Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Help! can't get rid of Trojan Dropper


Rage

Recommended Posts

Re: Help! can't get rid of Trojan Dropper

 

Hi Rage

Please don't post the same thing incessantly. Try waiting for a malware-fighter to get on-line and try to help you - in the meantime please read how others have coped with the same issue and try reading Usage of IObit Products - links in my signature - to find out how to ask for assistance from one of the voluntary helpers in the forum.

Cheers

solbjerg

Link to comment
Share on other sites

Re: Help! can't get rid of Trojan Dropper

 

WTF??? I still can't post the original message...so I'm gonna just sum it up as best I can...

 

Here is the IObit 360 report....

 

OS:Windows XP

Version:1.5.0.13

Define Version:1803

Time Elapsed:00:12:16

Objects Scanned:68863

Threats Found:7

 

|Name|Type|Description|ID|

Tracking Cookies - Removed, Cookies, https://pagead2.googleadservices.com/pagead/adview?ai=BmbPxAuiATOGGKtLWjQfz38T8Aqbo_OAB3rHx6hPAjbcB4JgXEAEYASCGj4ACOABQsbmfpP______AWDJhoCA-KOcFbIBD21haWwuZ29vZ2xlLmNvbboBCGdtYWlsLXRsyAEB2gEyaHR0cDovL21haWwuZ29vZ2xlLmNvbS9MVGM0TWpJd05UVTRNakl5TmpBNE1qUTJPREWAAgGoAwHoA8gC6AM86AOdAfUDAAAARA&sigh=r9-lW3QQLMU, 7-1853

Tracking Cookies - Removed, Cookies, Cookie:ragewind@realmedia.com/, 7-18

Tracking Cookies - Removed, Cookies, Cookie:ragewind@real.com/, 7-1570

Tracking Cookies - Removed, Cookies, Cookie:ragewind@xiti.com/, 7-2256

Tracking Cookies - Removed, Cookies, Cookie:ragewind@quantserve.com/, 7-2072

Trojan.Dropper - Quarantined, File, G:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll, 12-167

Trojan.Dropper - Quarantined, File, G:\Program Files\Microsoft IntelliType Pro\Components\Commands\DPGHnt\DPGHnt.dll, 12-167

 

I have other anti-virus software and they didn't find anything... so what can I do?

Link to comment
Share on other sites

Re: Help! can't get rid of Trojan Dropper

 

Hi Rage

Ha-ha - what message are you talking about - you are posting a gaggle of messages - albeight the same mostly :-)

Is it how to post an attached file that eludes you or how to find the log file with the messages from the scan? Please clarify the issue by explaining your plight in a few more words.

Cheers

solbjerg

 

 

I didn't mean to post the same thing over again, I can't post the message
Link to comment
Share on other sites

Re: Help! can't get rid of Trojan Dropper

 

Hi Rage,

 

Most probably the # of characters you want to post are more than permitted.

 

Divide the reports into parts and then you can post them. (Copy and paste half of the report, and then in the next post copy and paste other half of the report and post.)

 

Cheers.

Link to comment
Share on other sites

Re: Help! can't get rid of Trojan Dropper

 

I've run iobit 360 and everytime I get trojan dropper. I've run other scans and they can't find it. Here are the logs..

 

IObit Security 360

 

OS:Windows XP

Version:1.5.0.13

Define Version:1803

Time Elapsed:00:12:16

Objects Scanned:68863

Threats Found:7

 

|Name|Type|Description|ID|

Tracking Cookies - Removed, Cookies, https://pagead2.googleadservices.com/pagead/adview?ai=BmbPxAuiATOGGKtLWjQfz38T8Aqbo_OAB3rHx6hPAjbcB4JgXEAEYASCGj4ACOABQsbmfpP______AWDJhoCA-KOcFbIBD21haWwuZ29vZ2xlLmNvbboBCGdtYWlsLXRsyAEB2gEyaHR0cDovL21haWwuZ29vZ2xlLmNvbS9MVGM0TWpJd05UVTRNakl5TmpBNE1qUTJPREWAAgGoAwHoA8gC6AM86AOdAfUDAAAARA&sigh=r9-lW3QQLMU, 7-1853

Tracking Cookies - Removed, Cookies, Cookie:ragewind@realmedia.com/, 7-18

Tracking Cookies - Removed, Cookies, Cookie:ragewind@real.com/, 7-1570

Tracking Cookies - Removed, Cookies, Cookie:ragewind@xiti.com/, 7-2256

Tracking Cookies - Removed, Cookies, Cookie:ragewind@quantserve.com/, 7-2072

Trojan.Dropper - Quarantined, File, G:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll, 12-167

Trojan.Dropper - Quarantined, File, G:\Program Files\Microsoft IntelliType Pro\Components\Commands\DPGHnt\DPGHnt.dll, 12-167

Link to comment
Share on other sites

Re: Help! can't get rid of Trojan Dropper

 

Here is the rest of the reports...

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Ragewind at 7:44:40.59 on Fri 09/03/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2377 [GMT -5:00]

 

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

============== Running Processes ===============

 

G:\windows\system32\svchost -k DcomLaunch

G:\windows\system32\svchost -k rpcss

G:\windows\System32\svchost.exe -k netsvcs

G:\windows\system32\svchost.exe -k NetworkService

G:\windows\system32\svchost.exe -k LocalService

G:\Program Files\AVG\AVG9\avgchsvx.exe

G:\Program Files\AVG\AVG9\avgrsx.exe

G:\WINDOWS\system32\LEXBCES.EXE

G:\windows\system32\spoolsv.exe

G:\WINDOWS\system32\LEXPPS.EXE

G:\Program Files\AVG\AVG9\avgcsrvx.exe

G:\windows\Explorer.EXE

G:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

G:\Program Files\Yahoo!\Common\YMailAdvisor.exe

G:\Program Files\Roland\VSC32\vscvol.exe

G:\Program Files\Roland\VSC32\vsc32cnf.exe

G:\windows\SOUNDMAN.EXE

G:\windows\RTHDCPL.EXE

G:\windows\system32\RUNDLL32.EXE

G:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

G:\Program Files\Microsoft IntelliType Pro\itype.exe

G:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

G:\Program Files\iTunes\iTunesHelper.exe

G:\Program Files\Microsoft IntelliPoint\ipoint.exe

G:\windows\system32\RunDll32.exe

G:\windows\Mixer.exe

G:\PROGRA~1\AVG\AVG9\avgtray.exe

G:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

G:\Program Files\Common Files\Real\Update_OB\realsched.exe

G:\Program Files\Common Files\Java\Java Update\jusched.exe

G:\Program Files\IObit\IObit Security 360\IS360tray.exe

G:\windows\system32\ctfmon.exe

G:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

G:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

G:\Program Files\ManyCam 2.4\ManyCam.exe

G:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

G:\windows\system32\svchost.exe -k LocalService

G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

G:\Program Files\AVG\AVG9\avgwdsvc.exe

G:\Program Files\Bonjour\mDNSResponder.exe

G:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

G:\Program Files\IObit\IObit Security 360\IS360srv.exe

G:\Program Files\Java\jre6\bin\jqs.exe

G:\windows\system32\nvsvc32.exe

G:\windows\system32\svchost.exe -k imgsvc

G:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

G:\windows\system32\SearchIndexer.exe

G:\Program Files\AVG\AVG9\avgnsx.exe

G:\Program Files\iPod\bin\iPodService.exe

G:\WINDOWS\system32\wbem\wmiprvse.exe

G:\windows\System32\alg.exe

G:\windows\System32\svchost.exe -k HTTPFilter

G:\Program Files\IObit\IObit Security 360\is360.exe

G:\windows\system32\NOTEPAD.EXE

G:\windows\system32\SearchProtocolHost.exe

G:\windows\system32\SearchFilterHost.exe

G:\windows\system32\NOTEPAD.EXE

G:\Program Files\Internet Explorer\iexplore.exe

G:\Program Files\Internet Explorer\iexplore.exe

G:\Program Files\Internet Explorer\iexplore.exe

G:\Documents and Settings\Ragewind\Local Settings\Temporary Internet Files\Content.IE5\W71HK817\dds[1].scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://m.http://www.yahoo.com/?fr=fptb-tyc8

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://www.yahoo.com

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - g:\program files\avg\avg9\toolbar\IEToolbar.dll

uURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - g:\program files\iobitcom\tbIOb1.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - g:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - g:\program files\yahoo!\companion\installs\cpn3\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - g:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - g:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - g:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - g:\program files\iobitcom\tbIOb1.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - g:\program files\avg\avg9\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - g:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - g:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - g:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - g:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - g:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - g:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - g:\program files\yahoo!\companion\installs\cpn3\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - g:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - g:\program files\iobitcom\tbIOb1.dll

uRun: [ctfmon.exe] g:\windows\system32\ctfmon.exe

uRun: [swg] "g:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [search Protection] g:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [Messenger (Yahoo!)] "g:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [Advanced SystemCare 3] "g:\program files\iobit\advanced systemcare 3\AWC.exe" /startup

uRun: [ManyCam] "g:\program files\manycam 2.4\ManyCam.exe"

uRunOnce: [shockwave Updater] g:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://games.adultswim.com/carls-freakin-strip-poker-puzzle-online-game.html"

mRun: [NvCplDaemon] RUNDLL32.EXE g:\windows\system32\NvCpl.dll,NvStartup

mRun: [YSearchProtection] "g:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [YMailAdvisor] "g:\program files\yahoo!\common\YMailAdvisor.exe"

mRun: [vscvol.exe] g:\program files\roland\vsc32\vscvol.exe

mRun: [vsc32cnf.exe] g:\program files\roland\vsc32\vsc32cnf.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [QuickTime Task] "g:\program files\quicktime\qttask.exe" -atboottime

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE g:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Lexmark X1100 Series] "g:\program files\lexmark x1100 series\lxbkbmgr.exe"

mRun: [itype] "g:\program files\microsoft intellitype pro\itype.exe"

mRun: [iTunesHelper] "g:\program files\itunes\iTunesHelper.exe"

mRun: [intelliPoint] "g:\program files\microsoft intellipoint\ipoint.exe"

mRun: [GEST] =

mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd

mRun: [C-Media Mixer] Mixer.exe /startup

mRun: [AVG9_TRAY] g:\progra~1\avg\avg9\avgtray.exe

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Adobe_ID0EYTHM] g:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [Adobe ARM] "g:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "g:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "g:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [TkBellExe] "g:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "g:\program files\common files\java\java update\jusched.exe"

mRun: [iObit Security 360] "g:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

IE: Append Link Target to Existing PDF - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Google Sidewiki... - g:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - g:\program files\messenger\msmsgs.exe

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - g:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - g:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - g:\program files\yahoo!\common\Yinsthelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237867762875

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - g:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - g:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - g:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - g:\program files\windows desktop search\MSNLNamespaceMgr.dll

 

============= SERVICES / DRIVERS ===============

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [2009-3-8 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;g:\windows\system32\drivers\avgmfx86.sys [2009-3-8 29584]

R1 AvgTdiX;AVG Free8 Network Redirector;g:\windows\system32\drivers\avgtdix.sys [2009-3-8 243024]

R2 avg9wd;AVG Free WatchDog;g:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]

R2 GEST Service;GEST Service for program management.;g:\program files\gigabyte\energysaver\GSvr.exe [2009-3-8 68136]

R2 IS360service;IS360service;g:\program files\iobit\iobit security 360\is360srv.exe [2010-9-2 312152]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;g:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]

R3 vsc32;Virtual Sound Canvas 3.2;g:\windows\system32\drivers\vsc.sys [2009-3-25 951284]

S3 DSCVc;Video Capture;g:\windows\system32\drivers\CoachVc.sys [2010-3-24 44256]

S3 FsUsbExDisk;FsUsbExDisk;g:\windows\system32\FsUsbExDisk.Sys [2010-2-12 36608]

 

=============== Created Last 30 ================

 

2010-09-03 12:19:10 0 d-----w- G:\b69a15667a1c3ed8396f8d3776dfd1

2010-08-15 22:29:09 0 d-----w- G:\20db017056119b138b

2010-08-15 21:20:44 0 d-----w- G:\47c1dbb3b31c2a9ec218e0c8d2fe8f38

2010-08-15 21:20:38 0 d-----w- G:\5df4406b7bcbbdb4ee07437ead17

2010-08-15 21:20:31 0 d-----w- G:\c601e63918eb91d2a9ba70ff78b9ba

2010-08-15 14:27:17 0 d-----w- G:\be0542474f90a28e24ccd957706c9e

2010-08-15 14:27:09 0 d-----w- G:\2704e1b8fb15674ebb8090b5218a3bf4

 

==================== Find3M ====================

 

2010-09-03 12:18:14 16608 ----a-w- g:\windows\gdrv.sys

2010-07-17 10:00:04 423656 ----a-w- g:\windows\system32\deployJava1.dll

2010-07-16 19:31:22 243024 ----a-w- g:\windows\system32\drivers\avgtdix.sys

2010-07-16 19:31:20 12536 ----a-w- g:\windows\system32\avgrsstx.dll

2010-07-16 19:30:56 216400 ----a-w- g:\windows\system32\drivers\avgldx86.sys

2010-07-01 20:56:12 12396 ----a-w- g:\windows\fonts\whipped_cream.ttf

2010-06-30 12:31:35 149504 ----a-w- g:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- g:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- g:\windows\system32\win32k.sys

2010-06-17 14:03:00 80384 ----a-w- g:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- g:\windows\system32\msxml3.dll

 

============= FINISH: 7:44:59.26 ===============

Link to comment
Share on other sites

Re: Help! can't get rid of Trojan Dropper

 

The other one says...

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

I have it as a document, and don't know how to make it a zip or attach it, so what should I do?

Link to comment
Share on other sites

Re: Help! can't get rid of Trojan Dropper

 

Hi Rage

Right click the file and choose "Send to" and then compressed folder - placed for example on your desktop.

As for attaching it - the procedure is explained in Usage of IObit Products - link in my signature.

Cheers

solbjerg

 

The other one says...

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

I have it as a document, and don't know how to make it a zip or attach it, so what should I do?

Link to comment
Share on other sites

  • 2 weeks later...

Re: Help! can't get rid of Trojan Dropper

 

Download ComboFix by sUBs from one of the below links.

 

Important! You MUST save ComboFix to your desktop

 

link # 1

Link # 2

 

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Double click on ComboFix.exe & follow the prompts.

 

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

When the scan completes it will open a text window.

 

Post the contents of that log in your next reply.

 

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

Link to comment
Share on other sites

Re: Help! can't get rid of Trojan Dropper

 

OK, here is the Combofix log...

 

ComboFix 10-09-13.01 - Ragewind 09/13/2010 20:48:36.1.4 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2556 [GMT -5:00]

Running from: g:\documents and settings\Ragewind\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

g:\documents and settings\Ragewind\lame_enc_en.dll

g:\documents and settings\Ragewind\lametritonus_en.dll

g:\windows\Readme.txt

 

.

((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))

.

 

2010-09-03 18:35 . 2010-09-03 22:22 -------- d-----w- g:\windows\system32\NtmsData

2010-09-03 18:33 . 2010-09-03 18:33 -------- d-----w- g:\documents and settings\Ragewind\Application Data\Avira

2010-09-03 18:29 . 2010-03-01 15:05 124784 ----a-w- g:\windows\system32\drivers\avipbb.sys

2010-09-03 18:29 . 2010-02-16 19:24 60936 ----a-w- g:\windows\system32\drivers\avgntflt.sys

2010-09-03 18:29 . 2009-05-11 17:49 45416 ----a-w- g:\windows\system32\drivers\avgntdd.sys

2010-09-03 18:29 . 2009-05-11 17:49 22360 ----a-w- g:\windows\system32\drivers\avgntmgr.sys

2010-09-03 18:29 . 2010-09-03 18:29 -------- d-----w- g:\program files\Avira

2010-09-03 18:29 . 2010-09-03 18:29 -------- d-----w- g:\documents and settings\All Users\Application Data\Avira

2010-09-03 17:40 . 2010-09-03 17:40 -------- d-----w- g:\program files\Enigma Software Group

2010-09-03 17:40 . 2010-09-03 17:59 -------- d-----w- g:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP

2010-09-03 17:40 . 2010-09-03 17:40 -------- d-----w- g:\program files\Common Files\Wise Installation Wizard

2010-09-03 17:30 . 2010-09-03 17:30 -------- d-----w- g:\documents and settings\Ragewind\Local Settings\Application Data\Threat Expert

2010-09-03 17:16 . 2010-09-03 17:17 80770088 ----a-w- g:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor with AntiVirus8.0\sdasetup_dl.exe

2010-09-03 17:10 . 2010-09-05 00:07 -------- d---a-w- g:\documents and settings\All Users\Application Data\TEMP

2010-09-03 17:09 . 2010-09-03 17:09 80767800 ----a-w- g:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe

2010-09-03 17:09 . 2010-09-05 00:07 -------- d-----w- g:\documents and settings\All Users\Application Data\PC Tools

2010-08-15 22:29 . 2010-08-15 22:29 -------- d-----w- G:\20db017056119b138b

2010-08-15 21:20 . 2010-08-15 21:20 -------- d-----w- G:\47c1dbb3b31c2a9ec218e0c8d2fe8f38

2010-08-15 21:20 . 2010-08-15 21:20 -------- d-----w- G:\5df4406b7bcbbdb4ee07437ead17

2010-08-15 21:20 . 2010-08-15 21:20 -------- d-----w- G:\c601e63918eb91d2a9ba70ff78b9ba

2010-08-15 14:27 . 2010-08-15 14:27 -------- d-----w- G:\be0542474f90a28e24ccd957706c9e

2010-08-15 14:27 . 2010-08-15 14:27 -------- d-----w- G:\2704e1b8fb15674ebb8090b5218a3bf4

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-14 01:48 . 2009-03-23 16:56 -------- d-----w- g:\documents and settings\Ragewind\Application Data\BitTorrent

2010-09-14 01:41 . 2009-03-08 19:28 16608 ----a-w- g:\windows\gdrv.sys

2010-09-04 17:57 . 2009-11-14 14:22 -------- d-----w- g:\program files\BitTorrent

2010-09-04 16:05 . 2010-03-03 13:49 -------- d-----w- g:\documents and settings\All Users\Application Data\IObit

2010-09-04 16:05 . 2009-11-08 22:55 -------- d-----w- g:\program files\IObit

2010-09-03 17:18 . 2010-09-03 17:18 595548 ----a-w- g:\windows\system32\drivers\Cat.DB

2010-09-02 08:00 . 2010-03-18 16:10 -------- d-----w- g:\program files\Microsoft Silverlight

2010-08-24 05:57 . 2010-04-27 21:56 -------- d-----w- g:\program files\Common Files\Java

2010-08-24 05:57 . 2010-04-27 21:56 -------- d-----w- g:\program files\Java

2010-08-21 07:03 . 2009-10-02 19:49 -------- d-----w- g:\program files\Lexmark X1100 Series

2010-08-15 17:54 . 2009-09-03 17:08 -------- d-----w- g:\documents and settings\Ragewind\Application Data\U3

2010-08-07 17:01 . 2010-08-07 17:01 503808 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c3cee3d-n\msvcp71.dll

2010-08-07 17:01 . 2010-08-07 17:01 499712 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c3cee3d-n\jmc.dll

2010-08-07 17:01 . 2010-08-07 17:01 348160 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c3cee3d-n\msvcr71.dll

2010-08-07 17:01 . 2010-08-07 17:01 61440 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-496a4d87-n\decora-sse.dll

2010-08-07 17:01 . 2010-08-07 17:01 12800 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-496a4d87-n\decora-d3d.dll

2010-08-07 16:01 . 2010-08-07 16:01 371256 ----a-w- g:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-07-17 10:00 . 2010-05-01 01:03 423656 ----a-w- g:\windows\system32\deployJava1.dll

2010-07-16 19:31 . 2009-03-08 21:30 243024 ----a-w- g:\windows\system32\drivers\avgtdix.sys

2010-07-16 19:31 . 2010-07-16 19:31 12536 ----a-w- g:\windows\system32\avgrsstx.dll

2010-07-16 19:30 . 2009-03-08 21:30 216400 ----a-w- g:\windows\system32\drivers\avgldx86.sys

2010-07-16 18:56 . 2010-07-16 18:56 -------- d-----w- g:\documents and settings\Ragewind\Application Data\Malwarebytes

2010-07-16 18:56 . 2010-07-16 18:56 -------- d-----w- g:\program files\Malwarebytes' Anti-Malware

2010-07-16 18:56 . 2010-07-16 18:56 -------- d-----w- g:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-07 23:09 . 2009-03-03 14:49 192080 -c--a-w- g:\documents and settings\Ragewind\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- g:\windows\system32\schannel.dll

2010-06-24 12:22 . 2008-04-14 12:00 916480 ----a-w- g:\windows\system32\wininet.dll

2010-06-23 13:44 . 2008-04-14 12:00 1851904 ----a-w- g:\windows\system32\win32k.sys

2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- g:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- g:\windows\system32\iccvid.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "g:\program files\IObitCom\tbIOb1.dll" [2010-02-23 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

2010-02-23 21:24 2349080 ----a-w- g:\program files\IObitCom\tbIOb1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-04-19 15:25 2117704 ----a-w- g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "g:\program files\IObitCom\tbIOb1.dll" [2010-02-23 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="g:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-31 39408]

"Search Protection"="g:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"Messenger (Yahoo!)"="g:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-06-20 4351216]

"Advanced SystemCare 3"="g:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]

"ManyCam"="g:\program files\ManyCam 2.4\ManyCam.exe" [2010-04-21 1824040]

"BitTorrent"="g:\program files\BitTorrent\BitTorrent.exe" [2010-09-04 2931568]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="g:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GEST"="=" [X]

"NvCplDaemon"="g:\windows\system32\NvCpl.dll" [2009-03-28 13684736]

"YSearchProtection"="g:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"YMailAdvisor"="g:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]

"vscvol.exe"="g:\program files\Roland\VSC32\vscvol.exe" [2000-02-09 36864]

"vsc32cnf.exe"="g:\program files\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]

"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]

"QuickTime Task"="g:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"nwiz"="nwiz.exe" [2009-03-28 1657376]

"NvMediaCenter"="g:\windows\system32\NvMcTray.dll" [2009-03-28 86016]

"Lexmark X1100 Series"="g:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]

"itype"="g:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]

"iTunesHelper"="g:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"IntelliPoint"="g:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"C-Media Mixer"="Mixer.exe" [2002-10-16 1818624]

"AVG9_TRAY"="g:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]

"Adobe ARM"="g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Adobe Acrobat Speed Launcher"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-20 38840]

"Acrobat Assistant 8.0"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]

"TkBellExe"="g:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-11 202256]

"SunJavaUpdateSched"="g:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="g:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"IObit Security 360"="g:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "g:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-16 19:31 12536 ----a-w- g:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MIDI2"=vscapi.dll

"WAVE2"=vscapi.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"g:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"g:\\Program Files\\e frontier\\Poser 7\\Poser.exe"=

"g:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"g:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"g:\\Program Files\\iTunes\\iTunes.exe"=

"g:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"g:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"g:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"g:\\WINDOWS\\system32\\dpvsetup.exe"=

"g:\\Program Files\\BitTorrent\\bittorrent.exe"=

"g:\\bb\\bbw.exe"=

"g:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [3/8/2009 4:30 PM 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;g:\windows\system32\drivers\avgtdix.sys [3/8/2009 4:30 PM 243024]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;g:\program files\Avira\AntiVir Desktop\sched.exe [9/3/2010 1:29 PM 135336]

R2 avg9wd;AVG Free WatchDog;g:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 2:31 PM 308136]

R2 GEST Service;GEST Service for program management.;g:\program files\GIGABYTE\EnergySaver\GSvr.exe [3/8/2009 2:29 PM 68136]

R2 IS360service;IS360service;g:\program files\IObit\IObit Security 360\is360srv.exe [9/4/2010 11:07 AM 312152]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;g:\windows\system32\drivers\ManyCam.sys [1/14/2008 5:06 AM 21632]

R3 vsc32;Virtual Sound Canvas 3.2;g:\windows\system32\drivers\vsc.sys [3/25/2009 10:55 AM 951284]

S3 DSCVc;Video Capture;g:\windows\system32\drivers\CoachVc.sys [3/24/2010 3:17 AM 44256]

S3 esgiguard;esgiguard;\??\g:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> g:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;g:\windows\system32\FsUsbExDisk.Sys [2/12/2010 4:42 PM 36608]

.

Contents of the 'Scheduled Tasks' folder

 

2010-09-13 g:\windows\Tasks\AppleSoftwareUpdate.job

- g:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

 

2010-09-14 g:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

 

2010-09-14 g:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-1580436667-1801674531-1004.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

 

2010-09-11 g:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

 

2010-09-14 g:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-1580436667-1801674531-1004.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

 

2010-09-06 g:\windows\Tasks\SmartDefrag.job

- g:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-12 21:48]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Google Sidewiki... - g:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-CmPCIaudio - CMICNFG3.cpl

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-13 20:52

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,e4,a6,25,d5,02,b1,40,a7,06,53,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,e4,a6,25,d5,02,b1,40,a7,06,53,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@g:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="g:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2010-09-13 20:54:20

ComboFix-quarantined-files.txt 2010-09-14 01:54

 

Pre-Run: 417,796,538,368 bytes free

Post-Run: 417,783,074,816 bytes free

 

- - End Of File - - B3BA3CE05D3E34013F87B58374B22D3F

Link to comment
Share on other sites

Re: Help! can't get rid of Trojan Dropper

 

The log shows that you're running two Anti-Virus programs (AntiVir Desktop and AVG Anti-Virus Free ) which is a no-no. One will have to be disabled.

 

P2P - I see you have P2P software installed on your machine (BitTorrent ). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

*******************************************

 

Re-running ComboFix to remove infections:

 

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::
     
    File::
    g:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
     
    DirLook::
    g:\windows\system32\NtmsData
    G:\20db017056119b138b
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe
     
    http://img19.imageshack.us/img19/5660/cfscriptb4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

****************************************

 

* Download the following tool: RootRepeal - Rootkit Detector

* Direct download link is here: RootRepeal.zip

 

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.

* Click this link to see a list of such programs and how to disable them.

 

* Extract the program file to a new folder such as C:\RootRepeal

* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.

* Select ALL of the checkboxes and then click OK and it will start scanning your system.

* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.

* When done, click on Save Report

* Save it to the same location where you ran it from, such as C:RootRepeal

* Save it as rootrepeal.txt

* Then open that log and select all and copy/paste it back on your next reply please.

* Close RootRepeal.

Link to comment
Share on other sites

Re: Help! can't get rid of Trojan Dropper

 

Here are the logs...

 

ComboFix 10-09-14.05 - Ragewind 09/15/2010 11:49:26.8.4 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2634 [GMT -5:00]

Running from: g:\documents and settings\Ragewind\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))

.

 

2010-09-03 18:35 . 2010-09-03 22:22 -------- d-----w- g:\windows\system32\NtmsData

2010-09-03 18:33 . 2010-09-03 18:33 -------- d-----w- g:\documents and settings\Ragewind\Application Data\Avira

2010-09-03 18:29 . 2010-03-01 15:05 124784 ----a-w- g:\windows\system32\drivers\avipbb.sys

2010-09-03 18:29 . 2010-02-16 19:24 60936 ----a-w- g:\windows\system32\drivers\avgntflt.sys

2010-09-03 18:29 . 2009-05-11 17:49 45416 ----a-w- g:\windows\system32\drivers\avgntdd.sys

2010-09-03 18:29 . 2009-05-11 17:49 22360 ----a-w- g:\windows\system32\drivers\avgntmgr.sys

2010-09-03 18:29 . 2010-09-03 18:29 -------- d-----w- g:\program files\Avira

2010-09-03 18:29 . 2010-09-03 18:29 -------- d-----w- g:\documents and settings\All Users\Application Data\Avira

2010-09-03 17:40 . 2010-09-03 17:40 -------- d-----w- g:\program files\Enigma Software Group

2010-09-03 17:40 . 2010-09-03 17:59 -------- d-----w- g:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP

2010-09-03 17:40 . 2010-09-03 17:40 -------- d-----w- g:\program files\Common Files\Wise Installation Wizard

2010-09-03 17:30 . 2010-09-03 17:30 -------- d-----w- g:\documents and settings\Ragewind\Local Settings\Application Data\Threat Expert

2010-09-03 17:16 . 2010-09-03 17:17 80770088 ----a-w- g:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor with AntiVirus8.0\sdasetup_dl.exe

2010-09-03 17:10 . 2010-09-05 00:07 -------- d---a-w- g:\documents and settings\All Users\Application Data\TEMP

2010-09-03 17:09 . 2010-09-03 17:09 80767800 ----a-w- g:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe

2010-09-03 17:09 . 2010-09-05 00:07 -------- d-----w- g:\documents and settings\All Users\Application Data\PC Tools

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-15 16:49 . 2009-03-23 16:56 -------- d-----w- g:\documents and settings\Ragewind\Application Data\BitTorrent

2010-09-15 16:43 . 2009-03-08 19:28 16608 ----a-w- g:\windows\gdrv.sys

2010-09-04 17:57 . 2009-11-14 14:22 -------- d-----w- g:\program files\BitTorrent

2010-09-04 16:05 . 2010-03-03 13:49 -------- d-----w- g:\documents and settings\All Users\Application Data\IObit

2010-09-04 16:05 . 2009-11-08 22:55 -------- d-----w- g:\program files\IObit

2010-09-03 17:18 . 2010-09-03 17:18 595548 ----a-w- g:\windows\system32\drivers\Cat.DB

2010-09-02 08:00 . 2010-03-18 16:10 -------- d-----w- g:\program files\Microsoft Silverlight

2010-08-24 05:57 . 2010-04-27 21:56 -------- d-----w- g:\program files\Common Files\Java

2010-08-24 05:57 . 2010-04-27 21:56 -------- d-----w- g:\program files\Java

2010-08-21 07:03 . 2009-10-02 19:49 -------- d-----w- g:\program files\Lexmark X1100 Series

2010-08-15 17:54 . 2009-09-03 17:08 -------- d-----w- g:\documents and settings\Ragewind\Application Data\U3

2010-08-07 17:01 . 2010-08-07 17:01 503808 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c3cee3d-n\msvcp71.dll

2010-08-07 17:01 . 2010-08-07 17:01 499712 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c3cee3d-n\jmc.dll

2010-08-07 17:01 . 2010-08-07 17:01 348160 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c3cee3d-n\msvcr71.dll

2010-08-07 17:01 . 2010-08-07 17:01 61440 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-496a4d87-n\decora-sse.dll

2010-08-07 17:01 . 2010-08-07 17:01 12800 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-496a4d87-n\decora-d3d.dll

2010-08-07 16:01 . 2010-08-07 16:01 371256 ----a-w- g:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-07-17 10:00 . 2010-05-01 01:03 423656 ----a-w- g:\windows\system32\deployJava1.dll

2010-07-16 19:31 . 2009-03-08 21:30 243024 ----a-w- g:\windows\system32\drivers\avgtdix.sys

2010-07-16 19:31 . 2010-07-16 19:31 12536 ----a-w- g:\windows\system32\avgrsstx.dll

2010-07-16 19:30 . 2009-03-08 21:30 216400 ----a-w- g:\windows\system32\drivers\avgldx86.sys

2010-07-07 23:09 . 2009-03-03 14:49 192080 -c--a-w- g:\documents and settings\Ragewind\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- g:\windows\system32\schannel.dll

2010-06-24 12:22 . 2008-04-14 12:00 916480 ----a-w- g:\windows\system32\wininet.dll

2010-06-23 13:44 . 2008-04-14 12:00 1851904 ----a-w- g:\windows\system32\win32k.sys

2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- g:\windows\system32\drivers\srv.sys

.

 

((((((((((((((((((((((((((((( SnapShot@2010-09-14_01.52.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-15 16:43 . 2010-09-15 16:43 16384 g:\windows\temp\Perflib_Perfdata_810.dat

+ 2010-09-15 16:44 . 2010-09-15 16:44 16384 g:\windows\temp\Perflib_Perfdata_484.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "g:\program files\IObitCom\tbIOb1.dll" [2010-02-23 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

2010-02-23 21:24 2349080 ----a-w- g:\program files\IObitCom\tbIOb1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-04-19 15:25 2117704 ----a-w- g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "g:\program files\IObitCom\tbIOb1.dll" [2010-02-23 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="g:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-31 39408]

"Search Protection"="g:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"Messenger (Yahoo!)"="g:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-06-20 4351216]

"Advanced SystemCare 3"="g:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]

"ManyCam"="g:\program files\ManyCam 2.4\ManyCam.exe" [2010-04-21 1824040]

"BitTorrent"="g:\program files\BitTorrent\BitTorrent.exe" [2010-09-04 2931568]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="g:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GEST"="=" [X]

"NvCplDaemon"="g:\windows\system32\NvCpl.dll" [2009-03-28 13684736]

"YSearchProtection"="g:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"YMailAdvisor"="g:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]

"vscvol.exe"="g:\program files\Roland\VSC32\vscvol.exe" [2000-02-09 36864]

"vsc32cnf.exe"="g:\program files\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]

"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]

"QuickTime Task"="g:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"nwiz"="nwiz.exe" [2009-03-28 1657376]

"NvMediaCenter"="g:\windows\system32\NvMcTray.dll" [2009-03-28 86016]

"Lexmark X1100 Series"="g:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]

"itype"="g:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]

"iTunesHelper"="g:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"IntelliPoint"="g:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"C-Media Mixer"="Mixer.exe" [2002-10-16 1818624]

"AVG9_TRAY"="g:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]

"Adobe ARM"="g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Adobe Acrobat Speed Launcher"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-20 38840]

"Acrobat Assistant 8.0"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]

"TkBellExe"="g:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-11 202256]

"SunJavaUpdateSched"="g:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="g:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"IObit Security 360"="g:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "g:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-16 19:31 12536 ----a-w- g:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MIDI2"=vscapi.dll

"WAVE2"=vscapi.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"g:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"g:\\Program Files\\e frontier\\Poser 7\\Poser.exe"=

"g:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"g:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"g:\\Program Files\\iTunes\\iTunes.exe"=

"g:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"g:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"g:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"g:\\WINDOWS\\system32\\dpvsetup.exe"=

"g:\\Program Files\\BitTorrent\\bittorrent.exe"=

"g:\\bb\\bbw.exe"=

"g:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [3/8/2009 4:30 PM 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;g:\windows\system32\drivers\avgtdix.sys [3/8/2009 4:30 PM 243024]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;g:\program files\Avira\AntiVir Desktop\sched.exe [9/3/2010 1:29 PM 135336]

R2 avg9wd;AVG Free WatchDog;g:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 2:31 PM 308136]

R2 GEST Service;GEST Service for program management.;g:\program files\GIGABYTE\EnergySaver\GSvr.exe [3/8/2009 2:29 PM 68136]

R2 IS360service;IS360service;g:\program files\IObit\IObit Security 360\is360srv.exe [9/4/2010 11:07 AM 312152]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;g:\windows\system32\drivers\ManyCam.sys [1/14/2008 5:06 AM 21632]

R3 vsc32;Virtual Sound Canvas 3.2;g:\windows\system32\drivers\vsc.sys [3/25/2009 10:55 AM 951284]

S3 DSCVc;Video Capture;g:\windows\system32\drivers\CoachVc.sys [3/24/2010 3:17 AM 44256]

S3 esgiguard;esgiguard;\??\g:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> g:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;g:\windows\system32\FsUsbExDisk.Sys [2/12/2010 4:42 PM 36608]

.

Contents of the 'Scheduled Tasks' folder

 

2010-09-13 g:\windows\Tasks\AppleSoftwareUpdate.job

- g:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

 

2010-09-15 g:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

 

2010-09-15 g:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-1580436667-1801674531-1004.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

 

2010-09-11 g:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

 

2010-09-15 g:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-1580436667-1801674531-1004.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Google Sidewiki... - g:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-15 11:54

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,e4,a6,25,d5,02,b1,40,a7,06,53,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,e4,a6,25,d5,02,b1,40,a7,06,53,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@g:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="g:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(532)

g:\windows\system32\WININET.dll

g:\progra~1\WINDOW~2\wmpband.dll

g:\windows\system32\ieframe.dll

g:\windows\system32\webcheck.dll

g:\windows\system32\WPDShServiceObj.dll

g:\windows\system32\PortableDeviceTypes.dll

g:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-09-15 11:56:21

ComboFix-quarantined-files.txt 2010-09-15 16:56

ComboFix2.txt 2010-09-15 16:03

ComboFix3.txt 2010-09-15 13:40

ComboFix4.txt 2010-09-14 01:54

 

Pre-Run: 417,677,258,752 bytes free

Post-Run: 417,664,495,616 bytes free

 

- - End Of File - - 3E412AE899EB287928A2407DDCDC37BA

Link to comment
Share on other sites

Re: Help! can't get rid of Trojan Dropper

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/09/15 11:26

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xB9F79000 Size: 187776 File Visible: - Signed: -

Status: -

 

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -

Status: -

 

Name: afd.sys

Image Path: G:\windows\System32\drivers\afd.sys

Address: 0xB6775000 Size: 138496 File Visible: - Signed: -

Status: -

 

Name: atapi.sys

Image Path: atapi.sys

Address: 0xB9F31000 Size: 96512 File Visible: - Signed: -

Status: -

 

Name: ATMFD.DLL

Image Path: G:\windows\System32\ATMFD.DLL

Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -

Status: -

 

Name: audstub.sys

Image Path: G:\windows\system32\DRIVERS\audstub.sys

Address: 0xBA78C000 Size: 3072 File Visible: - Signed: -

Status: -

 

Name: avgio.sys

Image Path: G:\Program Files\Avira\AntiVir Desktop\avgio.sys

Address: 0xBA5F2000 Size: 6144 File Visible: - Signed: -

Status: -

 

Name: avgldx86.sys

Image Path: G:\windows\System32\Drivers\avgldx86.sys

Address: 0xB6634000 Size: 209664 File Visible: - Signed: -

Status: -

 

Name: avgmfx86.sys

Image Path: G:\windows\System32\Drivers\avgmfx86.sys

Address: 0xBA398000 Size: 22848 File Visible: - Signed: -

Status: -

 

Name: avgntflt.sys

Image Path: G:\windows\system32\DRIVERS\avgntflt.sys

Address: 0xB61F3000 Size: 86016 File Visible: - Signed: -

Status: -

 

Name: avgtdix.sys

Image Path: G:\windows\System32\Drivers\avgtdix.sys

Address: 0xB67E5000 Size: 236288 File Visible: - Signed: -

Status: -

 

Name: avipbb.sys

Image Path: G:\windows\system32\DRIVERS\avipbb.sys

Address: 0xB66B8000 Size: 139264 File Visible: - Signed: -

Status: -

 

Name: Beep.SYS

Image Path: G:\windows\System32\Drivers\Beep.SYS

Address: 0xBA5EA000 Size: 4224 File Visible: - Signed: -

Status: -

 

Name: BOOTVID.dll

Image Path: G:\windows\system32\BOOTVID.dll

Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -

Status: -

 

Name: catchme.sys

Image Path: G:\DOCUME~1\Ragewind\LOCALS~1\Temp\catchme.sys

Address: 0xB492E000 Size: 31744 File Visible: No Signed: -

Status: -

 

Name: Cdfs.SYS

Image Path: G:\windows\System32\Drivers\Cdfs.SYS

Address: 0xBA178000 Size: 63744 File Visible: - Signed: -

Status: -

 

Name: cdrom.sys

Image Path: G:\windows\system32\DRIVERS\cdrom.sys

Address: 0xBA1A8000 Size: 62976 File Visible: - Signed: -

Status: -

 

Name: CLASSPNP.SYS

Image Path: G:\windows\system32\DRIVERS\CLASSPNP.SYS

Address: 0xBA0F8000 Size: 53248 File Visible: - Signed: -

Status: -

 

Name: cmudax3.sys

Image Path: G:\windows\system32\drivers\cmudax3.sys

Address: 0xB957F000 Size: 1512960 File Visible: - Signed: -

Status: -

 

Name: disk.sys

Image Path: disk.sys

Address: 0xBA0E8000 Size: 36352 File Visible: - Signed: -

Status: -

 

Name: drmk.sys

Image Path: G:\windows\system32\drivers\drmk.sys

Address: 0xBA1C8000 Size: 61440 File Visible: - Signed: -

Status: -

 

Name: Dxapi.sys

Image Path: G:\windows\System32\drivers\Dxapi.sys

Address: 0xB68F1000 Size: 12288 File Visible: - Signed: -

Status: -

 

Name: dxg.sys

Image Path: G:\windows\System32\drivers\dxg.sys

Address: 0xBF000000 Size: 73728 File Visible: - Signed: -

Status: -

 

Name: dxgthk.sys

Image Path: G:\windows\System32\drivers\dxgthk.sys

Address: 0xBA713000 Size: 4096 File Visible: - Signed: -

Status: -

 

Name: Fastfat.SYS

Image Path: G:\windows\System32\Drivers\Fastfat.SYS

Address: 0xB65E8000 Size: 143744 File Visible: - Signed: -

Status: -

 

Name: fdc.sys

Image Path: G:\windows\system32\DRIVERS\fdc.sys

Address: 0xBA430000 Size: 27392 File Visible: - Signed: -

Status: -

 

Name: Fips.SYS

Image Path: G:\windows\System32\Drivers\Fips.SYS

Address: 0xBA138000 Size: 44544 File Visible: - Signed: -

Status: -

 

Name: flpydisk.sys

Image Path: G:\windows\system32\DRIVERS\flpydisk.sys

Address: 0xBA470000 Size: 20480 File Visible: - Signed: -

Status: -

 

Name: fltMgr.sys

Image Path: fltMgr.sys

Address: 0xB9EF9000 Size: 129792 File Visible: - Signed: -

Status: -

 

Name: Fs_Rec.SYS

Image Path: G:\windows\System32\Drivers\Fs_Rec.SYS

Address: 0xBA5E8000 Size: 7936 File Visible: - Signed: -

Status: -

 

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xB9F49000 Size: 125056 File Visible: - Signed: -

Status: -

 

Name: gdrv.sys

Image Path: G:\WINDOWS\gdrv.sys

Address: 0xB445A000 Size: 9184 File Visible: - Signed: -

Status: -

 

Name: GEARAspiWDM.sys

Image Path: G:\windows\system32\DRIVERS\GEARAspiWDM.sys

Address: 0xBA428000 Size: 21120 File Visible: - Signed: -

Status: -

 

Name: hal.dll

Image Path: G:\windows\system32\hal.dll

Address: 0x806E4000 Size: 134400 File Visible: - Signed: -

Status: -

 

Name: HDAudBus.sys

Image Path: G:\windows\system32\DRIVERS\HDAudBus.sys

Address: 0xB972E000 Size: 163840 File Visible: - Signed: -

Status: -

 

Name: HIDCLASS.SYS

Image Path: G:\windows\system32\DRIVERS\HIDCLASS.SYS

Address: 0xBA158000 Size: 36864 File Visible: - Signed: -

Status: -

 

Name: HIDPARSE.SYS

Image Path: G:\windows\system32\DRIVERS\HIDPARSE.SYS

Address: 0xBA490000 Size: 28672 File Visible: - Signed: -

Status: -

 

Name: hidusb.sys

Image Path: G:\windows\system32\DRIVERS\hidusb.sys

Address: 0xB6929000 Size: 10368 File Visible: - Signed: -

Status: -

 

Name: HTTP.sys

Image Path: G:\windows\System32\Drivers\HTTP.sys

Address: 0xB4492000 Size: 265728 File Visible: - Signed: -

Status: -

 

Name: imapi.sys

Image Path: G:\windows\system32\DRIVERS\imapi.sys

Address: 0xBA198000 Size: 42112 File Visible: - Signed: -

Status: -

 

Name: intelppm.sys

Image Path: G:\windows\system32\DRIVERS\intelppm.sys

Address: 0xBA188000 Size: 36352 File Visible: - Signed: -

Status: -

 

Name: ipnat.sys

Image Path: G:\windows\system32\DRIVERS\ipnat.sys

Address: 0xB67BF000 Size: 152832 File Visible: - Signed: -

Status: -

 

Name: ipsec.sys

Image Path: G:\windows\system32\DRIVERS\ipsec.sys

Address: 0xB6878000 Size: 75264 File Visible: - Signed: -

Status: -

 

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xBA0A8000 Size: 37248 File Visible: - Signed: -

Status: -

 

Name: kbdclass.sys

Image Path: G:\windows\system32\DRIVERS\kbdclass.sys

Address: 0xBA458000 Size: 24576 File Visible: - Signed: -

Status: -

 

Name: kbdhid.sys

Image Path: G:\windows\system32\DRIVERS\kbdhid.sys

Address: 0xB6921000 Size: 14592 File Visible: - Signed: -

Status: -

 

Name: KDCOM.DLL

Image Path: G:\windows\system32\KDCOM.DLL

Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -

Status: -

 

Name: ks.sys

Image Path: G:\windows\system32\DRIVERS\ks.sys

Address: 0xB970B000 Size: 143360 File Visible: - Signed: -

Status: -

 

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xB9ED0000 Size: 92928 File Visible: - Signed: -

Status: -

 

Name: ManyCam.sys

Image Path: G:\windows\system32\DRIVERS\ManyCam.sys

Address: 0xBA438000 Size: 21632 File Visible: - Signed: -

Status: -

 

Name: mbr.sys

Image Path: G:\DOCUME~1\Ragewind\LOCALS~1\Temp\mbr.sys

Address: 0xB6690000 Size: 20864 File Visible: No Signed: -

Status: -

 

Name: mnmdd.SYS

Image Path: G:\windows\System32\Drivers\mnmdd.SYS

Address: 0xBA5EC000 Size: 4224 File Visible: - Signed: -

Status: -

 

Name: mouclass.sys

Image Path: G:\windows\system32\DRIVERS\mouclass.sys

Address: 0xBA460000 Size: 23040 File Visible: - Signed: -

Status: -

 

Name: mouhid.sys

Image Path: G:\windows\system32\DRIVERS\mouhid.sys

Address: 0xB691D000 Size: 12160 File Visible: - Signed: -

Status: -

 

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: -

Status: -

 

Name: mrxdav.sys

Image Path: G:\windows\system32\DRIVERS\mrxdav.sys

Address: 0xB5BBB000 Size: 180608 File Visible: - Signed: -

Status: -

 

Name: mrxsmb.sys

Image Path: G:\windows\system32\DRIVERS\mrxsmb.sys

Address: 0xB66DA000 Size: 455680 File Visible: - Signed: -

Status: -

 

Name: Msfs.SYS

Image Path: G:\windows\System32\Drivers\Msfs.SYS

Address: 0xBA4A0000 Size: 19072 File Visible: - Signed: -

Status: -

 

Name: msgpc.sys

Image Path: G:\windows\system32\DRIVERS\msgpc.sys

Address: 0xBA228000 Size: 35072 File Visible: - Signed: -

Status: -

 

Name: mssmbios.sys

Image Path: G:\windows\system32\DRIVERS\mssmbios.sys

Address: 0xB9DB4000 Size: 15488 File Visible: - Signed: -

Status: -

 

Name: Mup.sys

Image Path: Mup.sys

Address: 0xB9DFC000 Size: 105344 File Visible: - Signed: -

Status: -

 

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xB9E16000 Size: 182656 File Visible: - Signed: -

Status: -

 

Name: ndistapi.sys

Image Path: G:\windows\system32\DRIVERS\ndistapi.sys

Address: 0xB9DC0000 Size: 10112 File Visible: - Signed: -

Status: -

 

Name: ndisuio.sys

Image Path: G:\windows\system32\DRIVERS\ndisuio.sys

Address: 0xB6208000 Size: 14592 File Visible: - Signed: -

Status: -

 

Name: ndiswan.sys

Image Path: G:\windows\system32\DRIVERS\ndiswan.sys

Address: 0xB944E000 Size: 91520 File Visible: - Signed: -

Status: -

 

Name: NDProxy.SYS

Image Path: G:\windows\System32\Drivers\NDProxy.SYS

Address: 0xBA278000 Size: 40576 File Visible: - Signed: -

Status: -

 

Name: netbios.sys

Image Path: G:\windows\system32\DRIVERS\netbios.sys

Address: 0xBA128000 Size: 34688 File Visible: - Signed: -

Status: -

 

Name: netbt.sys

Image Path: G:\windows\system32\DRIVERS\netbt.sys

Address: 0xB6797000 Size: 162816 File Visible: - Signed: -

Status: -

 

Name: Npfs.SYS

Image Path: G:\windows\System32\Drivers\Npfs.SYS

Address: 0xBA4A8000 Size: 30848 File Visible: - Signed: -

Status: -

 

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xB9E43000 Size: 574976 File Visible: - Signed: -

Status: -

 

Name: ntkrnlpa.exe

Image Path: G:\windows\system32\ntkrnlpa.exe

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -

Status: -

 

Name: Null.SYS

Image Path: G:\windows\System32\Drivers\Null.SYS

Address: 0xBA791000 Size: 2944 File Visible: - Signed: -

Status: -

 

Name: nv4_disp.dll

Image Path: G:\windows\System32\nv4_disp.dll

Address: 0xBF012000 Size: 6189056 File Visible: - Signed: -

Status: -

 

Name: nv4_mini.sys

Image Path: G:\windows\system32\DRIVERS\nv4_mini.sys

Address: 0xB978E000 Size: 6280416 File Visible: - Signed: -

Status: -

 

Name: parport.sys

Image Path: G:\windows\system32\DRIVERS\parport.sys

Address: 0xB9547000 Size: 80128 File Visible: - Signed: -

Status: -

 

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xBA330000 Size: 19712 File Visible: - Signed: -

Status: -

 

Name: ParVdm.SYS

Image Path: G:\windows\System32\Drivers\ParVdm.SYS

Address: 0xBA5C2000 Size: 6784 File Visible: - Signed: -

Status: -

 

Name: pci.sys

Image Path: pci.sys

Address: 0xB9F68000 Size: 68224 File Visible: - Signed: -

Status: -

 

Name: pciide.sys

Image Path: pciide.sys

Address: 0xBA670000 Size: 3328 File Visible: - Signed: -

Status: -

 

Name: PCIIDEX.SYS

Image Path: G:\windows\system32\DRIVERS\PCIIDEX.SYS

Address: 0xBA328000 Size: 28672 File Visible: - Signed: -

Status: -

 

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -

Status: -

 

Name: point32.sys

Image Path: G:\windows\system32\DRIVERS\point32.sys

Address: 0xBA3B8000 Size: 21760 File Visible: - Signed: -

Status: -

 

Name: portcls.sys

Image Path: G:\windows\system32\drivers\portcls.sys

Address: 0xB955B000 Size: 147456 File Visible: - Signed: -

Status: -

 

Name: PROCEXP113.SYS

Image Path: G:\windows\system32\Drivers\PROCEXP113.SYS

Address: 0xBA64A000 Size: 7872 File Visible: No Signed: -

Status: -

 

Name: psched.sys

Image Path: G:\windows\system32\DRIVERS\psched.sys

Address: 0xB943D000 Size: 69120 File Visible: - Signed: -

Status: -

 

Name: ptilink.sys

Image Path: G:\windows\system32\DRIVERS\ptilink.sys

Address: 0xBA448000 Size: 17792 File Visible: - Signed: -

Status: -

 

Name: rasacd.sys

Image Path: G:\windows\system32\DRIVERS\rasacd.sys

Address: 0xB91F4000 Size: 8832 File Visible: - Signed: -

Status: -

 

Name: rasl2tp.sys

Image Path: G:\windows\system32\DRIVERS\rasl2tp.sys

Address: 0xBA1F8000 Size: 51328 File Visible: - Signed: -

Status: -

 

Name: raspppoe.sys

Image Path: G:\windows\system32\DRIVERS\raspppoe.sys

Address: 0xBA208000 Size: 41472 File Visible: - Signed: -

Status: -

 

Name: raspptp.sys

Image Path: G:\windows\system32\DRIVERS\raspptp.sys

Address: 0xBA218000 Size: 48384 File Visible: - Signed: -

Status: -

 

Name: raspti.sys

Image Path: G:\windows\system32\DRIVERS\raspti.sys

Address: 0xBA450000 Size: 16512 File Visible: - Signed: -

Status: -

 

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -

Status: -

 

Name: rdbss.sys

Image Path: G:\windows\system32\DRIVERS\rdbss.sys

Address: 0xB674A000 Size: 175744 File Visible: - Signed: -

Status: -

 

Name: RDPCDD.sys

Image Path: G:\windows\System32\DRIVERS\RDPCDD.sys

Address: 0xBA5EE000 Size: 4224 File Visible: - Signed: -

Status: -

 

Name: redbook.sys

Image Path: G:\windows\system32\DRIVERS\redbook.sys

Address: 0xBA1B8000 Size: 57600 File Visible: - Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: G:\windows\system32\drivers\rootrepeal.sys

Address: 0xB47B6000 Size: 49152 File Visible: No Signed: -

Status: -

 

Name: Rtenicxp.sys

Image Path: G:\windows\system32\DRIVERS\Rtenicxp.sys

Address: 0xB96F1000 Size: 105088 File Visible: - Signed: -

Status: -

 

Name: RtkHDAud.sys

Image Path: G:\windows\system32\drivers\RtkHDAud.sys

Address: 0xB6935000 Size: 4919296 File Visible: - Signed: -

Status: -

 

Name: RVIEg01.sys

Image Path: G:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys

Address: 0xB5574000 Size: 160448 File Visible: - Signed: -

Status: -

 

Name: SCSIPORT.SYS

Image Path: G:\windows\system32\DRIVERS\SCSIPORT.SYS

Address: 0xB9F19000 Size: 98304 File Visible: - Signed: -

Status: -

 

Name: serenum.sys

Image Path: G:\windows\system32\DRIVERS\serenum.sys

Address: 0xB9DC4000 Size: 15744 File Visible: - Signed: -

Status: -

 

Name: serial.sys

Image Path: G:\windows\system32\DRIVERS\serial.sys

Address: 0xBA1D8000 Size: 64512 File Visible: - Signed: -

Status: -

 

Name: sr.sys

Image Path: sr.sys

Address: 0xB9EE7000 Size: 73472 File Visible: - Signed: -

Status: -

 

Name: srv.sys

Image Path: G:\windows\system32\DRIVERS\srv.sys

Address: 0xB55C4000 Size: 354304 File Visible: - Signed: -

Status: -

 

Name: ssmdrv.sys

Image Path: G:\windows\system32\DRIVERS\ssmdrv.sys

Address: 0xBA350000 Size: 23040 File Visible: - Signed: -

Status: -

 

Name: STREAM.SYS

Image Path: G:\windows\system32\DRIVERS\STREAM.SYS

Address: 0xBA1E8000 Size: 53248 File Visible: - Signed: -

Status: -

 

Name: swenum.sys

Image Path: G:\windows\system32\DRIVERS\swenum.sys

Address: 0xBA5D2000 Size: 4352 File Visible: - Signed: -

Status: -

 

Name: sysaudio.sys

Image Path: G:\windows\system32\drivers\sysaudio.sys

Address: 0xB6003000 Size: 60800 File Visible: - Signed: -

Status: -

 

Name: tcpip.sys

Image Path: G:\windows\system32\DRIVERS\tcpip.sys

Address: 0xB681F000 Size: 361600 File Visible: - Signed: -

Status: -

 

Name: TDI.SYS

Image Path: G:\windows\system32\DRIVERS\TDI.SYS

Address: 0xBA440000 Size: 20480 File Visible: - Signed: -

Status: -

 

Name: termdd.sys

Image Path: G:\windows\system32\DRIVERS\termdd.sys

Address: 0xBA238000 Size: 40704 File Visible: - Signed: -

Status: -

 

Name: ultra.sys

Image Path: ultra.sys

Address: 0xBA0D8000 Size: 36736 File Visible: - Signed: -

Status: -

 

Name: update.sys

Image Path: G:\windows\system32\DRIVERS\update.sys

Address: 0xB93DF000 Size: 384768 File Visible: - Signed: -

Status: -

 

Name: usbaudio.sys

Image Path: G:\windows\system32\drivers\usbaudio.sys

Address: 0xBA148000 Size: 60032 File Visible: - Signed: -

Status: -

 

Name: usbccgp.sys

Image Path: G:\windows\system32\DRIVERS\usbccgp.sys

Address: 0xBA4B0000 Size: 32128 File Visible: - Signed: -

Status: -

 

Name: USBD.SYS

Image Path: G:\windows\system32\DRIVERS\USBD.SYS

Address: 0xBA5DA000 Size: 8192 File Visible: - Signed: -

Status: -

 

Name: usbehci.sys

Image Path: G:\windows\system32\DRIVERS\usbehci.sys

Address: 0xBA420000 Size: 30208 File Visible: - Signed: -

Status: -

 

Name: usbhub.sys

Image Path: G:\windows\system32\DRIVERS\usbhub.sys

Address: 0xBA2B8000 Size: 59520 File Visible: - Signed: -

Status: -

 

Name: USBPORT.SYS

Image Path: G:\windows\system32\DRIVERS\USBPORT.SYS

Address: 0xB9756000 Size: 147456 File Visible: - Signed: -

Status: -

 

Name: usbprint.sys

Image Path: G:\windows\system32\DRIVERS\usbprint.sys

Address: 0xBA3B0000 Size: 25856 File Visible: - Signed: -

Status: -

 

Name: usbscan.sys

Image Path: G:\windows\system32\DRIVERS\usbscan.sys

Address: 0xB692D000 Size: 15104 File Visible: - Signed: -

Status: -

 

Name: USBSTOR.SYS

Image Path: G:\windows\system32\DRIVERS\USBSTOR.SYS

Address: 0xBA3A0000 Size: 26368 File Visible: - Signed: -

Status: -

 

Name: usbuhci.sys

Image Path: G:\windows\system32\DRIVERS\usbuhci.sys

Address: 0xBA418000 Size: 20608 File Visible: - Signed: -

Status: -

 

Name: vga.sys

Image Path: G:\windows\System32\drivers\vga.sys

Address: 0xBA498000 Size: 20992 File Visible: - Signed: -

Status: -

 

Name: VIDEOPRT.SYS

Image Path: G:\windows\system32\DRIVERS\VIDEOPRT.SYS

Address: 0xB977A000 Size: 81920 File Visible: - Signed: -

Status: -

 

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xBA0C8000 Size: 52352 File Visible: - Signed: -

Status: -

 

Name: vsc.sys

Image Path: G:\windows\system32\DRIVERS\vsc.sys

Address: 0xB9465000 Size: 924320 File Visible: - Signed: -

Status: -

 

Name: wanarp.sys

Image Path: G:\windows\system32\DRIVERS\wanarp.sys

Address: 0xBA318000 Size: 34560 File Visible: - Signed: -

Status: -

 

Name: watchdog.sys

Image Path: G:\windows\System32\watchdog.sys

Address: 0xBA3C8000 Size: 20480 File Visible: - Signed: -

Status: -

 

Name: wdmaud.sys

Image Path: G:\windows\system32\drivers\wdmaud.sys

Address: 0xB5DA6000 Size: 83072 File Visible: - Signed: -

Status: -

 

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1855488 File Visible: - Signed: -

Status: -

 

Name: win32k.sys

Image Path: G:\windows\System32\win32k.sys

Address: 0xBF800000 Size: 1855488 File Visible: - Signed: -

Status: -

 

Name: WMILIB.SYS

Image Path: G:\windows\system32\DRIVERS\WMILIB.SYS

Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -

Status: -

 

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -

Status: -

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...