Jump to content

deekay76

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello, and thanks for getting back to me. The reason I expect that it's malware related is because whenever my computer misbehaves and acts unusually I always expect it to be malware and usually it is. The DDS log is below, the attach log reports of the IP conflict. . DDS (Ver_11-03-05.01) - NTFSx86 Run by Darren at 16:31:49.15 on 07/04/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.32 [GMT -5:00] . . ============== Running Processes =============== . D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Asus\EeePC ACPI\AsTray.exe C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Elantech\ETDCtrl.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\mqsvc.exe D:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Documents and Settings\Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\SNDVOL32.EXE C:\Documents and Settings\Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Documents and Settings\Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Darren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\downloads\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File mRun: [AsusTray] c:\program files\asus\eeepc acpi\AsTray.exe mRun: [AsusACPIServer] c:\program files\asus\eeepc acpi\AsAcpiSvr.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe mRun: [ZoneAlarm Client] "d:\program files\zone labs\zonealarm\zlclient.exe" mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16 mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: HideRunAsVerb = 1 (0x1) dPolicies-explorer: NoSMHelp = 1 (0x1) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) dPolicies-explorer: StartMenuLogoff = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} IE: {B723B1B8-9788-4684-ADA7-D1DB02E1D516} IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\partygaming\partypoker\RunApp.exe Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2011-3-29 11608] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-10 353672] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2011-3-29 135336] R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2011-3-29 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-29 61960] S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-1-3 36608] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-13 14336] S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-7-20 38976] S3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632] S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\drivers\UCharger.sys [2007-5-15 13765] S4 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?] . =============== Created Last 30 ================ . 2011-04-04 17:46:21 -------- dc----w- c:\docume~1\alluse~1\applic~1\Pure Networks 2011-03-31 02:49:51 -------- dc----w- c:\docume~1\darren\applic~1\Avira 2011-03-29 06:13:48 61960 -c--a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-29 06:13:47 -------- dc----w- c:\docume~1\alluse~1\applic~1\Avira 2011-03-28 19:11:34 -------- dc----w- c:\program files\PokerEdge 2011-03-28 15:54:08 -------- dc----w- c:\windows\system32\URTTemp 2011-03-27 21:04:08 -------- dc----w- c:\windows\system32\XPSViewer 2011-03-27 02:07:06 -------- dc----w- c:\docume~1\darren\locals~1\applic~1\PCHealth 2011-03-26 22:44:34 -------- dc----w- c:\windows\ie8updates . ==================== Find3M ==================== . 2011-04-06 17:41:26 4168 -c--a-w- c:\windows\system32\PerfStringBackup.TMP 2011-02-10 07:27:02 13816 -c--a-w- c:\windows\system32\unikey.sys 2011-02-10 05:58:09 69361 -c--a-w- c:\windows\Huawei ModemsUninstall.exe 2011-02-09 13:53:52 270848 -c--a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 -c--a-w- c:\windows\system32\encdec.dll 2011-01-21 14:44:37 439296 -c--a-w- c:\windows\system32\shimgvw.dll . ============= FINISH: 16:32:58.59 ===============
  2. Thanks I gave it a go, not sure why DDS is still reporting the error at 192.169.0.100, I pinged it and got no response anyway.
  3. Hello, I seem to have a conflict with the addresses on my network and I'm getting the above errors. I have a cable Motorolla modem at 192.168.100.1 which is unconfigurable. From that I have my D link wireless router attached via the ethernet, the D link is at 192.168.0.1 and from that we connect a few laptops via the wifi. The Dlink gives my laptop an IP of 192.168.0.100 and it's at this IP address that I have the conflict. From what I have read I understand that I might need to change the DCHP range on the Dlink? I'm not sure what range I should enter, etc. If you could point me in the right direction I would appreciate it!
  4. Hello, I recently have noticed that my internet connection is not running as it should be, I keep getting discon and the internet runs slow and is unresponsive. I tried to update Mbytes and got the message above. I did a Mbytes scan and it didn't detect anything but I believe it is missing something and that I have an infection. Your help with this would be greatly appreciated.
  5. Thanks LD I have managed to install an update MB now. However it feels like something is amiss with my pc i just got this security warning, should I be concerned? Please see attached screenshots, I obviously have not installed the certificate. I remember from our last clean up with combofix that a font file was infected and funnily enough when I got this security warning I was for the first time running VLC Media player and it gave me a message that it was caching the fonts or something similar, not sure if this is related? mwbytes2.bmp mwbytes.bmp
  6. Good afternoon, I have recently received help, please see http://forums.malwarebytes.org/index.php?s...68092&st=20 I have still been having issues so I started up MB and attempted to update it. I initially got a message that the current version of MB was not compatible with the database so I installed a fresh copy and tried to update from there. I got the following error messages; MBAM_ERROR_EXPANDING_VARIABLES (0,453) MBAM_ERROR_MISSING_FILE (3,0 mbamswissarmy.sys) PLEASE REPORT THIS TO SUPPORT So at the moment I am unable to update or open MB.
  7. Hmm, I just tried downloading the disinfector.exe file and avira went crazy popping up with this Virus or unwanted program 'APPL/NirCmd.2 [program]' detected in file 'C:\Documents and Settings\Darren\Local Settings\temp\nircmd.exe. Action performed: Deny access
  8. Many thanks for your time and attention. Just a quick Q about this SD card, any advice? I don't want to put it back in if there is a chance I can get reinfected. Is there any way to tell how I got infected?
  9. I'm running alot better today, internet seems to be working fine now. So Combo fix is reporting that srsvc.dll is both missing and infected?? Here is the EST log ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=07ef188286c34b43bd33d1e684201ef7 # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2010-11-21 08:36:52 # local_time=2010-11-21 02:36:52 (-0600, Central Standard Time (Mexico)) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=crash # scanned=41429 # found=0 # cleaned=0 # scan_time=1873
  10. ComboFix 10-11-20.07 - Darren 21/11/2010 13:06:53.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.691 [GMT -6:00] Running from: c:\documents and settings\Darren\My Documents\Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\srsvc.dll . . . is infected!! c:\windows\system32\proquota.exe . . . is missing!! . ((((((((((((((((((((((((( Files Created from 2010-10-21 to 2010-11-21 ))))))))))))))))))))))))))))))) . 2010-11-20 19:20 . 2010-11-20 19:20 -------- dc----w- c:\documents and settings\NetworkService\Application Data\Avira 2010-11-19 04:17 . 2010-11-10 16:19 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-19 04:17 . 2010-11-10 16:19 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-11-19 04:08 . 2009-06-30 16:37 28552 -c--a-w- c:\windows\system32\drivers\pavboot.sys 2010-11-19 04:06 . 2010-11-19 04:06 -------- dc----w- c:\program files\Panda Security 2010-10-29 04:06 . 2010-10-29 04:06 -------- dc----w- c:\program files\NOS 2010-10-25 04:21 . 2010-10-25 04:22 -------- dc----w- c:\program files\Common Files\DivX Shared 2010-10-25 04:11 . 2010-10-25 04:25 -------- dc----w- c:\program files\DivX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-21 13:18 . 2009-03-10 17:40 4140 -c--a-w- c:\windows\system32\PerfStringBackup.TMP 2010-11-18 18:13 . 2010-09-05 01:07 60936 -c--a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-18 18:13 . 2010-09-05 01:07 126856 -c--a-w- c:\windows\system32\drivers\avipbb.sys 2010-10-12 01:10 . 2010-10-12 01:10 413656 -c--a-w- c:\windows\900-ASUS-1006.zip 2010-09-18 17:23 . 2007-04-03 07:44 974848 -c--a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2008-04-14 04:41 974848 -c--a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2008-04-14 04:41 953856 -c--a-w- c:\windows\system32\mfc40u.dll 2010-09-18 06:53 . 2001-08-23 11:00 954368 -c--a-w- c:\windows\system32\mfc40.dll 2010-09-01 11:51 . 2008-04-14 04:39 285824 -c--a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2008-04-14 00:00 1852800 -c--a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2008-04-14 04:42 119808 -c--a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2008-04-14 04:42 99840 -c--a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:39 . 2008-04-13 23:45 357248 -c--a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2009-04-15 15:22 5120 -c--a-w- c:\windows\system32\xpsp4res.dll . ------- Sigcheck ------- [7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll c:\windows\System32\drivers\beep.sys ... is missing !! c:\windows\System32\es.dll ... is missing !! c:\windows\System32\srsvc.dll ... is missing !! c:\windows\System32\wscntfy.exe ... is missing !! c:\windows\System32\regsvc.dll ... is missing !! c:\windows\System32\schedsvc.dll ... is missing !! c:\windows\System32\ssdpsrv.dll ... is missing !! c:\windows\System32\termsrv.dll ... is missing !! . ((((((((((((((((((((((((((((( SnapShot@2010-11-21_03.13.25 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-10 17:39 . 2010-11-21 13:13 259840 c:\windows\system32\FNTCACHE.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AsusTray"="c:\program files\Asus\EeePC ACPI\AsTray.exe" [2008-03-20 102400] "AsusACPIServer"="c:\program files\Asus\EeePC ACPI\AsAcpiSvr.exe" [2008-03-20 544768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-08 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-08 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-08 94208] "RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-03-24 339968] "ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968] "DLCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728] "avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2010-11-18 281768] "Adobe Reader Speed Launcher"="d:\program files\Reader\Reader_sl.exe" [2010-09-23 35760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-03-08 128512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideRunAsVerb"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "StartMenuLogoff"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin F5D8053 N Wireless USB Adapter Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin F5D8053 N Wireless USB Adapter Utility.lnk backup=c:\windows\pss\Belkin F5D8053 N Wireless USB Adapter Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1&1 EasyLogin] 2009-08-18 10:28 2200576 -c--a-w- d:\program files\1&1\1&1 EasyLogin\EasyLogin.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 05:07 932288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-09-16 20:04 1164584 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-12 01:42 136176 -c--atw- c:\documents and settings\Darren\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert] 2008-04-14 04:41 177152 -c--a-w- c:\windows\system32\mqrt.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-09-05 01:00 2424560 -c--a-w- d:\program files\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "odserv"=3 (0x3) "dlcc_device"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "gupdate"=3 (0x3) "NanoServiceMain"=2 (0x2) "WMPNetworkSvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Spotify\\spotify.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "d:\\Identity Cloaker\\OpenVPNPortable\\app\\bin\\openvpn.exe"= "d:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18/11/2010 22:08 28552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\avira\AntiVir Desktop\sched.exe [04/09/2010 19:07 135336] R3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\drivers\UCharger.sys [15/05/2007 07:43 13765] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [03/01/2010 15:45 36608] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [13/04/2008 22:42 14336] S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [20/07/2010 19:05 38976] S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - KLMD25 *Deregistered* - klmd25 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] DcomLaunch REG_MULTI_SZ DcomLaunch nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: {{B723B1B8-9788-4684-ADA7-D1DB02E1D516} FF - ProfilePath - c:\documents and settings\Darren\Application Data\Mozilla\Firefox\Profiles\kg7wng3o.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://mx.search.yahoo.com/search?ei=utf-8&fr=panda&type=panda1_0yatb&p= FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\Darren\Application Data\Mozilla\Firefox\Profiles\kg7wng3o.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll FF - component: c:\documents and settings\Darren\Application Data\Mozilla\Firefox\Profiles\kg7wng3o.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll FF - component: c:\documents and settings\Darren\Application Data\Mozilla\Firefox\Profiles\kg7wng3o.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-21 13:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-776561741-1897051121-515967899-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,ac,1a,a3,c4,29,3a,4b,ad,6a,12,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,ac,1a,a3,c4,29,3a,4b,ad,6a,12,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,a0,1e,a8,7b,80,7c,4e,bc,82,e0,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,a0,1e,a8,7b,80,7c,4e,bc,82,e0,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2652) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-11-21 13:24:48 ComboFix-quarantined-files.txt 2010-11-21 19:24 ComboFix2.txt 2010-11-21 04:28 ComboFix3.txt 2010-11-21 03:17 Pre-Run: 828,010,496 bytes free Post-Run: 856,272,896 bytes free - - End Of File - - 89D6BAD21E5E905B12DC18249E0375C3
  11. combofix is asking if I want to install a new version is that ok?
  12. EDIT, just to let you know my pc has never had the system restore feature from microsoft installed so I'm not sure how it can be infected, also when I search for the srsvc.dll file it's not there. It cannot be found to be replaced or deleted.
  13. Ok, here's the log, I have been unable to delete replace the file srsvc.dll. 2010/11/21 12:33:01.0968 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12 2010/11/21 12:33:01.0968 ================================================================================ 2010/11/21 12:33:01.0968 SystemInfo: 2010/11/21 12:33:01.0968 2010/11/21 12:33:01.0968 OS Version: 5.1.2600 ServicePack: 3.0 2010/11/21 12:33:01.0968 Product type: Workstation 2010/11/21 12:33:01.0968 ComputerName: EEE 2010/11/21 12:33:01.0968 UserName: Darren 2010/11/21 12:33:01.0968 Windows directory: C:\WINDOWS 2010/11/21 12:33:01.0968 System windows directory: C:\WINDOWS 2010/11/21 12:33:01.0968 Processor architecture: Intel x86 2010/11/21 12:33:01.0968 Number of processors: 1 2010/11/21 12:33:01.0968 Page size: 0x1000 2010/11/21 12:33:01.0968 Boot type: Normal boot 2010/11/21 12:33:01.0968 ================================================================================ 2010/11/21 12:33:05.0859 Initialize success 2010/11/21 12:33:10.0421 ================================================================================ 2010/11/21 12:33:10.0421 Scan started 2010/11/21 12:33:10.0421 Mode: Manual; 2010/11/21 12:33:10.0421 ================================================================================ 2010/11/21 12:33:13.0562 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/21 12:33:13.0609 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2010/11/21 12:33:13.0656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/11/21 12:33:13.0750 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2010/11/21 12:33:13.0796 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/11/21 12:33:13.0906 AR5211 (6d5f95602b8d0d994d31a864872b38ef) C:\WINDOWS\system32\DRIVERS\ar5211.sys 2010/11/21 12:33:14.0000 AsusACPI (784fcb197f9a50a419d8ce4980655ae4) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys 2010/11/21 12:33:14.0187 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/21 12:33:14.0250 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/21 12:33:14.0281 AtcL002 (cba10ed5a5981fe6122b6e7460df939b) C:\WINDOWS\system32\DRIVERS\l251x86.sys 2010/11/21 12:33:14.0375 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/21 12:33:14.0421 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Avira\AntiVir Desktop\avgio.sys 2010/11/21 12:33:14.0484 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/11/21 12:33:14.0546 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/11/21 12:33:14.0718 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/11/21 12:33:14.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/21 12:33:14.0828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/21 12:33:14.0875 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/21 12:33:15.0000 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/11/21 12:33:15.0171 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/11/21 12:33:15.0250 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/21 12:33:15.0343 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/11/21 12:33:15.0421 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/11/21 12:33:15.0500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/11/21 12:33:15.0562 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/11/21 12:33:15.0687 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/21 12:33:16.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/21 12:33:16.0140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/11/21 12:33:16.0203 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/11/21 12:33:16.0281 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS 2010/11/21 12:33:16.0343 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/21 12:33:16.0390 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/21 12:33:16.0453 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/21 12:33:16.0531 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/11/21 12:33:16.0593 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/11/21 12:33:16.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/21 12:33:16.0796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/21 12:33:16.0890 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2010/11/21 12:33:17.0078 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/21 12:33:17.0421 IntcAzAudAddService (cc8e47e97e4cb382c842a3066b1dfa7d) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/11/21 12:33:17.0687 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/11/21 12:33:17.0734 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/21 12:33:17.0781 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/11/21 12:33:17.0828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/21 12:33:17.0937 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/21 12:33:18.0000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/21 12:33:18.0125 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/21 12:33:18.0171 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/21 12:33:18.0218 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/21 12:33:18.0265 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/21 12:33:18.0312 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/11/21 12:33:18.0359 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/11/21 12:33:18.0437 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/21 12:33:18.0468 Ktp (db3bd8808fd2788c579856c61878356b) C:\WINDOWS\system32\DRIVERS\ETD.sys 2010/11/21 12:33:18.0578 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/11/21 12:33:18.0625 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/21 12:33:18.0656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/11/21 12:33:18.0703 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/21 12:33:18.0750 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys 2010/11/21 12:33:18.0843 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/21 12:33:18.0906 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/11/21 12:33:18.0953 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/21 12:33:19.0015 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/21 12:33:19.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/21 12:33:19.0218 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/21 12:33:19.0265 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/11/21 12:33:19.0328 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/11/21 12:33:19.0390 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/11/21 12:33:19.0453 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/11/21 12:33:19.0531 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/11/21 12:33:19.0578 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/21 12:33:19.0609 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/21 12:33:19.0656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/21 12:33:19.0718 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/21 12:33:19.0765 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/21 12:33:19.0828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/21 12:33:19.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/11/21 12:33:20.0203 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/21 12:33:20.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/11/21 12:33:20.0546 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2010/11/21 12:33:20.0593 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/21 12:33:20.0625 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/21 12:33:20.0671 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys 2010/11/21 12:33:20.0750 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/21 12:33:20.0828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys 2010/11/21 12:33:20.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/21 12:33:20.0937 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/21 12:33:21.0000 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\WINDOWS\system32\Drivers\pssdk42.sys 2010/11/21 12:33:21.0203 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/21 12:33:21.0250 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/11/21 12:33:21.0296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/21 12:33:21.0359 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/21 12:33:21.0406 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/21 12:33:21.0453 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/21 12:33:21.0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/21 12:33:21.0562 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/21 12:33:21.0625 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys 2010/11/21 12:33:21.0718 rt2870 (c2a6f7f35e617744a65dbfb0c0a64adc) C:\WINDOWS\system32\DRIVERS\rt2870.sys 2010/11/21 12:33:21.0828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/21 12:33:21.0890 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2010/11/21 12:33:22.0000 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/11/21 12:33:22.0156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/11/21 12:33:22.0250 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/21 12:33:22.0312 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/11/21 12:33:22.0359 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/11/21 12:33:22.0390 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/21 12:33:22.0437 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/11/21 12:33:22.0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/21 12:33:22.0531 tap0901 (d8c94d074fe516a8509dfa1d81f8ad17) C:\WINDOWS\system32\DRIVERS\tap0901.sys 2010/11/21 12:33:22.0593 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/21 12:33:22.0687 UCharger (e0529f7b6e1ace01ebb58e5642582c92) C:\WINDOWS\system32\Drivers\UCharger.sys 2010/11/21 12:33:22.0734 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/11/21 12:33:22.0796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/11/21 12:33:22.0890 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/11/21 12:33:22.0921 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/21 12:33:22.0968 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/21 12:33:23.0015 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/11/21 12:33:23.0187 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/11/21 12:33:23.0218 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/21 12:33:23.0265 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/21 12:33:23.0312 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 2010/11/21 12:33:23.0375 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/11/21 12:33:23.0421 vsdatant (13a225a31f8d64a395373e9434d2d1ab) C:\WINDOWS\system32\vsdatant.sys 2010/11/21 12:33:23.0531 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/21 12:33:23.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/21 12:33:23.0703 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2010/11/21 12:33:23.0765 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/11/21 12:33:23.0828 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/11/21 12:33:23.0875 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/11/21 12:33:24.0515 ================================================================================ 2010/11/21 12:33:24.0515 Scan finished 2010/11/21 12:33:24.0515 ================================================================================
  14. "The System Restore Service is provided with a compressed library of files bundled in the module srsvc.dll." You've lost me there, if the cure option is not there please select skip? The only system restore I know is the one in the help centre of windows allowing you to restore your pc to an earlier time. If I click on start, help and support there is nothing there. I thought combofix downloaded the system restore feature from windows but I can't seem to find it. Is there a command I can run from cmd to run system restore?
  15. I have a file named srvsvc.dll but I don't have srsvc.dll in my system.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.