[RESOLVED] Internet Connection is Dialing Itself

Printable View

Show 40 post(s) from this thread on one page

June 25th, 2011, 07:52 PM
davidgsmith

ok on the t5ql.dll thingy...
Dave
June 25th, 2011, 08:12 PM
Broni

Quote:

there were 4 of them is the Task Scheduler... 2 from Google and two from I don't know where. The 2 google ones were set at 'Daily' and it was started back on 6/4/11, about the time this started.....

Ha!
Nice :)
June 25th, 2011, 10:16 PM
davidgsmith

LOL :)
Thank you again sir for all you do for everyone.
Dave
June 25th, 2011, 11:56 PM
Broni

You're very welcome https://discussions.virtualdr.com/
July 3rd, 2011, 11:29 AM
davidgsmith

Broni,
I've been thinking about the t5ql.dll trojan on my computer. I am very uncomfortable with it being there.
If you remember in post#44 I submitted to virustotal.com to have it checked and there were quite a few hits. I downloaded one the the a/v programs that found it as a trojan. VBA32. After install it found t5ql.dll, in fact every 2 seconds it was popping up a 'virus found' box. I also ran a scan which it found it. The problem is that the program could do no type of action to remove it. Under 'Action Taken' it said 'Not Removed'. That's it!

So I'm reading this post here at the forum.
http://discussions.virtualdr.com/sho...d.php?t=249403

And it seems to me that this trojan is similar, and I'm beginning to feel that my only solution is a complete format and reinstall of XP.
What do you think?
Thanks,
Dave
July 3rd, 2011, 11:57 AM
Broni
Yeah, I think we have to remove that file, but let's re-run some scans first.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  - Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  - Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
  - Close any open browsers.
  - WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  - Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  - If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
July 3rd, 2011, 01:10 PM
davidgsmith

OK Broni,

When Combo Fix first started I got the following alert ....

In the title bar it said "Parasite Found!"
The body said, " The following files were trying to attach to Combo Fox. They shall be disabled. Kindly notedown on paper, the name of each file. We may need it later.
C:\Windows\System32\t5ql.dll

Then at the first reboot, I got this one....

Explorer.exe Unable to locate component.
...."This application failed to start because t5ql.dll was not found. Re-installing the application may fix this problem"
Then Combo Fix continued running after I clicked OK.
Then on the last restart I got the same one again.

Explorer.exe Unable to locate component.
...."This application failed to start because t5ql.dll was not found. Re-installing the application may fix this problem"

Other than that it ran fine.... here is the log.....

ComboFix 11-07-02.03 - Dave 07/03/2011 12:49:11.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.623 [GMT -5:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
The following files were disabled during the run:
c:\windows\system32\t5ql.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 13:09 . 2011-07-03 13:09 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50884F5D-CF93-4986-BD4E-577092981CFC}\MpKsl55594903.sys
2011-07-02 09:56 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50884F5D-CF93-4986-BD4E-577092981CFC}\mpengine.dll
2011-06-29 00:40 . 2011-06-29 00:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-06-28 00:58 . 2011-06-28 00:58 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\Secunia PSI
2011-06-28 00:58 . 2011-06-28 00:58 -------- d-----w- c:\program files\Secunia
2011-06-28 00:48 . 2011-06-28 00:48 -------- d-----w- c:\program files\WOT
2011-06-25 01:06 . 2009-03-21 14:06 265292 ----a-w- c:\windows\system32\t5ql.dll.vir
2011-06-24 02:26 . 2011-06-24 02:26 -------- d-----w- c:\program files\Common Files\Java
2011-06-24 02:26 . 2011-05-04 09:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-15 23:53 . 2011-06-28 22:16 -------- d-----w- c:\documents and settings\Dave\Application Data\FileZilla
2011-06-15 23:52 . 2011-06-15 23:52 -------- d-----w- c:\program files\FileZilla FTP Client
2011-06-15 21:39 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2011-03-23 00:44 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 14:11 . 2010-09-10 13:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2010-09-10 13:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 09:52 . 2010-07-04 20:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25 . 2010-07-04 20:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2010-07-04 06:54 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:36 . 2010-08-20 03:52 164880 ---ha-w- c:\documents and settings\Dave\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-29 03:36 . 2004-08-04 12:00 110080 ----a-w- c:\windows\system32\imm32.dll
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-04-29 . C8270B953FBCFB9B5310488DB779EC4E . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
Stickies.lnk - c:\program files\stickies\stickies.exe [2010-7-4 1101824]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-02-15 01:32 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-15 03:39 136176 ----atw- c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-07-19 23:06 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-07-19 23:09 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 18:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2010-07-05 13:13 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-10-01 18:23 2424560 -c--a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Games\\Activision\\JN6 - Golden Bear Challenge\\JNGBCGolf.exe"=
"c:\\Documents and Settings\\Dave\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Games\\Microsoft Games\\Midtown Madness 2\\MIDTOWN2.ICD"=
"c:\\Program Files\\Games\\Microsoft Games\\MechWarrior Vengeance\\MW4.ICD"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6667:TCP"= 6667:TCP:IRC
"3783:TCP"= 3783:TCP:voice chat
"27900:TCP"= 27900:TCP:Master Svc
"28900:TCP"= 28900:TCP:Master Service ll
"29900:TCP"= 29900:TCP:GP Connect
"29901:TCP"= 29901:TCP:GP Search
"13139:TCP"= 13139:TCP:CUST UDP
"6515:TCP"= 6515:TCP:Dplay UDP
"6500:TCP"= 6500:TCP:Query
.
R1 MpKsl55594903;MpKsl55594903;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50884F5D-CF93-4986-BD4E-577092981CFC}\MpKsl55594903.sys [7/3/2011 8:09 AM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 67656]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [7/4/2010 2:24 AM 47360]
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [7/4/2010 2:24 AM 153600]
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [7/4/2010 2:24 AM 153472]
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [7/4/2010 2:24 AM 103424]
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [7/4/2010 2:24 AM 153600]
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [7/4/2010 2:24 AM 153472]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S1 MpKsl5e374436;MpKsl5e374436;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FCED001E-29B4-4EEB-96CA-FCC0A4C6D691}\MpKsl5e374436.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FCED001E-29B4-4EEB-96CA-FCC0A4C6D691}\MpKsl5e374436.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [7/4/2010 2:24 AM 13312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL55594903
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-07-03 c:\windows\Tasks\User_Feed_Synchronization-{E9462B1D-DE15-4239-8878-D5206A58D0F7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thehungersite.com/clickToGive/home.faces?siteId=1
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{BDDE120D-FFE9-4679-A943-C78332774491}: NameServer = 10.133.20.11 10.132.20.11
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\045ulcui.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.thehungersite.com/clickToGive/home.faces?siteId=1
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Beach Tranquility Screen Saver - c:\windows\system32\BEACHT~1.SCR
AddRemove-Sierra Utilities - c:\program files\Sierra On-Line\sutil32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 12:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1216)
c:\windows\system32\t5ql.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\l3codeca.acm
.
- - - - - - - > 'lsass.exe'(1272)
c:\windows\system32\t5ql.dll
.
- - - - - - - > 'explorer.exe'(272)
c:\windows\system32\WININET.dll
.
Completion time: 2011-07-03 12:55:59
ComboFix-quarantined-files.txt 2011-07-03 17:55
.
Pre-Run: 13,404,372,992 bytes free
Post-Run: 13,534,429,184 bytes free
.
- - End Of File - - 1EEF749D6450C0B9105FD517F3105EAC
July 3rd, 2011, 01:22 PM
Broni

Please, re-run Combofix one more time.
July 3rd, 2011, 01:44 PM
davidgsmith

Everything happened as it did the first time... same error msgs.

ComboFix 11-07-02.03 - Dave 07/03/2011 13:35:18.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.545 [GMT -5:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 13:09 . 2011-07-03 13:09 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50884F5D-CF93-4986-BD4E-577092981CFC}\MpKsl55594903.sys
2011-07-02 09:56 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50884F5D-CF93-4986-BD4E-577092981CFC}\mpengine.dll
2011-06-29 00:40 . 2011-06-29 00:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-06-28 00:58 . 2011-06-28 00:58 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\Secunia PSI
2011-06-28 00:58 . 2011-06-28 00:58 -------- d-----w- c:\program files\Secunia
2011-06-28 00:48 . 2011-06-28 00:48 -------- d-----w- c:\program files\WOT
2011-06-25 01:06 . 2009-03-21 14:06 265292 ----a-w- c:\windows\system32\t5ql.dll.vir
2011-06-24 02:26 . 2011-06-24 02:26 -------- d-----w- c:\program files\Common Files\Java
2011-06-24 02:26 . 2011-05-04 09:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-15 23:53 . 2011-06-28 22:16 -------- d-----w- c:\documents and settings\Dave\Application Data\FileZilla
2011-06-15 23:52 . 2011-06-15 23:52 -------- d-----w- c:\program files\FileZilla FTP Client
2011-06-15 21:39 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2011-03-23 00:44 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 14:11 . 2010-09-10 13:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2010-09-10 13:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 09:52 . 2010-07-04 20:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25 . 2010-07-04 20:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2010-07-04 06:54 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:36 . 2010-08-20 03:52 164880 ---ha-w- c:\documents and settings\Dave\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-29 03:36 . 2004-08-04 12:00 110080 ----a-w- c:\windows\system32\imm32.dll
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-04-29 . C8270B953FBCFB9B5310488DB779EC4E . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
Stickies.lnk - c:\program files\stickies\stickies.exe [2010-7-4 1101824]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-02-15 01:32 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-15 03:39 136176 ----atw- c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-07-19 23:06 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-07-19 23:09 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 18:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2010-07-05 13:13 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-10-01 18:23 2424560 -c--a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Games\\Activision\\JN6 - Golden Bear Challenge\\JNGBCGolf.exe"=
"c:\\Documents and Settings\\Dave\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Games\\Microsoft Games\\Midtown Madness 2\\MIDTOWN2.ICD"=
"c:\\Program Files\\Games\\Microsoft Games\\MechWarrior Vengeance\\MW4.ICD"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6667:TCP"= 6667:TCP:IRC
"3783:TCP"= 3783:TCP:voice chat
"27900:TCP"= 27900:TCP:Master Svc
"28900:TCP"= 28900:TCP:Master Service ll
"29900:TCP"= 29900:TCP:GP Connect
"29901:TCP"= 29901:TCP:GP Search
"13139:TCP"= 13139:TCP:CUST UDP
"6515:TCP"= 6515:TCP:Dplay UDP
"6500:TCP"= 6500:TCP:Query
.
R1 MpKsl55594903;MpKsl55594903;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50884F5D-CF93-4986-BD4E-577092981CFC}\MpKsl55594903.sys [7/3/2011 8:09 AM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 67656]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [7/4/2010 2:24 AM 47360]
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [7/4/2010 2:24 AM 153600]
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [7/4/2010 2:24 AM 153472]
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [7/4/2010 2:24 AM 103424]
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [7/4/2010 2:24 AM 153600]
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [7/4/2010 2:24 AM 153472]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S1 MpKsl5e374436;MpKsl5e374436;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FCED001E-29B4-4EEB-96CA-FCC0A4C6D691}\MpKsl5e374436.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FCED001E-29B4-4EEB-96CA-FCC0A4C6D691}\MpKsl5e374436.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [7/4/2010 2:24 AM 13312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL55594903
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-07-03 c:\windows\Tasks\User_Feed_Synchronization-{E9462B1D-DE15-4239-8878-D5206A58D0F7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thehungersite.com/clickToGive/home.faces?siteId=1
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{BDDE120D-FFE9-4679-A943-C78332774491}: NameServer = 10.133.20.11 10.132.20.11
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\045ulcui.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.thehungersite.com/clickToGive/home.faces?siteId=1
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 13:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1216)
c:\windows\system32\t5ql.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\l3codeca.acm
.
- - - - - - - > 'lsass.exe'(1272)
c:\windows\system32\t5ql.dll
.
- - - - - - - > 'explorer.exe'(2996)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-07-03 13:41:06
ComboFix-quarantined-files.txt 2011-07-03 18:41
.
Pre-Run: 13,490,958,336 bytes free
Post-Run: 13,494,730,752 bytes free
.
- - End Of File - - 888ACF4BFCEF86CAE5346F58E4E6407A
July 3rd, 2011, 01:57 PM
Broni
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
- Link 1 (.exe file)
  Link 2 (zipped file)
  Link 3 (.rar file)
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.
- Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
- Click the Report tab, then click Scan.
- Check Drivers, Stealth, and uncheck the rest.
- Click OK.
- Wait until it's finished and then go to File > Save Report.
- Save the report to your Desktop.
- Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
July 3rd, 2011, 02:18 PM
davidgsmith

1 Attachment(s)

Problem....
When I started RKUnhooker first I got the

RKUnhooker.exe Unable to loacate component....
...."This application failed to start because t5ql.dll was not found. Re-installing the application may fix this problem"

Then it started to install and I got this.....
See attachment...
Then when i clicked on the Report tab it came up again, and the whole tab was blank... clicking on other tabs was normal.

Do you want me to run 'Scan' anyway?
July 3rd, 2011, 02:46 PM
Broni
Please download GMER from one of the following locations and save it to your desktop:
- Main Mirror
  This version will download a randomly named file (Recommended)
- Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  https://discussions.virtualdr.com/im.../2011/07/5.gif
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
July 3rd, 2011, 04:01 PM
davidgsmith

Here's GMER..... takes forever :D

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-03 15:57:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800EB-00DJF0 rev.77.07W77
Running: 9pq84zny.exe; Driver: C:\DOCUME~1\Dave\LOCALS~1\Temp\pgliapoc.sys

---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\Dave\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Dave\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [372] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [552] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [712] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [756] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\Program Files\Secunia\PSI\PSIA.exe [868] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\wscntfy.exe [1196] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [1216] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [1260] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [1272] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\Program Files\Microsoft Security Client\msseces.exe [1380] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1424] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\hkcmd.exe [1432] 0x00420000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\igfxpers.exe [1456] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1480] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [1516] 0x10000000
Library C:\WINDOWS\System32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1556] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [1600] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1636] 0x10000000
Library C:\WINDOWS\System32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1732] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\Program Files\Secunia\PSI\psi_tray.exe [1740] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\Program Files\stickies\stickies.exe [1776] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1952] 0x10000000
Library C:\WINDOWS\System32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [2016] 0x10000000
Library C:\WINDOWS\System32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [2228] 0x10000000
Library C:\WINDOWS\system32\t5ql.dll (*** hidden *** ) @ C:\WINDOWS\system32\igfxsrvc.exe [3876] 0x10000000

---- EOF - GMER 1.0.15 ----
July 3rd, 2011, 04:16 PM
Broni
Download TDSSKiller and save it to your desktop.
- Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
July 3rd, 2011, 04:42 PM
davidgsmith

That 'unable to find component' error keeps popping up.

Here is the log

2011/07/03 16:39:40.0140 0764 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/03 16:39:40.0843 0764 ================================================================================
2011/07/03 16:39:40.0843 0764 SystemInfo:
2011/07/03 16:39:40.0843 0764
2011/07/03 16:39:40.0843 0764 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/03 16:39:40.0843 0764 Product type: Workstation
2011/07/03 16:39:40.0843 0764 ComputerName: COMPUTER1
2011/07/03 16:39:40.0843 0764 UserName: Dave
2011/07/03 16:39:40.0843 0764 Windows directory: C:\WINDOWS
2011/07/03 16:39:40.0843 0764 System windows directory: C:\WINDOWS
2011/07/03 16:39:40.0843 0764 Processor architecture: Intel x86
2011/07/03 16:39:40.0843 0764 Number of processors: 1
2011/07/03 16:39:40.0843 0764 Page size: 0x1000
2011/07/03 16:39:40.0843 0764 Boot type: Normal boot
2011/07/03 16:39:40.0843 0764 ================================================================================
2011/07/03 16:39:42.0515 0764 Initialize success
2011/07/03 16:40:04.0796 3620 ================================================================================
2011/07/03 16:40:04.0796 3620 Scan started
2011/07/03 16:40:04.0796 3620 Mode: Manual;
2011/07/03 16:40:04.0796 3620 ================================================================================
2011/07/03 16:40:05.0140 3620 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/03 16:40:05.0218 3620 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/03 16:40:05.0343 3620 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/07/03 16:40:05.0421 3620 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/03 16:40:05.0500 3620 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/03 16:40:05.0968 3620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/03 16:40:06.0031 3620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/03 16:40:06.0140 3620 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/03 16:40:06.0234 3620 ATMFBUS (07cac813cdc45dbf8696d0e02b06f622) C:\WINDOWS\system32\DRIVERS\ATMFBUS.sys
2011/07/03 16:40:06.0296 3620 ATMFCVsp (00541bd4b04c68e3882ec2da104ef301) C:\WINDOWS\system32\DRIVERS\ATMFCVsp.sys
2011/07/03 16:40:06.0375 3620 ATMFFLT (a93c25ecc84872eff7b9f23843b9e22f) C:\WINDOWS\system32\DRIVERS\ATMFFLT.sys
2011/07/03 16:40:06.0453 3620 ATMFMdm (ad613953334d98e98af4101d951d0b3a) C:\WINDOWS\system32\DRIVERS\ATMFMdm.sys
2011/07/03 16:40:06.0500 3620 ATMFNET (a73c4dfa3a5e21c5f2ae695b7df7883b) C:\WINDOWS\system32\DRIVERS\ATMFNET.sys
2011/07/03 16:40:06.0562 3620 ATMFNVsp (88bf42cd1efe78eb411a01b0114641d8) C:\WINDOWS\system32\DRIVERS\ATMFNVsp.sys
2011/07/03 16:40:06.0609 3620 ATMFVsp (217c7c09dfb0726dd957536f5feec208) C:\WINDOWS\system32\DRIVERS\ATMFVsp.sys
2011/07/03 16:40:06.0703 3620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/03 16:40:06.0796 3620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/03 16:40:06.0984 3620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/03 16:40:07.0109 3620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/03 16:40:07.0187 3620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/03 16:40:07.0250 3620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/03 16:40:07.0593 3620 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/03 16:40:07.0687 3620 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/03 16:40:07.0812 3620 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/03 16:40:07.0875 3620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/03 16:40:07.0953 3620 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/03 16:40:08.0093 3620 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/03 16:40:08.0171 3620 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/03 16:40:08.0312 3620 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/03 16:40:08.0375 3620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/03 16:40:08.0453 3620 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/03 16:40:08.0500 3620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/03 16:40:08.0593 3620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/03 16:40:08.0671 3620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/03 16:40:08.0750 3620 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/03 16:40:08.0812 3620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/03 16:40:08.0875 3620 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/03 16:40:09.0015 3620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/03 16:40:09.0187 3620 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/03 16:40:09.0312 3620 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/03 16:40:09.0421 3620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/03 16:40:09.0546 3620 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/03 16:40:09.0625 3620 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/03 16:40:09.0671 3620 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/03 16:40:09.0750 3620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/03 16:40:09.0828 3620 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/03 16:40:09.0890 3620 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/03 16:40:09.0953 3620 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/03 16:40:10.0015 3620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/03 16:40:10.0093 3620 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/03 16:40:10.0140 3620 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/03 16:40:10.0218 3620 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/03 16:40:10.0296 3620 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/03 16:40:10.0468 3620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/03 16:40:10.0546 3620 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/03 16:40:10.0609 3620 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/03 16:40:10.0687 3620 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/03 16:40:10.0750 3620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/03 16:40:10.0828 3620 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/07/03 16:40:10.0984 3620 MpKsl92b8fc33 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{341EDE8A-E00E-410E-A6F6-7375DD8DA5C7}\MpKsl92b8fc33.sys
2011/07/03 16:40:11.0140 3620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/03 16:40:11.0265 3620 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/03 16:40:11.0375 3620 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/03 16:40:11.0453 3620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/03 16:40:11.0531 3620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/03 16:40:11.0593 3620 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/03 16:40:11.0687 3620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/03 16:40:11.0765 3620 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/03 16:40:11.0859 3620 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/03 16:40:11.0937 3620 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/03 16:40:12.0015 3620 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/03 16:40:12.0093 3620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/03 16:40:12.0187 3620 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/03 16:40:12.0265 3620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/03 16:40:12.0359 3620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/03 16:40:12.0484 3620 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/03 16:40:12.0593 3620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/03 16:40:12.0718 3620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/03 16:40:12.0765 3620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/03 16:40:12.0859 3620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/03 16:40:12.0953 3620 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/07/03 16:40:13.0078 3620 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/03 16:40:13.0171 3620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/03 16:40:13.0265 3620 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/03 16:40:13.0343 3620 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/03 16:40:13.0468 3620 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/03 16:40:13.0546 3620 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/03 16:40:13.0937 3620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/03 16:40:14.0031 3620 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/03 16:40:14.0109 3620 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/07/03 16:40:14.0203 3620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/03 16:40:14.0500 3620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/03 16:40:14.0593 3620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/03 16:40:14.0687 3620 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/03 16:40:14.0781 3620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/03 16:40:14.0875 3620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/03 16:40:14.0953 3620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/03 16:40:15.0046 3620 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/03 16:40:15.0125 3620 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/03 16:40:15.0250 3620 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/03 16:40:15.0375 3620 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/03 16:40:15.0437 3620 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/03 16:40:15.0546 3620 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/03 16:40:15.0640 3620 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/03 16:40:15.0687 3620 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/03 16:40:15.0796 3620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/07/03 16:40:15.0984 3620 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
2011/07/03 16:40:16.0125 3620 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/03 16:40:16.0187 3620 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/03 16:40:16.0312 3620 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/03 16:40:16.0421 3620 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/03 16:40:16.0468 3620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/03 16:40:16.0750 3620 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/03 16:40:16.0890 3620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/03 16:40:16.0984 3620 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/03 16:40:17.0062 3620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/03 16:40:17.0156 3620 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/03 16:40:17.0328 3620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/03 16:40:17.0484 3620 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/03 16:40:17.0593 3620 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/03 16:40:17.0671 3620 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/03 16:40:17.0750 3620 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/03 16:40:17.0843 3620 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/03 16:40:17.0921 3620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/03 16:40:18.0046 3620 vmm (817da66b1b889fad1dbf669e0e2f3228) C:\WINDOWS\system32\Drivers\vmm.sys
2011/07/03 16:40:18.0125 3620 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/03 16:40:18.0234 3620 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
2011/07/03 16:40:18.0359 3620 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/03 16:40:18.0484 3620 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/03 16:40:18.0703 3620 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/03 16:40:18.0781 3620 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/03 16:40:18.0875 3620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/03 16:40:19.0000 3620 Boot (0x1200) (0f6321570c9b21326dede84bd0315627) \Device\Harddisk0\DR0\Partition0
2011/07/03 16:40:19.0046 3620 Boot (0x1200) (b9a8a5b0044fa15a1caeda7f7fe4178f) \Device\Harddisk0\DR0\Partition1
2011/07/03 16:40:19.0046 3620 ================================================================================
2011/07/03 16:40:19.0046 3620 Scan finished
2011/07/03 16:40:19.0046 3620 ================================================================================
2011/07/03 16:40:19.0078 3524 Detected object count: 0
2011/07/03 16:40:19.0078 3524 Actual detected object count: 0

Show 40 post(s) from this thread on one page