20:34:59.0406 1068 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) D:\WINDOWS\system32\drivers\drmkaud.sys 2011/03/03 20:34:59.0843 1068 Fastfat (3117f595e9615e04f05a54fc15a03b20) D:\WINDOWS\system32\drivers\Fastfat.sys 2011/03/03 20:35:00.0093 1068 Fdc (ced2e8396a8838e59d8fd529c680e02c) D:\WINDOWS\system32\DRIVERS\fdc.sys 2011/03/03 20:35:00.0312 1068 FETNDIS (e9648254056bce81a85380c0c3647dc4) D:\WINDOWS\system32\DRIVERS\fetnd5.sys 2011/03/03 20:35:00.0546 1068 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) D:\WINDOWS\system32\drivers\Fips.sys 2011/03/03 20:35:00.0750 1068 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) D:\WINDOWS\system32\drivers\Flpydisk.sys 2011/03/03 20:35:01.0015 1068 FltMgr (157754f0df355a9e0a6f54721914f9c6) D:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/03/03 20:35:01.0265 1068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/03/03 20:35:01.0500 1068 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/03/03 20:35:01.0765 1068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) D:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/03/03 20:35:01.0984 1068 Gpc (c0f1d4a21de5a415df8170616703debf) D:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/03/03 20:35:02.0234 1068 hidusb (1de6783b918f540149aa69943bdfeba8) D:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/03/03 20:35:02.0687 1068 HTTP (c19b522a9ae0bbc3293397f3055e80a1) D:\WINDOWS\system32\Drivers\HTTP.sys 2011/03/03 20:35:03.0312 1068 i8042prt (5502b58eef7486ee6f93f3f164dcb808) D:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/03/03 20:35:03.0546 1068 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) D:\WINDOWS\system32\DRIVERS\imapi.sys 2011/03/03 20:35:04.0156 1068 intelppm (279fb78702454dff2bb445f238c048d2) D:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/03/03 20:35:04.0359 1068 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) D:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/03/03 20:35:04.0593 1068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/03/03 20:35:04.0906 1068 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) D:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/03/03 20:35:05.0140 1068 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) D:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/03/03 20:35:05.0406 1068 IPSec (64537aa5c003a6afeee1df819062d0d1) D:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/03/03 20:35:05.0640 1068 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) D:\WINDOWS\system32\DRIVERS\irenum.sys 2011/03/03 20:35:05.0890 1068 isapnp (e504f706ccb699c2596e9a3da1596e87) D:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/03/03 20:35:06.0109 1068 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) D:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/03/03 20:35:06.0375 1068 kmixer (d93cad07c5683db066b0b2d2d3790ead) D:\WINDOWS\system32\drivers\kmixer.sys 2011/03/03 20:35:06.0656 1068 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) D:\WINDOWS\system32\drivers\KSecDD.sys 2011/03/03 20:35:07.0156 1068 Mkd2kfNt (844fff67d9d70d4457135e5b3cfc2906) D:\WINDOWS\system32\drivers\Mkd2kfNt.sys 2011/03/03 20:35:07.0406 1068 Mkd2Nadr (0716efda4769995c67a3450fcd36e47e) D:\WINDOWS\system32\drivers\Mkd2Nadr.sys 2011/03/03 20:35:07.0640 1068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys 2011/03/03 20:35:07.0875 1068 Modem (6fc6f9d7acc36dca9b914565a3aeda05) D:\WINDOWS\system32\drivers\Modem.sys 2011/03/03 20:35:08.0109 1068 Mouclass (34e1f0031153e491910e12551400192c) D:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/03/03 20:35:08.0328 1068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/03/03 20:35:08.0531 1068 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) D:\WINDOWS\system32\drivers\MountMgr.sys 2011/03/03 20:35:08.0984 1068 MRxDAV (46edcc8f2db2f322c24f48785cb46366) D:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/03/03 20:35:09.0343 1068 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/03/03 20:35:09.0718 1068 Msfs (561b3a4333ca2dbdba28b5b956822519) D:\WINDOWS\system32\drivers\Msfs.sys 2011/03/03 20:35:10.0015 1068 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) D:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/03/03 20:35:10.0218 1068 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) D:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/03/03 20:35:10.0421 1068 MSPQM (1988a33ff19242576c3d0ef9ce785da7) D:\WINDOWS\system32\drivers\MSPQM.sys 2011/03/03 20:35:10.0656 1068 mssmbios (469541f8bfd2b32659d5d463a6714bce) D:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/03/03 20:35:10.0921 1068 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) D:\WINDOWS\system32\drivers\Mup.sys 2011/03/03 20:35:11.0203 1068 NDIS (558635d3af1c7546d26067d5d9b6959e) D:\WINDOWS\system32\drivers\NDIS.sys 2011/03/03 20:35:11.0453 1068 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) D:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/03/03 20:35:11.0640 1068 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) D:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/03/03 20:35:11.0859 1068 NdisWan (0b90e255a9490166ab368cd55a529893) D:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/03/03 20:35:12.0218 1068 NDProxy (59fc3fb44d2669bc144fd87826bb571f) D:\WINDOWS\system32\drivers\NDProxy.sys 2011/03/03 20:35:12.0468 1068 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) D:\WINDOWS\system32\DRIVERS\netbios.sys 2011/03/03 20:35:12.0718 1068 NetBT (0c80e410cd2f47134407ee7dd19cc86b) D:\WINDOWS\system32\DRIVERS\netbt.sys 2011/03/03 20:35:13.0031 1068 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) D:\WINDOWS\system32\drivers\Npfs.sys 2011/03/03 20:35:13.0578 1068 Ntfs (b78be402c3f63dd55521f73876951cdd) D:\WINDOWS\system32\drivers\Ntfs.sys 2011/03/03 20:35:14.0000 1068 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys 2011/03/03 20:35:14.0203 1068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/03/03 20:35:14.0406 1068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/03/03 20:35:14.0640 1068 Parport (29744eb4ce659dfe3b4122deb45bc478) D:\WINDOWS\system32\DRIVERS\parport.sys 2011/03/03 20:35:14.0859 1068 PartMgr (3334430c29dc338092f79c38ef7b4cd0) D:\WINDOWS\system32\drivers\PartMgr.sys 2011/03/03 20:35:15.0078 1068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys 2011/03/03 20:35:15.0328 1068 PCI (8086d9979234b603ad5bc2f5d890b234) D:\WINDOWS\system32\DRIVERS\pci.sys 2011/03/03 20:35:15.0734 1068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) D:\WINDOWS\system32\DRIVERS\pciide.sys 2011/03/03 20:35:15.0968 1068 Pcmcia (82a087207decec8456fbe8537947d579) D:\WINDOWS\system32\drivers\Pcmcia.sys 2011/03/03 20:35:17.0296 1068 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) D:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/03/03 20:35:17.0531 1068 PSched (48671f327553dcf1d27f6197f622a668) D:\WINDOWS\system32\DRIVERS\psched.sys 2011/03/03 20:35:17.0750 1068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/03/03 20:35:18.0000 1068 PxHelp20 (153d02480a0a2f45785522e814c634b6) D:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/03/03 20:35:19.0093 1068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/03 20:35:19.0359 1068 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/03/03 20:35:19.0562 1068 RasPppoe (7306eeed8895454cbed4669be9f79faa) D:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/03/03 20:35:19.0765 1068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys 2011/03/03 20:35:20.0031 1068 Rdbss (29d66245adba878fff574cd66abd2884) D:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/03/03 20:35:20.0312 1068 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/03/03 20:35:20.0578 1068 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) D:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/03/03 20:35:20.0859 1068 RDPWD (d4f5643d7714ef499ae9527fdcd50894) D:\WINDOWS\system32\drivers\RDPWD.sys 2011/03/03 20:35:21.0125 1068 redbook (b31b4588e4086d8d84adbf9845c2402b) D:\WINDOWS\system32\DRIVERS\redbook.sys 2011/03/03 20:35:21.0421 1068 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) D:\WINDOWS\system32\drivers\SCDEmu.sys 2011/03/03 20:35:21.0625 1068 Secdrv (d26e26ea516450af9d072635c60387f4) D:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/03/03 20:35:21.0875 1068 serenum (a2d868aeeff612e70e213c451a70cafb) D:\WINDOWS\system32\DRIVERS\serenum.sys 2011/03/03 20:35:22.0109 1068 Serial (cd9404d115a00d249f70a371b46d5a26) D:\WINDOWS\system32\DRIVERS\serial.sys 2011/03/03 20:35:22.0359 1068 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) D:\WINDOWS\system32\drivers\Sfloppy.sys 2011/03/03 20:35:23.0062 1068 splitter (8e186b8f23295d1e42c573b82b80d548) D:\WINDOWS\system32\drivers\splitter.sys 2011/03/03 20:35:23.0421 1068 sr (e41b6d037d6cd08461470af04500dc24) D:\WINDOWS\system32\DRIVERS\sr.sys 2011/03/03 20:35:23.0828 1068 Srv (20b7e396720353e4117d64d9dcb926ca) D:\WINDOWS\system32\DRIVERS\srv.sys 2011/03/03 20:35:24.0171 1068 swenum (03c1bae4766e2450219d20b993d6e046) D:\WINDOWS\system32\DRIVERS\swenum.sys 2011/03/03 20:35:24.0406 1068 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) D:\WINDOWS\system32\drivers\swmidi.sys 2011/03/03 20:35:25.0375 1068 sysaudio (650ad082d46bac0e64c9c0e0928492fd) D:\WINDOWS\system32\drivers\sysaudio.sys 2011/03/03 20:35:25.0703 1068 Tcpip (9f4b36614a0fc234525ba224957de55c) D:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/03/03 20:35:26.0031 1068 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) D:\WINDOWS\system32\drivers\TDPIPE.sys 2011/03/03 20:35:26.0234 1068 TDTCP (ed0580af02502d00ad8c4c066b156be9) D:\WINDOWS\system32\drivers\TDTCP.sys 2011/03/03 20:35:26.0437 1068 TermDD (a540a99c281d933f3d69d55e48727f47) D:\WINDOWS\system32\DRIVERS\termdd.sys 2011/03/03 20:35:26.0875 1068 uagp35 (49c805d42d75eddc9b6a7130999c9054) D:\WINDOWS\system32\DRIVERS\uagp35.sys 2011/03/03 20:35:27.0171 1068 Udfs (12f70256f140cd7d52c58c7048fde657) D:\WINDOWS\system32\drivers\Udfs.sys 2011/03/03 20:35:27.0656 1068 Update (aff2e5045961bbc0a602bb6f95eb1345) D:\WINDOWS\system32\DRIVERS\update.sys 2011/03/03 20:35:27.0953 1068 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) D:\WINDOWS\system32\Drivers\usbaapl.sys 2011/03/03 20:35:28.0218 1068 usbehci (15e993ba2f6946b2bfbbfcd30398621e) D:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/03/03 20:35:28.0437 1068 usbhub (c72f40947f92cea56a8fb532edf025f1) D:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/03/03 20:35:28.0671 1068 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/03/03 20:35:28.0906 1068 usbuhci (f8fd1400092e23c8f2f31406ef06167b) D:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/03/03 20:35:29.0140 1068 VgaSave (8a60edd72b4ea5aea8202daf0e427925) D:\WINDOWS\System32\drivers\vga.sys 2011/03/03 20:35:29.0421 1068 viagfx (bcb2353661cb74a28c2e3e08ccfdff12) D:\WINDOWS\system32\DRIVERS\vtmini.sys 2011/03/03 20:35:29.0703 1068 ViaIde (59cb1338ad3654417bea49636457f65d) D:\WINDOWS\system32\DRIVERS\viaide.sys 2011/03/03 20:35:29.0906 1068 VolSnap (ee4660083deba849ff6c485d944b379b) D:\WINDOWS\system32\drivers\VolSnap.sys 2011/03/03 20:35:30.0203 1068 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) D:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/03/03 20:35:30.0640 1068 wdmaud (2797f33ebf50466020c430ee4f037933) D:\WINDOWS\system32\drivers\wdmaud.sys 2011/03/03 20:35:30.0953 1068 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) D:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/03/03 20:35:31.0281 1068 ================================================== ============================== 2011/03/03 20:35:31.0281 1068 Scan finished 2011/03/03 20:35:31.0281 1068 ================================================== ============================== 2011/03/03 20:35:36.0765 1328 Deinitialize success
|
|
#20
March 4th, 2011, 06:06 AM
|
|||
|
|||
|
Gmer
GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-03 21:05:16 Windows 5.1.2600 Service Pack 2 Running: 5g69fen6.exe; Driver: D:\DOCUME~1\user\LOCALS~1\Temp\afpoypod.sys ---- Modules - GMER 1.0.15 ---- Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F798B000-F798D000 (8192 bytes) Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F7647000-F7651000 (40960 bytes) Module \SystemRoot\system32\DRIVERS\vtmini.sys (VIA/S3G Miniport Driver/Copyright (C) VIA/S3 Graphics Co, Ltd.) B9E61000-B9E9B000 (237568 bytes) Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) F7817000-F781D000 (24576 bytes) Module \SystemRoot\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) B9D74000-B9E07000 (602112 bytes) Module \SystemRoot\system32\drivers\ALCXSENS.SYS (Sensaura WDM 3D Audio Driver/Sensaura Ltd) B9CF0000-B9D50000 (393216 bytes) Module \SystemRoot\system32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) F7747000-F774E000 (28672 bytes) Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) B6836000-B683B000 (20480 bytes) Module \SystemRoot\System32\Drivers\SCDEmu.SYS (PowerISO Virtual Drive/PowerISO Computing, Inc.) B1815000-B1823000 (57344 bytes) Module \SystemRoot\System32\vtdisp.dll (VIA/S3G Graphics Driver/VIA/S3 Graphics Co, Ltd.) BF9D3000-BFD29000 (3497984 bytes) Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes) Module \??\D:\DOCUME~1\user\LOCALS~1\Temp\afpoypod.sys (GMER) AB3E5000-AB3FD000 (98304 bytes) ---- Processes - GMER 1.0.15 ---- Process D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 516 Library D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 0x00400000 Library D:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll (Apple System Log/Apple, Inc.) 0x10000000 Library D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll (Apple Mobile Device Service/Apple Inc.) 0x00600000 Library D:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.) 0x00640000 Library D:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project) 0x00720000 Library D:\Program Files\Common Files\Apple\Apple Application Support\objc.dll (Objective-C Runtime Library/Apple Inc.) 0x00730000 Library D:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll (Dispatch Runtime Library/Apple Inc.) 0x00760000 Library D:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll (IBM ICU I18N DLL/IBM Corporation and others) 0x00780000 Library D:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll (IBM ICU Common DLL/IBM Corporation and others) 0x00890000 Library D:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000 Process D:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 544 Library D:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 0x00400000 Process D:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 604 Library D:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000 Process D:\MSC.Software\Patran\2010.1.2\Filemanager\exe\WI NNT\pmapsvc.exe 668 Library D:\MSC.Software\Patran\2010.1.2\Filemanager\exe\WI NNT\pmapsvc.exe 0x00400000 Library D:\MSC.Software\Patran\2010.1.2\Filemanager\exe\WI NNT\pwrpc32.dll 0x10000000 Process D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (StandAloneSlv Module/Mentor Graphics Corporation) 752 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (StandAloneSlv Module/Mentor Graphics Corporation) 0x00400000 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\FwProxy.dll (Proxy Dynamic Link Library/Mentor Graphics Corporation) 0x10000000 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\Fwconst.dll (FWConst/Mentor Graphics Corporation) 0x006D0000 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\NIKPlatformClientInterfacesImpl. dll (FWConst/Mentor Graphics Corporation) 0x00810000 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\NGP_Utils.dll (NGP_Utils/Mentor Graphics Corporation) 0x00980000 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\NGP_System.dll (NGP_System/Mentor Graphics Corporation) 0x009D0000 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\NIKEvalExpressions.dll (NIKEvalExpressions DLL/Mentor Graphics Corporation) 0x00A10000 Process D:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1028 Library D:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000 Process D:\MSC.Software\Patran\2010.1.2\Filemanager\exe\WI NNT\smdl_fm_server.exe (smdl_fm_server Application/MSC.Software Corporation.) 1080 Library D:\MSC.Software\Patran\2010.1.2\Filemanager\exe\WI NNT\smdl_fm_server.exe (smdl_fm_server Application/MSC.Software Corporation.) 0x00400000 Library D:\MSC.Software\Patran\2010.1.2\Filemanager\exe\WI NNT\libcde1.dll 0x10000000 Library D:\MSC.Software\Patran\2010.1.2\Filemanager\exe\WI NNT\pwrpc32.dll 0x00330000 Library D:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000 Process D:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1120 Library D:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000 Process D:\Documents and Settings\user\Desktop\5g69fen6.exe 1528 Library D:\Documents and Settings\user\Desktop\5g69fen6.exe 0x00400000 Process D:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1628 Library D:\WINDOWS\system32\hpzlnt04.dll (HP) 0x10000000 Library D:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpi pelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000 Library D:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000 Process D:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1636 Library D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000 Library D:\Program Files\WinRAR\rarext.dll 0x02250000 Library D:\Documents and Settings\user\My Documents\PowerISO\PWRISOSH.DLL (PowerISOShell DLL/PowerISO Computing, Inc.) 0x03580000 Library D:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x037C0000 Process D:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.) 1792 Library D:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.) 0x00400000 Process D:\WINDOWS\system32\VTtrayp.exe (s3contrl (32-bit)/S3 Graphics Co., Ltd.) 1800 Library D:\WINDOWS\system32\VTtrayp.exe (s3contrl (32-bit)/S3 Graphics Co., Ltd.) 0x00400000 Library D:\WINDOWS\system32\VTDisply.dll (S3 multi-chip display switch utility (32-bit)/S3 Graphics Co., Ltd.) 0x6BB00000 Library D:\WINDOWS\system32\VTGamma2.dll (S3Gamma Plus (32-bit)/S3 Graphics Co., Ltd.) 0x6BE00000 Library D:\WINDOWS\system32\VTInfo2.dll (S3 Graphics Display Adapter Information Utility (32-bit)/S3 Graphics Co., Ltd.) 0x6C000000 Library D:\WINDOWS\system32\VTOvrlay.dll (S3ColorPus/S3Overlay Utility/S3 Graphics Co., Ltd.) 0x6C200000 Process D:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 1808 Library D:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 0x00400000 Process D:\Program Files\Winamp\winampa.exe (Winamp Agent/Nullsoft, Inc.) 1816 Library D:\Program Files\Winamp\winampa.exe (Winamp Agent/Nullsoft, Inc.) 0x00400000 Process D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (YBrwIcon/Yahoo!, Inc.) 1832 Library D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (YBrwIcon/Yahoo!, Inc.) 0x00400000 Library D:\Program Files\Yahoo!\browser\YBrwRes.dll (YBrwRes/Yahoo!, Inc.) 0x20000000 Library D:\Program Files\Yahoo!\browser\YCommonPS.dll 0x10000000 Process D:\Documents and Settings\user\My Documents\PowerISO\PWRISOVM.EXE (PowerISO Virtual Drive Manager/PowerISO Computing, Inc.) 1848 Library D:\Documents and Settings\user\My Documents\PowerISO\PWRISOVM.EXE (PowerISO Virtual Drive Manager/PowerISO Computing, Inc.) 0x00400000 Process D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (sldIM/Dassault Systèmes SolidWorks Corp.) 1868 Library D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (sldIM/Dassault Systèmes SolidWorks Corp.) 0x00400000 Library D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\lang\english\sldIMResu.dll (sldIMresu/Dassault Systèmes SolidWorks Corp.) 0x10000000 Process D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Reader and Acrobat Manager/Adobe Systems Incorporated) 1896 Library D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Reader and Acrobat Manager/Adobe Systems Incorporated) 0x00400000 Process D:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.) 1920 Library D:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.) 0x00400000 Library D:\Program Files\iTunes\iTunesHelper.dll (iTunesHelper DLL/Apple Inc.) 0x10000000 Library D:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.) 0x008E0000 Library D:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project) 0x009C0000 Library D:\Program Files\Common Files\Apple\Apple Application Support\objc.dll (Objective-C Runtime Library/Apple Inc.) 0x009D0000 Library D:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll (Dispatch Runtime Library/Apple Inc.) 0x00A00000 Library D:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll (IBM ICU I18N DLL/IBM Corporation and others) 0x00A20000 Library D:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll (IBM ICU Common DLL/IBM Corporation and others) 0x00B30000 Library D:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000 Library D:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll (Apple System Log/Apple, Inc.) 0x00C30000 Library D:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTune sHelperLocalized.DLL (iTunesHelper Resource Library/Apple Inc.) 0x01160000 Library D:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.D LL (iTunesHelper Resource Library/Apple Inc.) 0x01190000 Library D:\Program Files\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.) 0x66800000 Library D:\Program Files\QuickTime\QTSystem\QTCF.dll (QuickTime CoreFoundation/Apple Inc.) 0x686A0000
|
|
#21
March 4th, 2011, 06:06 AM
|
|||
|
|||
|
Library D:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL (CFNetwork/Apple, Inc.) 0x01930000
Library D:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll (SQLite3 Dynamic Link Library/Apple Inc.) 0x019D0000 Library D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 0x01A50000 Library D:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll (iTunesMobileDevice/Apple Inc.) 0x07C80000 Process D:\PROGRA~1\Yahoo!\browser\ycommon.exe (YCommon Exe Module/Yahoo!, Inc.) 2000 Library D:\PROGRA~1\Yahoo!\browser\ycommon.exe (YCommon Exe Module/Yahoo!, Inc.) 0x00400000 Library D:\PROGRA~1\Yahoo!\browser\YCommon.Dll (YCommon/Yahoo!, inc.) 0x64000000 Library D:\Program Files\Yahoo!\browser\YCommonPS.dll 0x10000000 Process D:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 2484 Library D:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 0x00400000 Library D:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPod ServiceLocalized.DLL (iPodService Resource Library (32-bit)/Apple Inc.) 0x10000000 Library D:\Program Files\iPod\bin\iPodService.Resources\iPodService.D LL (iPodService Resource Library (32-bit)/Apple Inc.) 0x008D0000 Process D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 2648 Library D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 0x00400000 Library D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x10000000 Library D:\Program Files\Mozilla Firefox\sqlite3.dll (SQLite Database Library/sqlite.org) 0x00270000 Library D:\Program Files\Mozilla Firefox\MOZCRT19.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Mozilla Foundation) 0x78130000 Library D:\Program Files\Mozilla Firefox\js3250.dll 0x002F0000 Library D:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x004E0000 Library D:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x00520000 Library D:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x00540000 Library D:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x005E0000 Library D:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x003F0000 Library D:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x00600000 Library D:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x00610000 Library D:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Library D:\Program Files\Mozilla Firefox\MOZCPP19.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Mozilla Foundation) 0x7C420000 Library D:\Program Files\Mozilla Firefox\xpcom.dll (Mozilla Foundation) 0x00640000 Library D:\Program Files\Mozilla Firefox\components\browserdirprovider.dll (Mozilla Foundation) 0x011E0000 Library D:\Program Files\Mozilla Firefox\components\brwsrcmp.dll (Mozilla Foundation) 0x01C10000 Library D:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000 Library D:\Program Files\Mozilla Firefox\softokn3.dll (NSS PKCS #11 Library/Mozilla Foundation) 0x04A00000 Library D:\Program Files\Mozilla Firefox\nssdbm3.dll (Legacy Database Driver/Mozilla Foundation) 0x04A30000 Library D:\Program Files\Mozilla Firefox\freebl3.dll (NSS freebl Library/Mozilla Foundation) 0x04A50000 Library D:\Program Files\Mozilla Firefox\nssckbi.dll (NSS Builtin Trusted Root CAs/Mozilla Foundation) 0x04AA0000 Library D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll 0x07B10000 Process D:\Program Files\Mozilla Firefox\plugin-container.exe (Plugin Container for Firefox/Mozilla Corporation) 3140 Library D:\Program Files\Mozilla Firefox\plugin-container.exe (Plugin Container for Firefox/Mozilla Corporation) 0x00400000 Library D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x10000000 Library D:\Program Files\Mozilla Firefox\sqlite3.dll (SQLite Database Library/sqlite.org) 0x00270000 Library D:\Program Files\Mozilla Firefox\MOZCRT19.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Mozilla Foundation) 0x78130000 Library D:\Program Files\Mozilla Firefox\js3250.dll 0x002F0000 Library D:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x00410000 Library D:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x00450000 Library D:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x00470000 Library D:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x00510000 Library D:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x003F0000 Library D:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x00530000 Library D:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x00540000 Library D:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Library D:\Program Files\Mozilla Firefox\MOZCPP19.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Mozilla Foundation) 0x7C420000 Library D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll 0x00EC0000 Process D:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 3516 Library D:\WINDOWS\System32\strmfilt.dll (Stream Filter Library/Microsoft Corporation) 0x6F290000 ---- Services - GMER 1.0.15 ---- Service D:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura WDM 3D Audio Driver/Sensaura Ltd) [MANUAL] ALCXSENS Service D:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) [MANUAL] ALCXWDM Service D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device Service Avg Service D:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service Service D:\ComboFix\catchme.sys [MANUAL] catchme Service D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService. exe (DTSCoordinator/Dassault Systèmes SolidWorks Corp.) [MANUAL] CoordinatorServiceHost Service [MANUAL] EagleNT Service D:\WINDOWS\system32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) [MANUAL] FETNDIS Service D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Activation Licensing Service/Macrovision Europe Ltd.) [MANUAL] FLEXnet Licensing Service Service D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM Service D:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service Service D:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService Service D:\WINDOWS\system32\drivers\Mkd2kfNt.sys (MyKeyDefense Keyboard Filter Driver/AhnLab, Inc.) [MANUAL] Mkd2kfNt Service D:\WINDOWS\system32\drivers\Mkd2Nadr.sys (MyKeyDefense USB Keyboard Filter Driver/AhnLab, Inc.) [MANUAL] Mkd2Nadr Service MSDTC Bridge 3.0.0.0 Service [MANUAL] npkcrypt Service D:\MSC.Software\Patran\2010.1.2\Filemanager\exe\WI NNT\pmapsvc.exe [AUTO] PowerRPC Portmapper Service D:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink Service D:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20 Service D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (StandAloneSlv Module/Mentor Graphics Corporation) [AUTO] Remote Solver for Flow Simulation 2009 Service (PowerISO Virtual Drive/PowerISO Computing, Inc.) [SYSTEM] SCDEmu Service D:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service D:\MSC.Software\Patran\2010.1.2\Filemanager\exe\WI NNT\smdl_fm_server.exe (smdl_fm_server Application/MSC.Software Corporation.) [AUTO] smdl_fm_server Service SMSvcHost 3.0.0.0 Service D:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (System Level Service Utility/SolidWorks) [MANUAL] SolidWorks Licensing Service Service D:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL Service D:\WINDOWS\system32\DRIVERS\vtmini.sys (VIA/S3G Miniport Driver/Copyright (C) VIA/S3 Graphics Co, Ltd.) [MANUAL] viagfx Service D:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde Service Windows Workflow Foundation 3.0.0.0 ---- EOF - GMER 1.0.15 ----
|
|
#22
March 5th, 2011, 02:41 AM
|
||||
|
||||
|
No malware in that view. The system has some softwares I know little about, or how they might interact with other softwares - SolidWorks, Patran. Even if they have been there for quite a while, and no recent changes, I would not be able to assess how they may/may not be involved. They are for a home computer? Same with Bitvise Tunnelier. I see it is for faster/efficient file transferring, running at startup, but not sure of it's uses (would hope not file swapping) or issues.
If malware made unknown changes that is impacting those programs, it would be difficult to spot. The logs show game use, nProtect's GameGuard copyright security, installed by same game used there, and a drive emulation software, which again is often used to play games (though perhaps not original cd copies). Let's do a different type of check. One method to mention that would bring large scale system corrections is to install the SP3 upgrade, which may be just the ticket. Go here and download reglooks.exe to your Desktop. Doubleclick on it to run it and when it has finished scanning, a log named result.txt will open in Notepad. Copy the log and post it in this thread.
|
|
#23
March 5th, 2011, 03:30 AM
|
|||
|
|||
|
Those two programs I use at home. It needs a license to use. The bitvise tunnelier allows me to access those program at home without being at school.
REGLOOKS logfile - version 0.988 Scan started: Fri 03/04/2011 18:21:46.96 --- INFORMATION --- Manufacturer: P4M80P - Model: AWRDACPI Operating System: Microsoft Windows XP Professional -- 5.1.2600 -- Service Pack 2 -- Install Date: 10/12/2006 6:27:27 PM Last Boot: 3/4/2011 6:18:26 PM Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz Work Station Bootmode: Normal boot Total RAM: 1982 MB (free 1548 MB - 78%) Computername: USER-2561BA0F00 Domain: MSHOME User: user (Administrator account) Local Disk: C:\ - NTFS - 19 GB (free 0 GB) Local Disk: D:\ - NTFS - 18 GB (free 4 GB) CD \ DVD Drive: E:\ CD \ DVD Drive: F:\ Bootdevice: \Device\HarddiskVolume1 Systemdrive: D: Windowsdirectory: D:\WINDOWS Systemdirectory: D:\WINDOWS\system32 Internet Explorer Version: 8.0.6001.18702 Windows update: Antivirus Program: AVG Internet Security 2011 10.0 [Enabled - Updated] Firewall: AVG Firewall 10.0 [Not Enabled] DEP: ONN - DEP is enabled for a limited number of binaries, the kernel, and all Windows-based services --- System Restore Points --- Restorepoint 299: 3/4/2011 6:14:29 AM - First run - System Checkpoint --- SIGCHECK --- D:\WINDOWS\explorer.exe -- [1032192] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\appmgmts.dll -- [167936] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\browser.dll -- [77312] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\comres.dll -- [792064] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\comctl32.dll -- [611328] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\cryptsvc.dll -- [60416] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ctfmon.exe -- [15360] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\es.dll -- [243200] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\eventlog.dll -- [55808] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ias.dll NOT found D:\WINDOWS\system32\imm32.dll -- [110080] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\kernel32.dll -- [983552] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\linkinfo.dll -- [18944] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\lpk.dll -- [22016] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\lsass.exe -- [13312] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\mfc40u.dll -- [924432] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\msgsvc.dll -- [33792] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\mshtml.dll -- [5937152] -- [03/08/2009 03:41 AM] -- sigcheck OK D:\WINDOWS\system32\mspmsnsv.dll -- [25088] -- [01/28/2005 01:44 PM] -- sigcheck OK D:\WINDOWS\system32\mswsock.dll -- [245248] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\netlogon.dll -- [407040] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\netman.dll -- [198144] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ntkrnlpa.exe -- [2056832] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ntmssvc.dll -- [435200] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ntoskrnl.exe -- [2180992] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\pchsvc.dll NOT found D:\WINDOWS\system32\powrprof.dll -- [17408] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\qmgr.dll -- [382464] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\rasauto.dll -- [89088] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\regsvc.dll -- [59904] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\rpcss.dll -- [399360] -- [09/20/2006 03:40 AM] -- sigcheck OK D:\WINDOWS\system32\scecli.dll -- [180224] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\schedsvc.dll -- [190976] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\services.exe -- [108032] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\sfc.dll -- [5120] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\sfcfiles.dll -- [1580544] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\spoolsv.exe -- [57856] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\srsvc.dll -- [170496] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ssdpsrv.dll -- [71680] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\svchost.exe -- [14336] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\tapisrv.dll -- [246272] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\termsrv.dll -- [295424] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\upnphost.dll -- [185344] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\user32.dll -- [577024] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\userinit.exe -- [24576] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\wininet.dll -- [914944] -- [03/08/2009 03:34 AM] -- sigcheck OK D:\WINDOWS\system32\winlogon.exe -- [502272] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ws2_32.dll -- [82944] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\wscntfy.exe -- [13824] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\wuauclt.exe -- [111104] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\xmlprov.dll -- [129536] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\acpiec.sys -- [11648] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\aec.sys -- [142464] -- [08/03/2004 09:39 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\asyncmac.sys -- [14336] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\atapi.sys -- [95360] -- [01/17/2010 02:11 AM] -- sigcheck OK D:\WINDOWS\system32\drivers\beep.sys -- [4224] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\classpnp.sys -- [49664] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\disk.sys -- [36352] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\iaStor.sys NOT found D:\WINDOWS\system32\drivers\ip6fw.sys -- [29056] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\kbdclass.sys -- [24576] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\ndis.sys -- [182912] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\ntfs.sys -- [574592] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\tcpip.sys -- [359040] -- [08/03/2004 05:07 PM] -- sigcheck OK --- SSODL regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\shell32.dll -- [?] "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?] "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: %Systemroot%\system32\webcheck.dll -- [?] "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: %systemroot%\system32\stobject.dll -- [?] --- STS regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" -- File: %SystemRoot%\system32\browseui.dll -- [?] "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" -- File: %SystemRoot%\system32\browseui.dll -- [?] --- USERINIT regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="D:\\WINDOWS\\system32\\userinit.ex e," File: D:\WINDOWS\system32\userinit.exe -- [24576] -- [08/03/2004 05:07 PM] --- SHELL regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="Explorer.exe" File: D:\WINDOWS\Explorer.exe -- [1032192] -- [08/03/2004 05:07 PM] --- SYSTEM regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" --- APPINIT_DLLS regkey --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "RequireSignedAppInit_DLLs"=dword:00000001 "AppInit_DLLs"="" --- NOTIFY regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] -- File: D:\WINDOWS\system32\crypt32.dll -- [597504] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] -- File: D:\WINDOWS\system32\cryptnet.dll -- [63488] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] -- File: D:\WINDOWS\system32\cscdll.dll -- [101888] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] -- File: D:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] -- File: D:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] -- File: D:\WINDOWS\system32\sclgntfy.dll -- [20992] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] -- File: D:\WINDOWS\system32\WlNotify.dll -- [92672] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] -- File: D:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] -- File: D:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/03/2004 05:07 PM] --- RUN / LOAD regkeys --- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] "Run"="" "Load"="" --- SHELLEXECUTEHOOKS regkey --- [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?] --- HKLM AUTORUN regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor] no AutoRun regkey found --- HKCU AUTORUN regkeys --- [HKEY_CURRENT_USER\Software\Microsoft\Command Processor] no AutoRun regkey found --- HKLM\RUN regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "VTTimer" -- File: VTTimer.exe -- [?] "VTTrayp" -- File: VTtrayp.exe -- [?] "SoundMan" -- File: SOUNDMAN.EXE -- [?] "WinampAgent" -- File "D:\Program Files\Winamp\winampa.exe" -- [74752] -- [07/12/2010 08:32 AM] "YBrowser" -- File D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe -- [57344] -- [12/09/2003 01:02 PM] "SolidWorks_CheckForUpdates" -- File: "D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler -- [?] "Adobe Reader Speed Launcher" -- File "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" -- [35760] -- [09/23/2010 04:47 AM] "Adobe ARM" -- File "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" -- [932288] -- [09/20/2010 11:07 PM] "QuickTime Task" -- File: "D:\Program Files\QuickTime\QTTask.exe" -atboottime -- [?] "iTunesHelper" -- File "D:\Program Files\iTunes\iTunesHelper.exe" -- [421160] -- [11/17/2010 08:59 PM] --- HKLM\RUNONCE regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] no runonce values found --- HKLM\RUNONCEEX regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx] no runonceex values found --- HKLM\RUNSERVICES regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices] key not found --- HKLM\RUNSERVICESONCE regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce] key not found --- HKCU\RUN regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] no run values found --- HKCU\RUNONCE regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce] no runonce values found --- HKCU\RUNONCEEX regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnceEx] key not found --- HKCU\RUNSERVICES regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices] no runservices values found --- HKCU\RUNSERVICESONCE regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce] no runservicesonce values found --- HKU\.DEFAULT\Run regkeys - Default user --- [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run] no run values found --- HKU\S-1-5-18\Run regkeys - user SYSTEM --- [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] no run values found --- HKU\S-1-5-19\Run regkeys - User Lokale service --- [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] key not found --- HKU\S-1-5-20\Run regkeys - User Lokale service --- [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] key not found --- HKLM\Explorer\Run regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run] no run values found --- HKCU\Explorer\Run regkeys --- [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run] no run values found --- Image File Execution regkeys --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] no debuggers found --- BROWSER HELPER OBJECTS regkeys --- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] -- File: D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll -- [1205560] -- [03/22/2010 11:51 PM] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] -- File: D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll -- [75200] -- [09/22/2010 06:04 PM] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] -- CLSID not found [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -- File: D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll -- [403840] -- [08/18/2009 11:32 AM] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -- File: D:\Program Files\Java\jre6\bin\jp2ssv.dll -- [41760] -- [03/21/2010 06:24 PM] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] -- File: D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll -- [79648] -- [03/21/2010 06:24 PM] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] -- File: D:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInsta nce.dll -- [158520] -- [03/22/2010 11:51 PM] --- TOOLBAR regkeys --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} -- File: D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll -- [1205560] -- [03/22/2010 11:51 PM] --- HKLM\URLSEARCHHOOKS regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks] no urlsearchhooks found --- HKCU\URLSEARCHHOOKS regkeys --- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] {CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: D:\WINDOWS\system32\ieframe.dll -- [11063808] -- [03/08/2009 03:39 AM] --- SRCEENSAVER regkey --- [HKEY_CURRENT_USER\Control Panel\Desktop] scrnsave.exe value not found --- ALTERNATESHELL regkey --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot] File: D:\WINDOWS\system32\cmd.exe -- [388608] -- [08/03/2004 05:07 PM] --- SECURITYPROVIDERS regkey --- [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" File: D:\WINDOWS\system32\msapsspc.dll -- [86016] -- [08/03/2004 05:07 PM] File: D:\WINDOWS\system32\schannel.dll -- [144896] -- [08/03/2004 05:07 PM] File: D:\WINDOWS\system32\digest.dll -- [68608] -- [08/03/2004 05:07 PM] File: D:\WINDOWS\system32\msnsspc.dll -- [290816] -- [08/03/2004 05:07 PM] --- Active Setup\Installed Components regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] -- File: D:\WINDOWS\system32\ieudinit.exe -- [36864] -- [03/08/2009 03:32 AM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] -- File: D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -- File: "D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] -- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] -- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0430454D-47EA-11D6-AD58-00010333D0AD}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1803B9EF-9905-4F34-AFC4-05D1BAB28801}] -- filepath not found
|
|
#24
March 5th, 2011, 03:30 AM
|
|||
|
|||
|
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{231B1C6E-F934-42A2-92B6-C2FEFEC24276}]
-- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{34C70B70-8FFF-4179-A2EB-0819FFA38126}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{362A5D5E-1BF6-4CA7-87B4-B6686F3C1BEF}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3B85F91B-93D4-D9F4-169D-4B42544ECA65}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -- File: rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser .NT -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4DAEE2D4-A471-42AC-97A2-4C2A79C77648}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4EC8E993-32C1-47F5-A07A-5B0574655AD4}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] -- File: rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5AD5FC59-CC80-698E-E291-E4A0389AAFD2}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -- File: rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmp.inf,PerUserStub -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{75A1F9FF-DC5E-9F56-9301-2994CF977385}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{81EB8B7D-1E2B-D6F2-949A-65B878177282}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{83A51245-6564-B827-EA47-6EBAFBE108B2}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] -- File: regsvr32.exe /s /n /i:U shell32.dll -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] -- File: D:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] -- File: D:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -- File: D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{924C1588-90C3-4910-B6CA-D57A1C0418FE}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{944D7BBB-EA1D-43EB-B49F-F517CF2B6C9D}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A17E30C4-A9BA-11D4-8673-60DB54C10000}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A33CDC24-5A55-8E74-22DF-ED45E2B60C9D}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AA218328-0EA8-4D70-8972-E987A9190FF4}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CDD230C6-496C-30BD-7040-EDC063304E0F}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CE734E0A-D6D3-4A92-AF9F-499BE87A025C}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4686B28-47A3-4BE9-3FC4-993235964480}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F53CE5EC-1CD8-41EB-A220-F8EA247E3A06}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F6E296E0-BCCA-0F90-E755-F32F44DC0B6F}] -- filepath not found --- Services regkey --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\abp480n5] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\adpu160m] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aec] -- File: system32\drivers\aec.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aic78u2] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aic78xx] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\amsint] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\asc] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\asc3350p] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\asc3550] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aspnet_state] -- File: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\as pnet_state.exe -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\atapi] -- File: system32\DRIVERS\atapi.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\audstub] -- File: system32\DRIVERS\audstub.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Avg] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CoordinatorServiceHost] -- File: "D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService. exe" -- [83240] -- [03/19/2009 11:31 AM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\i2omgmt] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\i2omp] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\i8042prt] -- File: system32\DRIVERS\i8042prt.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\idsvc] -- File: "D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windo ws Communication Foundation\infocard.exe" -- [881664] -- [07/29/2008 06:24 PM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\inetaccs] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ini910u] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\intelppm] -- File: system32\DRIVERS\intelppm.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\iPod Service] -- File: "D:\Program Files\iPod\bin\iPodService.exe" -- [820008] -- [11/17/2010 08:58 PM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\isapnp] -- File: system32\DRIVERS\isapnp.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\JavaQuickStarterService] -- File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Mkd2kfNt] -- File: system32\drivers\Mkd2kfNt.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Mkd2Nadr] -- File: system32\drivers\Mkd2Nadr.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetTcpPortSharing] -- File: "D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windo ws Communication Foundation\SMSvcHost.exe" -- [132096] -- [07/29/2008 06:16 PM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\npkcrypt] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Remote Solver for Flow Simulation 2009] -- File: D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- [214312] -- [02/05/2009 05:12 PM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ultra] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\upnphost] -- File: %SystemRoot%\system32\svchost.exe -k LocalService -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbehci] -- File: system32\DRIVERS\usbehci.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbhub] -- File: system32\DRIVERS\usbhub.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbuhci] -- File: system32\DRIVERS\usbuhci.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\VXD] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wlidsvc] -- File: "D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" -- [1529728] -- [08/18/2009 11:29 AM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{5D4F1DB5-B768-421B-99C6-A98AA06D1D1F}] -- filepath not found --- SAFEBOOT MINIMAL SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal no unknown services found --- SAFEBOOT Network SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network DnsCache {1a3e09be-1e45-494b-9174-d7385b45bbf5} --- BOOTEXECUTE regkey --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager] "BootExecute"= autocheck autochk *\0\0 --- PENDINGFILERENAMEOPERATIONS regkey --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager] PendingFileRenameOperations key not found --- WOW-CMDLINE regkeys --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\WOW] "cmdline" = %SystemRoot%\system32\ntvdm.exe "cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 --- NETSVCS regkey --- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NETSVCS 0WmdmPmSN --- DNS SERVER regkeys --- no "NameServer" values found --- HKCU SEARCHSCOPE --- DefaultScope= {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL REG_SZ http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{16d8854a-0316-617f-da9e-df084c1364b6} URL REG_SZ http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e} URL REG_SZ http://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=&src=crm&q={searchTe rms}&locale= HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} URL REG_SZ http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7SHCN_en HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{ebd3e3d6-df57-498e-9252-f58a253255fb} URL REG_SZ http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20101252,6901, 0,8,0 --- HKLM SEARCHSCOPE --- DefaultScope= {6A1806CD-94D4-4689-BA73-E35EA1EA9990} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL REG_SZ http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? } HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} URL REG_SZ http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 --- File associations --- .BAT files: ("%1" %*) .COM files: ("%1" %*) .EXE files: ("%1" %*) .HLP files: (%SystemRoot%\System32\winhlp32.exe %1) .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .INI files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*) .PIF files: ("%1" %*) .REG files: (regedit.exe "%1") .SCR files: ("%1" /S) .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*) --- STARTUP FOLDERS --- D:\Documents and Settings\user\Start Menu\Programs\Startup\desktop.ini -- [84] -- [10/12/2006 05:24 PM] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -- [84] -- [10/12/2006 05:24 PM] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -- [1730] -- [10/13/2006 03:26 PM] --- TASK SCHEDULER JOBS --- D:\WINDOWS\tasks\AppleSoftwareUpdate.job -- [284] -- [12/28/2010 04:49 PM] Scan completed: Fri 03/04/2011 18:22:43.81 FINISHED
|
|
#25
March 5th, 2011, 04:24 AM
|
||||
|
||||
|
There is a type of rootkit, though not all that well documented, that has been posing as some AVG drivers, and this log shows a service it uses. Maybe - just not all that well documented. AVG signs have shown sporadically throughout these posted logs. Not real sure of it's status there, but for now, we need to remove whatever part of it we can. Then check after.
Go here and download and run the AVG uninstaller file shown below. AVG Remover(32bit) 2011 (avg_remover_stf_x86_2011_1184.exe) Reboot after, then run a new Gmer "Options - Only non MS files" scan and a new RegLooks scan, and post those logs please. The AVG uninstaller will also create a log in the same location as the installer file. It will be too large to post here, so zip a copy of it, then just send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files -Super48/cth/avg" as the email Subject.
|
|
#26
March 5th, 2011, 04:48 AM
|
|||
|
|||
|
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-04 19:39:45 Windows 5.1.2600 Service Pack 2 Running: 5g69fen6.exe; Driver: D:\DOCUME~1\user\LOCALS~1\Temp\afpoypod.sys ---- Modules - GMER 1.0.15 ---- Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F798B000-F798D000 (8192 bytes) Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F7647000-F7651000 (40960 bytes) Module \SystemRoot\system32\DRIVERS\vtmini.sys (VIA/S3G Miniport Driver/Copyright (C) VIA/S3 Graphics Co, Ltd.) B9F8D000-B9FC7000 (237568 bytes) Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) F77FF000-F7805000 (24576 bytes) Module \SystemRoot\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) B9EA0000-B9F33000 (602112 bytes) Module \SystemRoot\system32\drivers\ALCXSENS.SYS (Sensaura WDM 3D Audio Driver/Sensaura Ltd) B9E1C000-B9E7C000 (393216 bytes) Module \SystemRoot\system32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) F7817000-F781E000 (28672 bytes) Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F7757000-F775C000 (20480 bytes) Module \SystemRoot\System32\vtdisp.dll (VIA/S3G Graphics Driver/VIA/S3 Graphics Co, Ltd.) BF9D3000-BFD29000 (3497984 bytes) Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes) Module \??\D:\DOCUME~1\user\LOCALS~1\Temp\afpoypod.sys (GMER) AB757000-AB76F000 (98304 bytes) ---- Processes - GMER 1.0.15 ---- Process D:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 388 Library D:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 0x00400000 Process D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 528 Library D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 0x00400000 Library D:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll (Apple System Log/Apple, Inc.) 0x10000000 Library D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll (Apple Mobile Device Service/Apple Inc.) 0x00600000 Library D:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.) 0x00640000 Library D:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project) 0x00720000 Library D:\Program Files\Common Files\Apple\Apple Application Support\objc.dll (Objective-C Runtime Library/Apple Inc.) 0x00730000 Library D:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll (Dispatch Runtime Library/Apple Inc.) 0x00760000 Library D:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll (IBM ICU I18N DLL/IBM Corporation and others) 0x00780000 Library D:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll (IBM ICU Common DLL/IBM Corporation and others) 0x00890000 Library D:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000 Process D:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 620 Library D:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000 Process D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (StandAloneSlv Module/Mentor Graphics Corporation) 888 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (StandAloneSlv Module/Mentor Graphics Corporation) 0x00400000 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\FwProxy.dll (Proxy Dynamic Link Library/Mentor Graphics Corporation) 0x10000000 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\Fwconst.dll (FWConst/Mentor Graphics Corporation) 0x006D0000 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\NIKPlatformClientInterfacesImpl. dll (FWConst/Mentor Graphics Corporation) 0x00810000 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\NGP_Utils.dll (NGP_Utils/Mentor Graphics Corporation) 0x00980000 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\NGP_System.dll (NGP_System/Mentor Graphics Corporation) 0x009D0000 Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\NIKEvalExpressions.dll (NIKEvalExpressions DLL/Mentor Graphics Corporation) 0x00A10000 Process D:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 940 Library D:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000 Process D:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1036 Library D:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000 Process D:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1488 Library D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000 Process D:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1592 Library D:\WINDOWS\system32\hpzlnt04.dll (HP) 0x10000000 Library D:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpi pelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000 Library D:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000 Process D:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.) 1680 Library D:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.) 0x00400000 Process D:\WINDOWS\system32\VTtrayp.exe (s3contrl (32-bit)/S3 Graphics Co., Ltd.) 1688 Library D:\WINDOWS\system32\VTtrayp.exe (s3contrl (32-bit)/S3 Graphics Co., Ltd.) 0x00400000 Library D:\WINDOWS\system32\VTDisply.dll (S3 multi-chip display switch utility (32-bit)/S3 Graphics Co., Ltd.) 0x6BB00000 Library D:\WINDOWS\system32\VTGamma2.dll (S3Gamma Plus (32-bit)/S3 Graphics Co., Ltd.) 0x6BE00000 Library D:\WINDOWS\system32\VTInfo2.dll (S3 Graphics Display Adapter Information Utility (32-bit)/S3 Graphics Co., Ltd.) 0x6C000000 Library D:\WINDOWS\system32\VTOvrlay.dll (S3ColorPus/S3Overlay Utility/S3 Graphics Co., Ltd.) 0x6C200000 Process D:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 1704 Library D:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 0x00400000 Process D:\Program Files\Winamp\winampa.exe (Winamp Agent/Nullsoft, Inc.) 1712 Library D:\Program Files\Winamp\winampa.exe (Winamp Agent/Nullsoft, Inc.) 0x00400000 Process D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (YBrwIcon/Yahoo!, Inc.) 1720 Library D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (YBrwIcon/Yahoo!, Inc.) 0x00400000 Library D:\Program Files\Yahoo!\browser\YBrwRes.dll (YBrwRes/Yahoo!, Inc.) 0x20000000 Library D:\Program Files\Yahoo!\browser\YCommonPS.dll 0x10000000 Process D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (sldIM/Dassault Systèmes SolidWorks Corp.) 1732 Library D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (sldIM/Dassault Systèmes SolidWorks Corp.) 0x00400000 Library D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\lang\english\sldIMResu.dll (sldIMresu/Dassault Systèmes SolidWorks Corp.) 0x10000000 Process D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Acrobat SpeedLauncher/Adobe Systems Incorporated) 1804 Library D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Acrobat SpeedLauncher/Adobe Systems Incorporated) 0x00400000
|
|
#27
March 5th, 2011, 04:49 AM
|
|||
|
|||
|
Process D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Reader and Acrobat Manager/Adobe Systems Incorporated) 1820
Library D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Reader and Acrobat Manager/Adobe Systems Incorporated) 0x00400000 Process D:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 1844 Library D:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 0x00400000 Library D:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPod ServiceLocalized.DLL (iPodService Resource Library (32-bit)/Apple Inc.) 0x10000000 Library D:\Program Files\iPod\bin\iPodService.Resources\iPodService.D LL (iPodService Resource Library (32-bit)/Apple Inc.) 0x008D0000 Process D:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.) 1856 Library D:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.) 0x00400000 Library D:\Program Files\iTunes\iTunesHelper.dll (iTunesHelper DLL/Apple Inc.) 0x10000000 Library D:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.) 0x008E0000 Library D:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project) 0x009C0000 Library D:\Program Files\Common Files\Apple\Apple Application Support\objc.dll (Objective-C Runtime Library/Apple Inc.) 0x009D0000 Library D:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll (Dispatch Runtime Library/Apple Inc.) 0x00A00000 Library D:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll (IBM ICU I18N DLL/IBM Corporation and others) 0x00A20000 Library D:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll (IBM ICU Common DLL/IBM Corporation and others) 0x00B30000 Library D:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000 Library D:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll (Apple System Log/Apple, Inc.) 0x00C30000 Library D:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTune sHelperLocalized.DLL (iTunesHelper Resource Library/Apple Inc.) 0x01160000 Library D:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.D LL (iTunesHelper Resource Library/Apple Inc.) 0x01190000 Library D:\Program Files\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.) 0x66800000 Library D:\Program Files\QuickTime\QTSystem\QTCF.dll (QuickTime CoreFoundation/Apple Inc.) 0x686A0000 Library D:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL (CFNetwork/Apple, Inc.) 0x01930000 Library D:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll (SQLite3 Dynamic Link Library/Apple Inc.) 0x019D0000 Library D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 0x01A50000 Library D:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll (iTunesMobileDevice/Apple Inc.) 0x07C80000 Process D:\PROGRA~1\Yahoo!\browser\ycommon.exe (YCommon Exe Module/Yahoo!, Inc.) 1928 Library D:\PROGRA~1\Yahoo!\browser\ycommon.exe (YCommon Exe Module/Yahoo!, Inc.) 0x00400000 Library D:\PROGRA~1\Yahoo!\browser\YCommon.Dll (YCommon/Yahoo!, inc.) 0x64000000 Library D:\Program Files\Yahoo!\browser\YCommonPS.dll 0x10000000 Process D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 2624 Library D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 0x00400000 Library D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x10000000 Library D:\Program Files\Mozilla Firefox\sqlite3.dll (SQLite Database Library/sqlite.org) 0x00270000 Library D:\Program Files\Mozilla Firefox\MOZCRT19.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Mozilla Foundation) 0x78130000 Library D:\Program Files\Mozilla Firefox\js3250.dll 0x002F0000 Library D:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x004E0000 Library D:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x00520000 Library D:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x00540000 Library D:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x005E0000 Library D:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x003F0000 Library D:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x00600000 Library D:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x00610000 Library D:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Library D:\Program Files\Mozilla Firefox\MOZCPP19.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Mozilla Foundation) 0x7C420000 Library D:\Program Files\Mozilla Firefox\xpcom.dll (Mozilla Foundation) 0x00640000 Library D:\Program Files\Mozilla Firefox\components\browserdirprovider.dll (Mozilla Foundation) 0x011E0000 Library D:\Program Files\Mozilla Firefox\components\brwsrcmp.dll (Mozilla Foundation) 0x01C10000 Library D:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000 Library D:\Program Files\Mozilla Firefox\softokn3.dll (NSS PKCS #11 Library/Mozilla Foundation) 0x03650000 Library D:\Program Files\Mozilla Firefox\nssdbm3.dll (Legacy Database Driver/Mozilla Foundation) 0x03680000 Library D:\Program Files\Mozilla Firefox\freebl3.dll (NSS freebl Library/Mozilla Foundation) 0x036A0000 Library D:\Program Files\Mozilla Firefox\nssckbi.dll (NSS Builtin Trusted Root CAs/Mozilla Foundation) 0x042A0000 Library D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll 0x05E00000 Process D:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2944 Library D:\WINDOWS\System32\strmfilt.dll (Stream Filter Library/Microsoft Corporation) 0x6F290000 Process D:\Program Files\Mozilla Firefox\plugin-container.exe (Plugin Container for Firefox/Mozilla Corporation) 3652 Library D:\Program Files\Mozilla Firefox\plugin-container.exe (Plugin Container for Firefox/Mozilla Corporation) 0x00400000 Library D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x10000000 Library D:\Program Files\Mozilla Firefox\sqlite3.dll (SQLite Database Library/sqlite.org) 0x00270000 Library D:\Program Files\Mozilla Firefox\MOZCRT19.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Mozilla Foundation) 0x78130000 Library D:\Program Files\Mozilla Firefox\js3250.dll 0x002F0000 Library D:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x00410000 Library D:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x00450000 Library D:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x00470000 Library D:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x00510000 Library D:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x003F0000 Library D:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x00530000 Library D:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x00540000 Library D:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Library D:\Program Files\Mozilla Firefox\MOZCPP19.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Mozilla Foundation) 0x7C420000 Library D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll 0x00EC0000 Process D:\Documents and Settings\user\Desktop\5g69fen6.exe 3820 Library D:\Documents and Settings\user\Desktop\5g69fen6.exe 0x00400000 ---- Services - GMER 1.0.15 ---- Service D:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura WDM 3D Audio Driver/Sensaura Ltd) [MANUAL] ALCXSENS Service D:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) [MANUAL] ALCXWDM Service D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device Service D:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service Service D:\ComboFix\catchme.sys [MANUAL] catchme Service D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService. exe (DTSCoordinator/Dassault Systèmes SolidWorks Corp.) [MANUAL] CoordinatorServiceHost Service [MANUAL] EagleNT Service D:\WINDOWS\system32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) [MANUAL] FETNDIS Service D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Activation Licensing Service/Macrovision Europe Ltd.) [MANUAL] FLEXnet Licensing Service Service D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM Service D:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service Service D:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService Service D:\WINDOWS\system32\drivers\Mkd2kfNt.sys (MyKeyDefense Keyboard Filter Driver/AhnLab, Inc.) [MANUAL] Mkd2kfNt Service D:\WINDOWS\system32\drivers\Mkd2Nadr.sys (MyKeyDefense USB Keyboard Filter Driver/AhnLab, Inc.) [MANUAL] Mkd2Nadr Service MSDTC Bridge 3.0.0.0 Service [MANUAL] npkcrypt Service D:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink Service D:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20 Service D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (StandAloneSlv Module/Mentor Graphics Corporation) [AUTO] Remote Solver for Flow Simulation 2009 Service D:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service SMSvcHost 3.0.0.0 Service D:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (System Level Service Utility/SolidWorks) [MANUAL] SolidWorks Licensing Service Service D:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL Service D:\WINDOWS\system32\DRIVERS\vtmini.sys (VIA/S3G Miniport Driver/Copyright (C) VIA/S3 Graphics Co, Ltd.) [MANUAL] viagfx Service D:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde Service Windows Workflow Foundation 3.0.0.0 ---- EOF - GMER 1.0.15 ----
|
|
#28
March 5th, 2011, 04:51 AM
|
|||
|
|||
|
REGLOOKS logfile - version 0.988
Scan started: Fri 03/04/2011 19:40:18.42 --- INFORMATION --- Manufacturer: P4M80P - Model: AWRDACPI Operating System: Microsoft Windows XP Professional -- 5.1.2600 -- Service Pack 2 -- Install Date: 10/12/2006 6:27:27 PM Last Boot: 3/4/2011 7:35:19 PM Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz Work Station Bootmode: Normal boot Total RAM: 1982 MB (free 1555 MB - 78%) Computername: USER-2561BA0F00 Domain: MSHOME User: user (Administrator account) Local Disk: C:\ - NTFS - 19 GB (free 0 GB) Local Disk: D:\ - NTFS - 18 GB (free 7 GB) CD \ DVD Drive: E:\ CD \ DVD Drive: F:\ Bootdevice: \Device\HarddiskVolume1 Systemdrive: D: Windowsdirectory: D:\WINDOWS Systemdirectory: D:\WINDOWS\system32 Internet Explorer Version: 8.0.6001.18702 Windows update: Antivirus Program: AVG Internet Security 2011 10.0 [Enabled - Updated] Firewall: AVG Firewall 10.0 [Not Enabled] DEP: ONN - DEP is enabled for a limited number of binaries, the kernel, and all Windows-based services --- System Restore Points --- No System Restore Points available. --- SIGCHECK --- D:\WINDOWS\explorer.exe -- [1032192] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\appmgmts.dll -- [167936] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\browser.dll -- [77312] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\comres.dll -- [792064] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\comctl32.dll -- [611328] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\cryptsvc.dll -- [60416] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ctfmon.exe -- [15360] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\es.dll -- [243200] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\eventlog.dll -- [55808] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ias.dll NOT found D:\WINDOWS\system32\imm32.dll -- [110080] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\kernel32.dll -- [983552] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\linkinfo.dll -- [18944] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\lpk.dll -- [22016] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\lsass.exe -- [13312] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\mfc40u.dll -- [924432] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\msgsvc.dll -- [33792] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\mshtml.dll -- [5937152] -- [03/08/2009 03:41 AM] -- sigcheck OK D:\WINDOWS\system32\mspmsnsv.dll -- [25088] -- [01/28/2005 01:44 PM] -- sigcheck OK D:\WINDOWS\system32\mswsock.dll -- [245248] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\netlogon.dll -- [407040] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\netman.dll -- [198144] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ntkrnlpa.exe -- [2056832] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ntmssvc.dll -- [435200] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ntoskrnl.exe -- [2180992] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\pchsvc.dll NOT found D:\WINDOWS\system32\powrprof.dll -- [17408] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\qmgr.dll -- [382464] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\rasauto.dll -- [89088] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\regsvc.dll -- [59904] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\rpcss.dll -- [399360] -- [09/20/2006 03:40 AM] -- sigcheck OK D:\WINDOWS\system32\scecli.dll -- [180224] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\schedsvc.dll -- [190976] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\services.exe -- [108032] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\sfc.dll -- [5120] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\sfcfiles.dll -- [1580544] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\spoolsv.exe -- [57856] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\srsvc.dll -- [170496] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ssdpsrv.dll -- [71680] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\svchost.exe -- [14336] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\tapisrv.dll -- [246272] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\termsrv.dll -- [295424] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\upnphost.dll -- [185344] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\user32.dll -- [577024] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\userinit.exe -- [24576] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\wininet.dll -- [914944] -- [03/08/2009 03:34 AM] -- sigcheck OK D:\WINDOWS\system32\winlogon.exe -- [502272] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\ws2_32.dll -- [82944] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\wscntfy.exe -- [13824] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\wuauclt.exe -- [111104] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\xmlprov.dll -- [129536] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\acpiec.sys -- [11648] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\aec.sys -- [142464] -- [08/03/2004 09:39 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\asyncmac.sys -- [14336] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\atapi.sys -- [95360] -- [01/17/2010 02:11 AM] -- sigcheck OK D:\WINDOWS\system32\drivers\beep.sys -- [4224] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\classpnp.sys -- [49664] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\disk.sys -- [36352] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\iaStor.sys NOT found D:\WINDOWS\system32\drivers\ip6fw.sys -- [29056] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\kbdclass.sys -- [24576] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\ndis.sys -- [182912] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\ntfs.sys -- [574592] -- [08/03/2004 05:07 PM] -- sigcheck OK D:\WINDOWS\system32\drivers\tcpip.sys -- [359040] -- [08/03/2004 05:07 PM] -- sigcheck OK --- SSODL regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\shell32.dll -- [?] "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?] "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: %Systemroot%\system32\webcheck.dll -- [?] "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: %systemroot%\system32\stobject.dll -- [?] --- STS regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" -- File: %SystemRoot%\system32\browseui.dll -- [?] "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" -- File: %SystemRoot%\system32\browseui.dll -- [?] --- USERINIT regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="D:\\WINDOWS\\system32\\userinit.ex e," File: D:\WINDOWS\system32\userinit.exe -- [24576] -- [08/03/2004 05:07 PM] --- SHELL regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="Explorer.exe" File: D:\WINDOWS\Explorer.exe -- [1032192] -- [08/03/2004 05:07 PM] --- SYSTEM regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" --- APPINIT_DLLS regkey --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "RequireSignedAppInit_DLLs"=dword:00000001 "AppInit_DLLs"="" --- NOTIFY regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] -- File: D:\WINDOWS\system32\crypt32.dll -- [597504] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] -- File: D:\WINDOWS\system32\cryptnet.dll -- [63488] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] -- File: D:\WINDOWS\system32\cscdll.dll -- [101888] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] -- File: D:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] -- File: D:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] -- File: D:\WINDOWS\system32\sclgntfy.dll -- [20992] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] -- File: D:\WINDOWS\system32\WlNotify.dll -- [92672] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] -- File: D:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/03/2004 05:07 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] -- File: D:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/03/2004 05:07 PM] --- RUN / LOAD regkeys --- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] "Run"="" "Load"="" --- SHELLEXECUTEHOOKS regkey --- [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?] --- HKLM AUTORUN regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor] no AutoRun regkey found --- HKCU AUTORUN regkeys --- [HKEY_CURRENT_USER\Software\Microsoft\Command Processor] no AutoRun regkey found --- HKLM\RUN regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "VTTimer" -- File: VTTimer.exe -- [?] "VTTrayp" -- File: VTtrayp.exe -- [?] "SoundMan" -- File: SOUNDMAN.EXE -- [?] "WinampAgent" -- File "D:\Program Files\Winamp\winampa.exe" -- [74752] -- [07/12/2010 08:32 AM] "YBrowser" -- File D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe -- [57344] -- [12/09/2003 01:02 PM] "SolidWorks_CheckForUpdates" -- File: "D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler -- [?] "Adobe Reader Speed Launcher" -- File "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" -- [35760] -- [09/23/2010 04:47 AM] "Adobe ARM" -- File "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" -- [932288] -- [09/20/2010 11:07 PM] "QuickTime Task" -- File: "D:\Program Files\QuickTime\QTTask.exe" -atboottime -- [?] "iTunesHelper" -- File "D:\Program Files\iTunes\iTunesHelper.exe" -- [421160] -- [11/17/2010 08:59 PM] --- HKLM\RUNONCE regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] no runonce values found --- HKLM\RUNONCEEX regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx] no runonceex values found --- HKLM\RUNSERVICES regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices] key not found --- HKLM\RUNSERVICESONCE regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce] key not found --- HKCU\RUN regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] no run values found --- HKCU\RUNONCE regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce] no runonce values found --- HKCU\RUNONCEEX regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnceEx] key not found --- HKCU\RUNSERVICES regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices] no runservices values found --- HKCU\RUNSERVICESONCE regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce] no runservicesonce values found --- HKU\.DEFAULT\Run regkeys - Default user --- [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run] no run values found --- HKU\S-1-5-18\Run regkeys - user SYSTEM --- [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] no run values found --- HKU\S-1-5-19\Run regkeys - User Lokale service --- [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] key not found --- HKU\S-1-5-20\Run regkeys - User Lokale service --- [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] key not found --- HKLM\Explorer\Run regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run] no run values found --- HKCU\Explorer\Run regkeys --- [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run] no run values found --- Image File Execution regkeys --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] no debuggers found --- BROWSER HELPER OBJECTS regkeys --- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] -- File: D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll -- [1205560] -- [03/22/2010 11:51 PM] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] -- File: D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll -- [75200] -- [09/22/2010 06:04 PM] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] -- CLSID not found [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -- File: D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll -- [403840] -- [08/18/2009 11:32 AM] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -- File: D:\Program Files\Java\jre6\bin\jp2ssv.dll -- [41760] -- [03/21/2010 06:24 PM] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] -- File: D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll -- [79648] -- [03/21/2010 06:24 PM] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] -- File: D:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInsta nce.dll -- [158520] -- [03/22/2010 11:51 PM] --- TOOLBAR regkeys --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} -- File: D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll -- [1205560] -- [03/22/2010 11:51 PM] --- HKLM\URLSEARCHHOOKS regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks] no urlsearchhooks found --- HKCU\URLSEARCHHOOKS regkeys --- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] {CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: D:\WINDOWS\system32\ieframe.dll -- [11063808] -- [03/08/2009 03:39 AM] --- SRCEENSAVER regkey --- [HKEY_CURRENT_USER\Control Panel\Desktop] scrnsave.exe value not found --- ALTERNATESHELL regkey --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot] File: D:\WINDOWS\system32\cmd.exe -- [388608] -- [08/03/2004 05:07 PM] --- SECURITYPROVIDERS regkey --- [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" File: D:\WINDOWS\system32\msapsspc.dll -- [86016] -- [08/03/2004 05:07 PM] File: D:\WINDOWS\system32\schannel.dll -- [144896] -- [08/03/2004 05:07 PM] File: D:\WINDOWS\system32\digest.dll -- [68608] -- [08/03/2004 05:07 PM] File: D:\WINDOWS\system32\msnsspc.dll -- [290816] -- [08/03/2004 05:07 PM] --- Active Setup\Installed Components regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] -- File: D:\WINDOWS\system32\ieudinit.exe -- [36864] -- [03/08/2009 03:32 AM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] -- File: D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -- File: "D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] -- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
|
|
#29
March 5th, 2011, 04:52 AM
|
|||
|
|||
|
-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0430454D-47EA-11D6-AD58-00010333D0AD}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1803B9EF-9905-4F34-AFC4-05D1BAB28801}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{231B1C6E-F934-42A2-92B6-C2FEFEC24276}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{34C70B70-8FFF-4179-A2EB-0819FFA38126}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{362A5D5E-1BF6-4CA7-87B4-B6686F3C1BEF}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3B85F91B-93D4-D9F4-169D-4B42544ECA65}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -- File: rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser .NT -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4DAEE2D4-A471-42AC-97A2-4C2A79C77648}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4EC8E993-32C1-47F5-A07A-5B0574655AD4}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] -- File: rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5AD5FC59-CC80-698E-E291-E4A0389AAFD2}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -- File: rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmp.inf,PerUserStub -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{75A1F9FF-DC5E-9F56-9301-2994CF977385}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{81EB8B7D-1E2B-D6F2-949A-65B878177282}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{83A51245-6564-B827-EA47-6EBAFBE108B2}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] -- File: regsvr32.exe /s /n /i:U shell32.dll -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] -- File: D:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] -- File: D:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -- File: D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{924C1588-90C3-4910-B6CA-D57A1C0418FE}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{944D7BBB-EA1D-43EB-B49F-F517CF2B6C9D}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A17E30C4-A9BA-11D4-8673-60DB54C10000}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A33CDC24-5A55-8E74-22DF-ED45E2B60C9D}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AA218328-0EA8-4D70-8972-E987A9190FF4}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CDD230C6-496C-30BD-7040-EDC063304E0F}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CE734E0A-D6D3-4A92-AF9F-499BE87A025C}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4686B28-47A3-4BE9-3FC4-993235964480}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F53CE5EC-1CD8-41EB-A220-F8EA247E3A06}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F6E296E0-BCCA-0F90-E755-F32F44DC0B6F}] -- filepath not found --- Services regkey --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\abp480n5] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\adpu160m] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aec] -- File: system32\drivers\aec.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aic78u2] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aic78xx] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\amsint] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\asc] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\asc3350p] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\asc3550] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aspnet_state] -- File: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\as pnet_state.exe -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\atapi] -- File: system32\DRIVERS\atapi.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\audstub] -- File: system32\DRIVERS\audstub.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CoordinatorServiceHost] -- File: "D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService. exe" -- [83240] -- [03/19/2009 11:31 AM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\i2omgmt] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\i2omp] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\i8042prt] -- File: system32\DRIVERS\i8042prt.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\idsvc] -- File: "D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windo ws Communication Foundation\infocard.exe" -- [881664] -- [07/29/2008 06:24 PM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\inetaccs] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ini910u] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\intelppm] -- File: system32\DRIVERS\intelppm.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\iPod Service] -- File: "D:\Program Files\iPod\bin\iPodService.exe" -- [820008] -- [11/17/2010 08:58 PM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\isapnp] -- File: system32\DRIVERS\isapnp.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\JavaQuickStarterService] -- File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Mkd2kfNt] -- File: system32\drivers\Mkd2kfNt.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Mkd2Nadr] -- File: system32\drivers\Mkd2Nadr.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetTcpPortSharing] -- File: "D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windo ws Communication Foundation\SMSvcHost.exe" -- [132096] -- [07/29/2008 06:16 PM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\npkcrypt] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Remote Solver for Flow Simulation 2009] -- File: D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- [214312] -- [02/05/2009 05:12 PM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ultra] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\upnphost] -- File: %SystemRoot%\system32\svchost.exe -k LocalService -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbehci] -- File: system32\DRIVERS\usbehci.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbhub] -- File: system32\DRIVERS\usbhub.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbuhci] -- File: system32\DRIVERS\usbuhci.sys -- [?] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\VXD] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wlidsvc] -- File: "D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" -- [1529728] -- [08/18/2009 11:29 AM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}] -- filepath not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{5D4F1DB5-B768-421B-99C6-A98AA06D1D1F}] -- filepath not found --- SAFEBOOT MINIMAL SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal no unknown services found --- SAFEBOOT Network SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network DnsCache {1a3e09be-1e45-494b-9174-d7385b45bbf5} --- BOOTEXECUTE regkey --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager] "BootExecute"= autocheck autochk *\0\0 --- PENDINGFILERENAMEOPERATIONS regkey --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager] PendingFileRenameOperations key not found --- WOW-CMDLINE regkeys --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\WOW] "cmdline" = %SystemRoot%\system32\ntvdm.exe "cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 --- NETSVCS regkey --- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NETSVCS 0WmdmPmSN --- DNS SERVER regkeys --- no "NameServer" values found --- HKCU SEARCHSCOPE --- DefaultScope= {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL REG_SZ http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{16d8854a-0316-617f-da9e-df084c1364b6} URL REG_SZ http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e} URL REG_SZ http://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=&src=crm&q={searchTe rms}&locale= HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} URL REG_SZ http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7SHCN_en HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{ebd3e3d6-df57-498e-9252-f58a253255fb} URL REG_SZ http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20101252,6901, 0,8,0 --- HKLM SEARCHSCOPE --- DefaultScope= {6A1806CD-94D4-4689-BA73-E35EA1EA9990} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL REG_SZ http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? } HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} URL REG_SZ http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 --- File associations --- .BAT files: ("%1" %*) .COM files: ("%1" %*) .EXE files: ("%1" %*) .HLP files: (%SystemRoot%\System32\winhlp32.exe %1) .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .INI files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*) .PIF files: ("%1" %*) .REG files: (regedit.exe "%1") .SCR files: ("%1" /S) .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*) --- STARTUP FOLDERS --- D:\Documents and Settings\user\Start Menu\Programs\Startup\desktop.ini -- [84] -- [10/12/2006 05:24 PM] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -- [84] -- [10/12/2006 05:24 PM] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -- [1730] -- [10/13/2006 03:26 PM] --- TASK SCHEDULER JOBS --- D:\WINDOWS\tasks\AppleSoftwareUpdate.job -- [284] -- [12/28/2010 04:49 PM] Scan completed: Fri 03/04/2011 19:41:13.04 FINISHED
|
|
#30
March 6th, 2011, 02:49 AM
|
||||
|
||||
|
I received the AVG log, thanks. I think one of my eyeballs became swollen trying to weed through it, and the other still points towards the ceiling. But some curious anomalies which we need to make changes to:
Quote:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "RequireSignedAppInit_DLLs"=dword:00000001 "AppInit_DLLs"="" Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Download The Avenger by Swandog from here and save it to your Desktop, and unzip the downloaded avenger.zip file. Then in the new avenger folder created locate and click on avenger.exe to run the tool. Okay the warning. When the Avenger display opens copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system. Code:
Begin copying here:
Drivers to delete:
avg
AvgAdminServer
AVGIDSErHrw7a
AVGIDSErHrvta
AVGIDSErHrvtx
AVGIDSErHrxpx
AVGIDSDriverw7a
AVGIDSFilterw7a
AVGIDSDriverw7x
AVGIDSFilterw7x
AVGIDSShimw7x
AVGIDSDrivervta
AVGIDSErHrw7x
AVGIDSSHIMXPX
AVGIDSERHRXPX
AVGIDSDRIVERXPX
avgwd
AVG Security Toolbar Service
avg9emc
avg9wd
avgtdix
avgtdia
avgrkx86
avgrkx64
avgmfx86
avgmfx64
avgldx86
avgldx64
AVGIDSShim
AVGIDSfilter
AVGIDSEH
AVGIDSDriver
avgfwdx
avgfwda
avgfwd6x
avgfwd6a
AvgWFPx
AvgWFPa
avgfws8
avgfws9
AVGIDSFiltervta
{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}
Folders to delete:
D:\Program Files\AVG
D:\Documents and Settings\user\Application Data\AVG10
Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | RequireSignedAppInit_DLLs
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}
Registry values to replace with dummy:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
Run a new "normal" Gmer scan (just click the Scan button - skip Non-MS settings) and a new Reglooks scan, and post those logs as well please.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| antimalware doctor- combo fix log | k9mom007 | Malware Removal | 283 | September 23rd, 2010 10:55 PM |
| Antimalware doctor | Jerry56 | Windows XP | 4 | August 17th, 2010 06:56 PM |
| antimalware doctor | Saga286 | Malware Removal | 1 | July 29th, 2010 05:12 AM |
| Antimalware has taken over | Bonksie | Malware Removal | 22 | December 6th, 2009 02:23 PM |
| Malwarebytes AntiMalware | shkhaslam | Malware Removal | 4 | November 19th, 2009 04:18 AM |
All times are GMT +1. The time now is 12:33 AM.