Jump to content


Photo

started off with an error ding and now BSD


  • This topic is locked This topic is locked
8 replies to this topic

#1 impitine

impitine

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 17 November 2011 - 05:05 PM

My Kaspersky sub was running out, so I did a regular scan and it came up with a Trojan (not sure how it let it past). A week or so before this the system started to "ding" at me randomly, it seemed to be something with Iexplorer.

I did a regular Malwarebytes scan, with clear results. Next I began to get a iedw.exe error. I updated to Iexplorer 8, and now I get a blue screen "Invalid Process Detach Attempt".

I have since updated to a new Kaspersky, and on last scan there was nothing found, but I think the Trojan may have created some issues for me.

------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8184

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/11/2011 3:58:35 PM
mbam-log-2011-11-17 (15-58-35).txt

Scan type: Full scan (C:\|)
Objects scanned: 308086
Time elapsed: 48 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{1d5afcdd-ffd1-410d-b1c0-755407b018c2}\RP962\A0074262.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d5afcdd-ffd1-410d-b1c0-755407b018c2}\RP962\A0074263.exe (Application.FindKey) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d5afcdd-ffd1-410d-b1c0-755407b018c2}\RP962\A0074264.exe (Hacktool.WGAFix) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d5afcdd-ffd1-410d-b1c0-755407b018c2}\RP962\A0074265.exe (Malware.Tool) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d5afcdd-ffd1-410d-b1c0-755407b018c2}\RP962\A0074266.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dean at 15:59:47 on 2011-11-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.2211 [GMT -6:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
"C:\WINDOWS\system32\svchost.exe"
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 192.168.*.*
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Intel AppUp(SM) center] "c:\program files\intel\intelappstore\bin\serviceManager.lnk"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227895111687
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{11607B05-3994-460D-AC68-501C04E3D417} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dean\application data\mozilla\firefox\profiles\nmtlfthn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-9-30 565552]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-1-27 12672]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-17 41272]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-26 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-28 1684736]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 eltima_usb_stub;ELTIMA Usb Stub;c:\windows\system32\drivers\usbstub.sys [2010-6-17 11392]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-26 135664]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-2-9 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-2-3 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2011-2-3 42752]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2011-2-9 24064]
S3 U6000ALL;HDTV110 TV Box(ALL);c:\windows\system32\drivers\dmdcap.sys [2009-1-29 230784]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [2010-6-17 66432]
S4 MotoHelper.exe;Motorola Helper;c:\program files\motorola\moto helper service\MotoHelper.exe [2010-9-14 6656]
S4 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-12-2 218432]
.
=============== Created Last 30 ================
.
2011-11-17 21:08:06 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-17 20:59:54 388096 ----a-r- c:\documents and settings\dean\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-17 20:59:54 -------- d-----w- c:\program files\Trend Micro
2011-11-13 12:21:23 -------- d-sh--w- c:\documents and settings\dean\PrivacIE
2011-11-12 18:46:55 -------- dc-h--w- c:\windows\ie8
.
==================== Find3M ====================
.
2011-11-14 16:15:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A18D616]<<
_asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; MOV ECX, [EAX+0xc]; OR ECX, [EAX+0x10]; PUSH ESI; JNZ 0x94; MOV ESI, 0x200; CMP [EAX+0x4], ESI; JB 0x94; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AF04AB8]
\Driver\Disk[0x8AF07A08] -> IRP_MJ_READ -> 0x8A18D616
kernel: MBR read successfully
_asm { NOP ; XOR AX, AX; NOP ; MOV DS, AX; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; NOP ; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x626; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 16:00:54.75 ===============


-------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:02:34 PM, on 17/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files\Intel\IntelAppStore\bin\serviceManager.lnk"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1227895111687
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7368 bytes

-------

Results of screen317's Security Check version 0.99.27
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Kaspersky Internet Security 2012
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Adobe Flash Player 11.1.102.55
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
Kaspersky Lab Kaspersky Internet Security 2012 klwtblfs.exe
``````````End of Log````````````

#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 17 November 2011 - 11:15 PM

Hello impitine. Welcome to SWI.

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 impitine

impitine

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 18 November 2011 - 07:43 AM

It created 2 logs, I will post the first one first
-------

06:23:00.0125 0568 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
06:23:00.0625 0568 ============================================================
06:23:00.0625 0568 Current date / time: 2011/11/18 06:23:00.0625
06:23:00.0625 0568 SystemInfo:
06:23:00.0625 0568
06:23:00.0625 0568 OS Version: 5.1.2600 ServicePack: 3.0
06:23:00.0625 0568 Product type: Workstation
06:23:00.0625 0568 ComputerName: DESKTOP
06:23:00.0625 0568 UserName: Dean
06:23:00.0625 0568 Windows directory: C:\WINDOWS
06:23:00.0625 0568 System windows directory: C:\WINDOWS
06:23:00.0625 0568 Processor architecture: Intel x86
06:23:00.0625 0568 Number of processors: 4
06:23:00.0625 0568 Page size: 0x1000
06:23:00.0625 0568 Boot type: Normal boot
06:23:00.0625 0568 ============================================================
06:23:08.0468 0568 Initialize success
06:23:10.0546 4736 ============================================================
06:23:10.0546 4736 Scan started
06:23:10.0546 4736 Mode: Manual;
06:23:10.0546 4736 ============================================================
06:23:12.0156 4736 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
06:23:12.0156 4736 61883 - ok
06:23:12.0187 4736 Abiosdsk - ok
06:23:12.0203 4736 abp480n5 - ok
06:23:12.0234 4736 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:23:12.0234 4736 ACPI - ok
06:23:12.0296 4736 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:23:12.0296 4736 ACPIEC - ok
06:23:12.0343 4736 adpu160m - ok
06:23:12.0375 4736 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:23:12.0375 4736 aec - ok
06:23:12.0437 4736 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:23:12.0437 4736 AFD - ok
06:23:12.0484 4736 Aha154x - ok
06:23:12.0484 4736 aic78u2 - ok
06:23:12.0500 4736 aic78xx - ok
06:23:12.0531 4736 AliIde - ok
06:23:12.0593 4736 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
06:23:12.0640 4736 Ambfilt - ok
06:23:12.0671 4736 amsint - ok
06:23:12.0734 4736 appliand (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
06:23:12.0734 4736 appliand - ok
06:23:12.0734 4736 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
06:23:12.0734 4736 appliandMP - ok
06:23:12.0796 4736 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:23:12.0796 4736 Arp1394 - ok
06:23:12.0828 4736 asc - ok
06:23:12.0828 4736 asc3350p - ok
06:23:12.0843 4736 asc3550 - ok
06:23:12.0890 4736 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:23:12.0890 4736 AsyncMac - ok
06:23:12.0921 4736 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:23:12.0921 4736 atapi - ok
06:23:12.0953 4736 Atdisk - ok
06:23:13.0000 4736 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:23:13.0000 4736 Atmarpc - ok
06:23:13.0062 4736 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:23:13.0062 4736 audstub - ok
06:23:13.0125 4736 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
06:23:13.0125 4736 Avc - ok
06:23:13.0218 4736 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:23:13.0218 4736 Beep - ok
06:23:13.0281 4736 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:23:13.0281 4736 cbidf2k - ok
06:23:13.0343 4736 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:23:13.0343 4736 CCDECODE - ok
06:23:13.0390 4736 cd20xrnt - ok
06:23:13.0390 4736 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:23:13.0390 4736 Cdaudio - ok
06:23:13.0406 4736 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:23:13.0406 4736 Cdfs - ok
06:23:13.0421 4736 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:23:13.0421 4736 Cdrom - ok
06:23:13.0453 4736 Changer - ok
06:23:13.0468 4736 CmdIde - ok
06:23:13.0531 4736 Cpqarray - ok
06:23:13.0578 4736 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
06:23:13.0578 4736 cpuz132 - ok
06:23:13.0609 4736 dac2w2k - ok
06:23:13.0609 4736 dac960nt - ok
06:23:13.0625 4736 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:23:13.0625 4736 Disk - ok
06:23:13.0671 4736 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:23:13.0687 4736 dmboot - ok
06:23:13.0750 4736 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:23:13.0750 4736 dmio - ok
06:23:13.0796 4736 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:23:13.0796 4736 dmload - ok
06:23:13.0843 4736 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:23:13.0843 4736 DMusic - ok
06:23:13.0875 4736 dpti2o - ok
06:23:13.0875 4736 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:23:13.0875 4736 drmkaud - ok
06:23:13.0906 4736 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
06:23:13.0906 4736 e1express - ok
06:23:13.0937 4736 eltima_usb_stub (c5e36623f3aca1f121671ac43971846e) C:\WINDOWS\system32\DRIVERS\usbstub.sys
06:23:13.0937 4736 eltima_usb_stub - ok
06:23:13.0968 4736 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:23:13.0968 4736 Fastfat - ok
06:23:13.0984 4736 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
06:23:13.0984 4736 Fdc - ok
06:23:14.0000 4736 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:23:14.0000 4736 Fips - ok
06:23:14.0015 4736 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:23:14.0015 4736 Flpydisk - ok
06:23:14.0046 4736 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:23:14.0046 4736 FltMgr - ok
06:23:14.0046 4736 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:23:14.0046 4736 Fs_Rec - ok
06:23:14.0062 4736 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:23:14.0062 4736 Ftdisk - ok
06:23:14.0093 4736 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:23:14.0093 4736 Gpc - ok
06:23:14.0140 4736 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
06:23:14.0140 4736 grmnusb - ok
06:23:14.0187 4736 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:23:14.0187 4736 HDAudBus - ok
06:23:14.0265 4736 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:23:14.0265 4736 HidUsb - ok
06:23:14.0265 4736 hpn - ok
06:23:14.0281 4736 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
06:23:14.0281 4736 HPZid412 - ok
06:23:14.0312 4736 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
06:23:14.0312 4736 HPZipr12 - ok
06:23:14.0328 4736 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
06:23:14.0328 4736 HPZius12 - ok
06:23:14.0375 4736 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:23:14.0375 4736 HTTP - ok
06:23:14.0390 4736 i2omgmt - ok
06:23:14.0390 4736 i2omp - ok
06:23:14.0406 4736 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:23:14.0406 4736 i8042prt - ok
06:23:14.0593 4736 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
06:23:14.0765 4736 ialm - ok
06:23:14.0796 4736 imagedrv (552b6b3b889020b8a2d5525068a494b4) C:\WINDOWS\system32\Drivers\imagedrv.sys
06:23:14.0812 4736 imagedrv - ok
06:23:14.0812 4736 imagesrv (1be72919f1b489fb8c06ae7cef45c659) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
06:23:14.0812 4736 imagesrv - ok
06:23:14.0828 4736 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:23:14.0828 4736 Imapi - ok
06:23:14.0828 4736 ini910u - ok
06:23:14.0984 4736 IntcAzAudAddService (fff40b71c4845188a2cb2dfbc480b855) C:\WINDOWS\system32\drivers\RtkHDAud.sys
06:23:15.0015 4736 IntcAzAudAddService - ok
06:23:15.0031 4736 IntelIde - ok
06:23:15.0031 4736 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:23:15.0046 4736 intelppm - ok
06:23:15.0062 4736 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:23:15.0062 4736 Ip6Fw - ok
06:23:15.0093 4736 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:23:15.0093 4736 IpFilterDriver - ok
06:23:15.0109 4736 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:23:15.0109 4736 IpInIp - ok
06:23:15.0140 4736 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:23:15.0140 4736 IpNat - ok
06:23:15.0156 4736 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:23:15.0156 4736 IPSec - ok
06:23:15.0187 4736 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:23:15.0187 4736 IRENUM - ok
06:23:15.0218 4736 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:23:15.0218 4736 isapnp - ok
06:23:15.0250 4736 JL2005C (03ca5f0eb17c33d79ef90c4cc21e80db) C:\WINDOWS\system32\Drivers\jl2005c.sys
06:23:15.0250 4736 JL2005C - ok
06:23:15.0265 4736 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:23:15.0265 4736 Kbdclass - ok
06:23:15.0296 4736 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\kl1.sys
06:23:15.0296 4736 KL1 - ok
06:23:15.0328 4736 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\WINDOWS\system32\DRIVERS\kl2.sys
06:23:15.0328 4736 kl2 - ok
06:23:15.0390 4736 KLIF (5d92a03045a6a98708975b3d77b39a36) C:\WINDOWS\system32\DRIVERS\klif.sys
06:23:15.0390 4736 KLIF - ok
06:23:15.0421 4736 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\WINDOWS\system32\DRIVERS\klim5.sys
06:23:15.0421 4736 klim5 - ok
06:23:15.0453 4736 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
06:23:15.0453 4736 klmouflt - ok
06:23:15.0656 4736 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:23:15.0656 4736 kmixer - ok
06:23:15.0718 4736 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:23:15.0734 4736 KSecDD - ok
06:23:15.0765 4736 lbrtfdc - ok
06:23:15.0781 4736 MBAMSwissArmy - ok
06:23:15.0828 4736 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:23:15.0828 4736 mnmdd - ok
06:23:15.0843 4736 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:23:15.0843 4736 Modem - ok
06:23:15.0906 4736 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
06:23:15.0953 4736 Monfilt - ok
06:23:15.0984 4736 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys
06:23:15.0984 4736 motccgp - ok
06:23:16.0015 4736 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
06:23:16.0015 4736 motccgpfl - ok
06:23:16.0031 4736 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
06:23:16.0031 4736 MotDev - ok
06:23:16.0046 4736 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys
06:23:16.0062 4736 motmodem - ok
06:23:16.0078 4736 motport (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motport.sys
06:23:16.0078 4736 motport - ok
06:23:16.0125 4736 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:23:16.0125 4736 Mouclass - ok
06:23:16.0125 4736 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:23:16.0125 4736 mouhid - ok
06:23:16.0187 4736 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:23:16.0187 4736 MountMgr - ok
06:23:16.0203 4736 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
06:23:16.0218 4736 MPE - ok
06:23:16.0218 4736 mraid35x - ok
06:23:16.0234 4736 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:23:16.0234 4736 MRxDAV - ok
06:23:16.0281 4736 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:23:16.0281 4736 MRxSmb - ok
06:23:16.0328 4736 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
06:23:16.0328 4736 MSDV - ok
06:23:16.0328 4736 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:23:16.0328 4736 Msfs - ok
06:23:16.0359 4736 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:23:16.0359 4736 MSKSSRV - ok
06:23:16.0359 4736 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:23:16.0359 4736 MSPCLOCK - ok
06:23:16.0375 4736 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:23:16.0390 4736 MSPQM - ok
06:23:16.0421 4736 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:23:16.0421 4736 mssmbios - ok
06:23:16.0468 4736 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:23:16.0468 4736 MSTEE - ok
06:23:16.0484 4736 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:23:16.0484 4736 Mup - ok
06:23:16.0500 4736 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:23:16.0515 4736 NABTSFEC - ok
06:23:16.0531 4736 NAL (d02734423b59b3ac14cdfe91e9665ff0) C:\WINDOWS\system32\Drivers\iqvw32.sys
06:23:16.0531 4736 NAL - ok
06:23:16.0562 4736 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:23:16.0562 4736 NDIS - ok
06:23:16.0609 4736 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:23:16.0609 4736 NdisIP - ok
06:23:16.0640 4736 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:23:16.0640 4736 NdisTapi - ok
06:23:16.0656 4736 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:23:16.0656 4736 Ndisuio - ok
06:23:16.0671 4736 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:23:16.0671 4736 NdisWan - ok
06:23:16.0718 4736 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:23:16.0718 4736 NDProxy - ok
06:23:16.0750 4736 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:23:16.0750 4736 NetBIOS - ok
06:23:16.0765 4736 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:23:16.0765 4736 NetBT - ok
06:23:16.0812 4736 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:23:16.0812 4736 NIC1394 - ok
06:23:16.0828 4736 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:23:16.0828 4736 Npfs - ok
06:23:16.0843 4736 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:23:16.0859 4736 Ntfs - ok
06:23:16.0875 4736 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:23:16.0875 4736 Null - ok
06:23:16.0906 4736 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:23:16.0906 4736 NwlnkFlt - ok
06:23:16.0906 4736 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:23:16.0906 4736 NwlnkFwd - ok
06:23:16.0921 4736 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:23:16.0921 4736 ohci1394 - ok
06:23:16.0953 4736 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
06:23:16.0953 4736 Parport - ok
06:23:16.0968 4736 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:23:16.0968 4736 PartMgr - ok
06:23:16.0984 4736 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:23:17.0000 4736 ParVdm - ok
06:23:17.0000 4736 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:23:17.0000 4736 PCI - ok
06:23:17.0015 4736 PCIDump - ok
06:23:17.0015 4736 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:23:17.0015 4736 PCIIde - ok
06:23:17.0046 4736 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:23:17.0046 4736 Pcmcia - ok
06:23:17.0046 4736 PDCOMP - ok
06:23:17.0062 4736 PDFRAME - ok
06:23:17.0062 4736 PDRELI - ok
06:23:17.0078 4736 PDRFRAME - ok
06:23:17.0078 4736 perc2 - ok
06:23:17.0093 4736 perc2hib - ok
06:23:17.0125 4736 Point32 (60a044879c4fa76314494f5fddc43b93) C:\WINDOWS\system32\DRIVERS\point32.sys
06:23:17.0125 4736 Point32 - ok
06:23:17.0140 4736 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:23:17.0140 4736 PptpMiniport - ok
06:23:17.0156 4736 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:23:17.0156 4736 PSched - ok
06:23:17.0171 4736 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:23:17.0171 4736 Ptilink - ok
06:23:17.0171 4736 ql1080 - ok
06:23:17.0187 4736 Ql10wnt - ok
06:23:17.0187 4736 ql12160 - ok
06:23:17.0203 4736 ql1240 - ok
06:23:17.0203 4736 ql1280 - ok
06:23:17.0218 4736 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:23:17.0218 4736 RasAcd - ok
06:23:17.0234 4736 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:23:17.0234 4736 Rasl2tp - ok
06:23:17.0250 4736 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:23:17.0250 4736 RasPppoe - ok
06:23:17.0250 4736 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:23:17.0250 4736 Raspti - ok
06:23:17.0281 4736 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:23:17.0281 4736 Rdbss - ok
06:23:17.0281 4736 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:23:17.0281 4736 RDPCDD - ok
06:23:17.0312 4736 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
06:23:17.0328 4736 RDPWD - ok
06:23:17.0359 4736 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:23:17.0359 4736 redbook - ok
06:23:17.0390 4736 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:23:17.0390 4736 Secdrv - ok
06:23:17.0406 4736 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
06:23:17.0406 4736 Ser2pl - ok
06:23:17.0437 4736 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:23:17.0437 4736 serenum - ok
06:23:17.0453 4736 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:23:17.0453 4736 Serial - ok
06:23:17.0500 4736 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:23:17.0500 4736 Sfloppy - ok
06:23:17.0500 4736 Simbad - ok
06:23:17.0546 4736 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:23:17.0546 4736 SLIP - ok
06:23:17.0546 4736 Sparrow - ok
06:23:17.0578 4736 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:23:17.0578 4736 splitter - ok
06:23:17.0593 4736 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:23:17.0593 4736 sr - ok
06:23:17.0640 4736 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:23:17.0640 4736 Srv - ok
06:23:17.0656 4736 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:23:17.0656 4736 streamip - ok
06:23:17.0671 4736 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:23:17.0671 4736 swenum - ok
06:23:17.0687 4736 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:23:17.0687 4736 swmidi - ok
06:23:17.0687 4736 symc810 - ok
06:23:17.0703 4736 symc8xx - ok
06:23:17.0703 4736 sym_hi - ok
06:23:17.0718 4736 sym_u3 - ok
06:23:17.0718 4736 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:23:17.0718 4736 sysaudio - ok
06:23:17.0750 4736 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
06:23:17.0750 4736 taphss - ok
06:23:17.0781 4736 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
06:23:17.0781 4736 tapvpn - ok
06:23:17.0843 4736 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:23:17.0843 4736 Tcpip - ok
06:23:17.0875 4736 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:23:17.0875 4736 TDPIPE - ok
06:23:17.0890 4736 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:23:17.0890 4736 TDTCP - ok
06:23:17.0906 4736 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:23:17.0906 4736 TermDD - ok
06:23:17.0921 4736 TosIde - ok
06:23:17.0968 4736 U6000ALL (299bad34371d9ddd624f1de84d893e87) C:\WINDOWS\system32\DRIVERS\dmdcap.sys
06:23:17.0984 4736 U6000ALL - ok
06:23:18.0000 4736 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:23:18.0015 4736 Udfs - ok
06:23:18.0015 4736 ultra - ok
06:23:18.0031 4736 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:23:18.0031 4736 Update - ok
06:23:18.0093 4736 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:23:18.0093 4736 usbccgp - ok
06:23:18.0109 4736 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:23:18.0109 4736 usbehci - ok
06:23:18.0125 4736 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:23:18.0125 4736 usbhub - ok
06:23:18.0156 4736 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:23:18.0156 4736 usbprint - ok
06:23:18.0187 4736 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:23:18.0187 4736 usbscan - ok
06:23:18.0265 4736 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:23:18.0265 4736 USBSTOR - ok
06:23:18.0281 4736 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:23:18.0281 4736 usbuhci - ok
06:23:18.0312 4736 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
06:23:18.0312 4736 usb_rndisx - ok
06:23:18.0343 4736 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:23:18.0343 4736 VgaSave - ok
06:23:18.0343 4736 ViaIde - ok
06:23:18.0359 4736 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:23:18.0359 4736 VolSnap - ok
06:23:18.0406 4736 vuhub (c21dbd71aa028b3d213460f88d43bbfd) C:\WINDOWS\system32\DRIVERS\vuhub.sys
06:23:18.0406 4736 vuhub - ok
06:23:18.0421 4736 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:23:18.0421 4736 Wanarp - ok
06:23:18.0453 4736 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
06:23:18.0453 4736 Wdf01000 - ok
06:23:18.0468 4736 WDICA - ok
06:23:18.0484 4736 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:23:18.0484 4736 wdmaud - ok
06:23:18.0531 4736 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:23:18.0531 4736 WSTCODEC - ok
06:23:18.0562 4736 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:23:18.0562 4736 WudfPf - ok
06:23:18.0578 4736 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:23:18.0578 4736 WudfRd - ok
06:23:18.0593 4736 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
06:23:18.0593 4736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
06:23:18.0593 4736 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
06:23:18.0609 4736 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk1\DR1
06:23:18.0609 4736 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected
06:23:18.0609 4736 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)
06:23:18.0609 4736 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
06:23:27.0796 4736 \Device\Harddisk2\DR4 - ok
06:23:27.0796 4736 Boot (0x1200) (22f7271a25ec27230dcccd506dc23995) \Device\Harddisk0\DR0\Partition0
06:23:27.0796 4736 \Device\Harddisk0\DR0\Partition0 - ok
06:23:27.0796 4736 Boot (0x1200) (d7cee47df200e568f601e1dce6735c1d) \Device\Harddisk1\DR1\Partition0
06:23:27.0796 4736 \Device\Harddisk1\DR1\Partition0 - ok
06:23:27.0796 4736 Boot (0x1200) (e09045fa3860dd1026253749ff19acf5) \Device\Harddisk2\DR4\Partition0
06:23:27.0796 4736 \Device\Harddisk2\DR4\Partition0 - ok
06:23:27.0796 4736 ============================================================
06:23:27.0796 4736 Scan finished
06:23:27.0796 4736 ============================================================
06:23:27.0812 3680 Detected object count: 2
06:23:27.0812 3680 Actual detected object count: 2
06:24:15.0250 3680 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
06:24:15.0250 3680 \Device\Harddisk0\DR0 - ok
06:24:15.0250 3680 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
06:24:15.0265 3680 \Device\Harddisk1\DR1 - processing error
06:24:23.0234 3680 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
06:24:29.0156 5912 Deinitialize success


-------

06:24:48.0781 4972 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
06:24:49.0468 4972 ============================================================
06:24:49.0468 4972 Current date / time: 2011/11/18 06:24:49.0468
06:24:49.0468 4972 SystemInfo:
06:24:49.0468 4972
06:24:49.0468 4972 OS Version: 5.1.2600 ServicePack: 3.0
06:24:49.0468 4972 Product type: Workstation
06:24:49.0468 4972 ComputerName: DESKTOP
06:24:49.0468 4972 UserName: Dean
06:24:49.0468 4972 Windows directory: C:\WINDOWS
06:24:49.0468 4972 System windows directory: C:\WINDOWS
06:24:49.0468 4972 Processor architecture: Intel x86
06:24:49.0468 4972 Number of processors: 4
06:24:49.0468 4972 Page size: 0x1000
06:24:49.0468 4972 Boot type: Normal boot
06:24:49.0468 4972 ============================================================
06:24:49.0593 4972 Initialize success
06:24:50.0843 2444 ============================================================
06:24:50.0843 2444 Scan started
06:24:50.0843 2444 Mode: Manual;
06:24:50.0843 2444 ============================================================
06:24:51.0375 2444 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
06:24:51.0375 2444 61883 - ok
06:24:51.0421 2444 Abiosdsk - ok
06:24:51.0421 2444 abp480n5 - ok
06:24:51.0468 2444 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:24:51.0468 2444 ACPI - ok
06:24:51.0531 2444 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:24:51.0531 2444 ACPIEC - ok
06:24:51.0578 2444 adpu160m - ok
06:24:51.0593 2444 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:24:51.0593 2444 aec - ok
06:24:51.0656 2444 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:24:51.0656 2444 AFD - ok
06:24:51.0703 2444 Aha154x - ok
06:24:51.0734 2444 aic78u2 - ok
06:24:51.0734 2444 aic78xx - ok
06:24:51.0765 2444 AliIde - ok
06:24:51.0859 2444 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
06:24:51.0859 2444 Ambfilt - ok
06:24:51.0906 2444 amsint - ok
06:24:51.0953 2444 appliand (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
06:24:51.0953 2444 appliand - ok
06:24:51.0953 2444 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
06:24:51.0953 2444 appliandMP - ok
06:24:52.0000 2444 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:24:52.0000 2444 Arp1394 - ok
06:24:52.0015 2444 asc - ok
06:24:52.0046 2444 asc3350p - ok
06:24:52.0046 2444 asc3550 - ok
06:24:52.0109 2444 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:24:52.0109 2444 AsyncMac - ok
06:24:52.0156 2444 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:24:52.0156 2444 atapi - ok
06:24:52.0156 2444 Atdisk - ok
06:24:52.0187 2444 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:24:52.0187 2444 Atmarpc - ok
06:24:52.0250 2444 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:24:52.0250 2444 audstub - ok
06:24:52.0312 2444 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
06:24:52.0312 2444 Avc - ok
06:24:52.0406 2444 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:24:52.0406 2444 Beep - ok
06:24:52.0468 2444 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:24:52.0468 2444 cbidf2k - ok
06:24:52.0531 2444 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:24:52.0531 2444 CCDECODE - ok
06:24:52.0578 2444 cd20xrnt - ok
06:24:52.0578 2444 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:24:52.0578 2444 Cdaudio - ok
06:24:52.0593 2444 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:24:52.0593 2444 Cdfs - ok
06:24:52.0609 2444 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:24:52.0609 2444 Cdrom - ok
06:24:52.0640 2444 Changer - ok
06:24:52.0703 2444 CmdIde - ok
06:24:52.0703 2444 Cpqarray - ok
06:24:52.0750 2444 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
06:24:52.0750 2444 cpuz132 - ok
06:24:52.0796 2444 dac2w2k - ok
06:24:52.0828 2444 dac960nt - ok
06:24:52.0828 2444 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:24:52.0828 2444 Disk - ok
06:24:52.0875 2444 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:24:52.0875 2444 dmboot - ok
06:24:52.0937 2444 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:24:52.0937 2444 dmio - ok
06:24:53.0000 2444 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:24:53.0000 2444 dmload - ok
06:24:53.0046 2444 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:24:53.0046 2444 DMusic - ok
06:24:53.0093 2444 dpti2o - ok
06:24:53.0093 2444 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:24:53.0093 2444 drmkaud - ok
06:24:53.0125 2444 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
06:24:53.0125 2444 e1express - ok
06:24:53.0203 2444 eltima_usb_stub (c5e36623f3aca1f121671ac43971846e) C:\WINDOWS\system32\DRIVERS\usbstub.sys
06:24:53.0203 2444 eltima_usb_stub - ok
06:24:53.0250 2444 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:24:53.0250 2444 Fastfat - ok
06:24:53.0281 2444 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
06:24:53.0281 2444 Fdc - ok
06:24:53.0296 2444 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:24:53.0296 2444 Fips - ok
06:24:53.0312 2444 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:24:53.0312 2444 Flpydisk - ok
06:24:53.0343 2444 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:24:53.0343 2444 FltMgr - ok
06:24:53.0343 2444 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:24:53.0343 2444 Fs_Rec - ok
06:24:53.0375 2444 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:24:53.0375 2444 Ftdisk - ok
06:24:53.0390 2444 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:24:53.0390 2444 Gpc - ok
06:24:53.0421 2444 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
06:24:53.0421 2444 grmnusb - ok
06:24:53.0453 2444 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:24:53.0453 2444 HDAudBus - ok
06:24:53.0484 2444 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:24:53.0484 2444 HidUsb - ok
06:24:53.0484 2444 hpn - ok
06:24:53.0515 2444 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
06:24:53.0515 2444 HPZid412 - ok
06:24:53.0531 2444 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
06:24:53.0531 2444 HPZipr12 - ok
06:24:53.0546 2444 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
06:24:53.0546 2444 HPZius12 - ok
06:24:53.0578 2444 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:24:53.0593 2444 HTTP - ok
06:24:53.0593 2444 i2omgmt - ok
06:24:53.0609 2444 i2omp - ok
06:24:53.0625 2444 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:24:53.0625 2444 i8042prt - ok
06:24:53.0796 2444 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
06:24:53.0828 2444 ialm - ok
06:24:53.0875 2444 imagedrv (552b6b3b889020b8a2d5525068a494b4) C:\WINDOWS\system32\Drivers\imagedrv.sys
06:24:53.0875 2444 imagedrv - ok
06:24:53.0875 2444 imagesrv (1be72919f1b489fb8c06ae7cef45c659) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
06:24:53.0875 2444 imagesrv - ok
06:24:53.0890 2444 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:24:53.0890 2444 Imapi - ok
06:24:53.0890 2444 ini910u - ok
06:24:54.0046 2444 IntcAzAudAddService (fff40b71c4845188a2cb2dfbc480b855) C:\WINDOWS\system32\drivers\RtkHDAud.sys
06:24:54.0078 2444 IntcAzAudAddService - ok
06:24:54.0078 2444 IntelIde - ok
06:24:54.0109 2444 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:24:54.0109 2444 intelppm - ok
06:24:54.0125 2444 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:24:54.0125 2444 Ip6Fw - ok
06:24:54.0156 2444 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:24:54.0156 2444 IpFilterDriver - ok
06:24:54.0171 2444 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:24:54.0171 2444 IpInIp - ok
06:24:54.0218 2444 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:24:54.0218 2444 IpNat - ok
06:24:54.0234 2444 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:24:54.0234 2444 IPSec - ok
06:24:54.0250 2444 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:24:54.0265 2444 IRENUM - ok
06:24:54.0281 2444 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:24:54.0281 2444 isapnp - ok
06:24:54.0312 2444 JL2005C (03ca5f0eb17c33d79ef90c4cc21e80db) C:\WINDOWS\system32\Drivers\jl2005c.sys
06:24:54.0312 2444 JL2005C - ok
06:24:54.0343 2444 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:24:54.0343 2444 Kbdclass - ok
06:24:54.0375 2444 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\kl1.sys
06:24:54.0375 2444 KL1 - ok
06:24:54.0390 2444 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\WINDOWS\system32\DRIVERS\kl2.sys
06:24:54.0390 2444 kl2 - ok
06:24:54.0453 2444 KLIF (5d92a03045a6a98708975b3d77b39a36) C:\WINDOWS\system32\DRIVERS\klif.sys
06:24:54.0453 2444 KLIF - ok
06:24:54.0468 2444 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\WINDOWS\system32\DRIVERS\klim5.sys
06:24:54.0468 2444 klim5 - ok
06:24:54.0484 2444 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
06:24:54.0484 2444 klmouflt - ok
06:24:54.0500 2444 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:24:54.0500 2444 kmixer - ok
06:24:54.0531 2444 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:24:54.0531 2444 KSecDD - ok
06:24:54.0531 2444 lbrtfdc - ok
06:24:54.0546 2444 MBAMSwissArmy - ok
06:24:54.0578 2444 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:24:54.0578 2444 mnmdd - ok
06:24:54.0609 2444 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:24:54.0609 2444 Modem - ok
06:24:54.0656 2444 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
06:24:54.0656 2444 Monfilt - ok
06:24:54.0687 2444 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys
06:24:54.0687 2444 motccgp - ok
06:24:54.0718 2444 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
06:24:54.0718 2444 motccgpfl - ok
06:24:54.0734 2444 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
06:24:54.0734 2444 MotDev - ok
06:24:54.0765 2444 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys
06:24:54.0765 2444 motmodem - ok
06:24:54.0781 2444 motport (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motport.sys
06:24:54.0781 2444 motport - ok
06:24:54.0828 2444 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:24:54.0828 2444 Mouclass - ok
06:24:54.0843 2444 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:24:54.0843 2444 mouhid - ok
06:24:54.0890 2444 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:24:54.0890 2444 MountMgr - ok
06:24:54.0921 2444 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
06:24:54.0921 2444 MPE - ok
06:24:54.0921 2444 mraid35x - ok
06:24:54.0937 2444 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:24:54.0937 2444 MRxDAV - ok
06:24:54.0984 2444 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:24:54.0984 2444 MRxSmb - ok
06:24:55.0031 2444 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
06:24:55.0031 2444 MSDV - ok
06:24:55.0031 2444 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:24:55.0031 2444 Msfs - ok
06:24:55.0046 2444 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:24:55.0046 2444 MSKSSRV - ok
06:24:55.0062 2444 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:24:55.0062 2444 MSPCLOCK - ok
06:24:55.0078 2444 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:24:55.0078 2444 MSPQM - ok
06:24:55.0109 2444 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:24:55.0109 2444 mssmbios - ok
06:24:55.0140 2444 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:24:55.0140 2444 MSTEE - ok
06:24:55.0156 2444 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:24:55.0156 2444 Mup - ok
06:24:55.0187 2444 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:24:55.0187 2444 NABTSFEC - ok
06:24:55.0203 2444 NAL (d02734423b59b3ac14cdfe91e9665ff0) C:\WINDOWS\system32\Drivers\iqvw32.sys
06:24:55.0203 2444 NAL - ok
06:24:55.0250 2444 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:24:55.0250 2444 NDIS - ok
06:24:55.0265 2444 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:24:55.0265 2444 NdisIP - ok
06:24:55.0312 2444 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:24:55.0312 2444 NdisTapi - ok
06:24:55.0328 2444 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:24:55.0328 2444 Ndisuio - ok
06:24:55.0343 2444 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:24:55.0343 2444 NdisWan - ok
06:24:55.0390 2444 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:24:55.0390 2444 NDProxy - ok
06:24:55.0406 2444 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:24:55.0406 2444 NetBIOS - ok
06:24:55.0421 2444 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:24:55.0421 2444 NetBT - ok
06:24:55.0437 2444 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:24:55.0437 2444 NIC1394 - ok
06:24:55.0453 2444 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:24:55.0453 2444 Npfs - ok
06:24:55.0484 2444 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:24:55.0484 2444 Ntfs - ok
06:24:55.0484 2444 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:24:55.0484 2444 Null - ok
06:24:55.0515 2444 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:24:55.0531 2444 NwlnkFlt - ok
06:24:55.0531 2444 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:24:55.0531 2444 NwlnkFwd - ok
06:24:55.0546 2444 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:24:55.0546 2444 ohci1394 - ok
06:24:55.0578 2444 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
06:24:55.0578 2444 Parport - ok
06:24:55.0593 2444 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:24:55.0593 2444 PartMgr - ok
06:24:55.0609 2444 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:24:55.0609 2444 ParVdm - ok
06:24:55.0625 2444 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:24:55.0625 2444 PCI - ok
06:24:55.0625 2444 PCIDump - ok
06:24:55.0640 2444 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:24:55.0640 2444 PCIIde - ok
06:24:55.0656 2444 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:24:55.0671 2444 Pcmcia - ok
06:24:55.0671 2444 PDCOMP - ok
06:24:55.0687 2444 PDFRAME - ok
06:24:55.0687 2444 PDRELI - ok
06:24:55.0703 2444 PDRFRAME - ok
06:24:55.0703 2444 perc2 - ok
06:24:55.0703 2444 perc2hib - ok
06:24:55.0750 2444 Point32 (60a044879c4fa76314494f5fddc43b93) C:\WINDOWS\system32\DRIVERS\point32.sys
06:24:55.0750 2444 Point32 - ok
06:24:55.0765 2444 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:24:55.0765 2444 PptpMiniport - ok
06:24:55.0781 2444 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:24:55.0781 2444 PSched - ok
06:24:55.0781 2444 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:24:55.0781 2444 Ptilink - ok
06:24:55.0796 2444 ql1080 - ok
06:24:55.0796 2444 Ql10wnt - ok
06:24:55.0812 2444 ql12160 - ok
06:24:55.0812 2444 ql1240 - ok
06:24:55.0828 2444 ql1280 - ok
06:24:55.0843 2444 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:24:55.0843 2444 RasAcd - ok
06:24:55.0859 2444 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:24:55.0859 2444 Rasl2tp - ok
06:24:55.0859 2444 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:24:55.0859 2444 RasPppoe - ok
06:24:55.0875 2444 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:24:55.0875 2444 Raspti - ok
06:24:55.0890 2444 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:24:55.0890 2444 Rdbss - ok
06:24:55.0906 2444 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:24:55.0906 2444 RDPCDD - ok
06:24:55.0953 2444 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
06:24:55.0953 2444 RDPWD - ok
06:24:55.0953 2444 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:24:55.0968 2444 redbook - ok
06:24:55.0984 2444 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:24:55.0984 2444 Secdrv - ok
06:24:56.0015 2444 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
06:24:56.0015 2444 Ser2pl - ok
06:24:56.0046 2444 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:24:56.0046 2444 serenum - ok
06:24:56.0046 2444 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:24:56.0046 2444 Serial - ok
06:24:56.0093 2444 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:24:56.0093 2444 Sfloppy - ok
06:24:56.0109 2444 Simbad - ok
06:24:56.0125 2444 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:24:56.0125 2444 SLIP - ok
06:24:56.0140 2444 Sparrow - ok
06:24:56.0171 2444 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:24:56.0171 2444 splitter - ok
06:24:56.0187 2444 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:24:56.0187 2444 sr - ok
06:24:56.0218 2444 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:24:56.0218 2444 Srv - ok
06:24:56.0234 2444 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:24:56.0234 2444 streamip - ok
06:24:56.0250 2444 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:24:56.0250 2444 swenum - ok
06:24:56.0265 2444 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:24:56.0265 2444 swmidi - ok
06:24:56.0265 2444 symc810 - ok
06:24:56.0281 2444 symc8xx - ok
06:24:56.0281 2444 sym_hi - ok
06:24:56.0296 2444 sym_u3 - ok
06:24:56.0328 2444 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:24:56.0328 2444 sysaudio - ok
06:24:56.0359 2444 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
06:24:56.0359 2444 taphss - ok
06:24:56.0390 2444 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
06:24:56.0390 2444 tapvpn - ok
06:24:56.0453 2444 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:24:56.0453 2444 Tcpip - ok
06:24:56.0484 2444 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:24:56.0484 2444 TDPIPE - ok
06:24:56.0500 2444 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:24:56.0500 2444 TDTCP - ok
06:24:56.0515 2444 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:24:56.0515 2444 TermDD - ok
06:24:56.0515 2444 TosIde - ok
06:24:56.0562 2444 U6000ALL (299bad34371d9ddd624f1de84d893e87) C:\WINDOWS\system32\DRIVERS\dmdcap.sys
06:24:56.0562 2444 U6000ALL - ok
06:24:56.0593 2444 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:24:56.0593 2444 Udfs - ok
06:24:56.0593 2444 ultra - ok
06:24:56.0656 2444 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:24:56.0656 2444 Update - ok
06:24:56.0703 2444 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:24:56.0703 2444 usbccgp - ok
06:24:56.0718 2444 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:24:56.0718 2444 usbehci - ok
06:24:56.0734 2444 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:24:56.0734 2444 usbhub - ok
06:24:56.0765 2444 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:24:56.0765 2444 usbprint - ok
06:24:56.0796 2444 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:24:56.0796 2444 usbscan - ok
06:24:56.0812 2444 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:24:56.0812 2444 USBSTOR - ok
06:24:56.0843 2444 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:24:56.0843 2444 usbuhci - ok
06:24:56.0859 2444 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
06:24:56.0859 2444 usb_rndisx - ok
06:24:56.0875 2444 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:24:56.0875 2444 VgaSave - ok
06:24:56.0890 2444 ViaIde - ok
06:24:56.0906 2444 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:24:56.0906 2444 VolSnap - ok
06:24:56.0953 2444 vuhub (c21dbd71aa028b3d213460f88d43bbfd) C:\WINDOWS\system32\DRIVERS\vuhub.sys
06:24:56.0953 2444 vuhub - ok
06:24:56.0968 2444 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:24:56.0968 2444 Wanarp - ok
06:24:57.0000 2444 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
06:24:57.0000 2444 Wdf01000 - ok
06:24:57.0015 2444 WDICA - ok
06:24:57.0031 2444 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:24:57.0031 2444 wdmaud - ok
06:24:57.0078 2444 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:24:57.0078 2444 WSTCODEC - ok
06:24:57.0109 2444 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:24:57.0109 2444 WudfPf - ok
06:24:57.0125 2444 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:24:57.0125 2444 WudfRd - ok
06:24:57.0156 2444 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
06:24:57.0359 2444 \Device\Harddisk0\DR0 - ok
06:24:57.0359 2444 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk1\DR1
06:24:57.0359 2444 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected
06:24:57.0359 2444 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)
06:24:57.0375 2444 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
06:25:04.0640 2444 \Device\Harddisk2\DR4 - ok
06:25:04.0640 2444 Boot (0x1200) (22f7271a25ec27230dcccd506dc23995) \Devi

#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 18 November 2011 - 12:55 PM

You were infected with a rootkit but it looks as though TDSSKiller succeeded in removing it.

Please download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe
http://download.blee...al/MBRCheck.exe
http://www.kernelmod...fo/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window, and post the contents of the log file.

Next:

Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in another reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 impitine

impitine

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 18 November 2011 - 01:26 PM

Things seem to be running fine, still slow on the internet, but I believe that is my ISP

-------


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000009c

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9A85000 kl1.sys
0xB9A65000 imagesrv.sys
0xB9A37000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9A26000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9A07000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB99EF000 atapi.sys
0xBA5AC000 imagedrv.sys
0xB99D7000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB99B7000 fltmgr.sys
0xB99A5000 sr.sys
0xB998E000 KSecDD.sys
0xB9901000 Ntfs.sys
0xB98D4000 NDIS.sys
0xB98BA000 Mup.sys
0xB9139000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8B0C000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8AF8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8ABB000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA350000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8A97000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA398000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8A6F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9129000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9119000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA138000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9876000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA148000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA158000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA168000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8A4C000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA178000 \SystemRoot\system32\DRIVERS\klim5.sys
0xBA6D6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA188000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9859000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8A35000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA198000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8A24000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\tapvpn.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\appliand.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5DA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB89C6000 \SystemRoot\system32\DRIVERS\update.sys
0xB9851000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA218000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5DC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA8334000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA8310000 \SystemRoot\system32\drivers\portcls.sys
0xBA228000 \SystemRoot\system32\drivers\drmk.sys
0xA822D000 \SystemRoot\system32\DRIVERS\klif.sys
0xB987A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA238000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA5E4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6EE000 \SystemRoot\System32\Drivers\Null.SYS
0xBA3E8000 \SystemRoot\System32\drivers\vga.sys
0xBA5E8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5EA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3F8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8956000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xBA400000 \SystemRoot\system32\DRIVERS\kl2.sys
0xB9581000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA248000 \SystemRoot\system32\DRIVERS\point32.sys
0xBA258000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA8174000 \SystemRoot\System32\Drivers\wdf01000.sys
0xBA268000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0xA8099000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8040000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA7FF0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA7FCA000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA278000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA7FA8000 \SystemRoot\System32\drivers\afd.sys
0xBA288000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA7F7D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA7F0D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA298000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA2A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA408000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA410000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA418000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA7EE9000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA7ED1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5F0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA8225000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA428000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA754000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E8000 \SystemRoot\System32\igxpdx32.DLL
0xBF691000 \SystemRoot\System32\ATMFD.DLL
0xA7D89000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7B0C000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7C39000 \SystemRoot\system32\drivers\sysaudio.sys
0xA76D1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA77EA000 \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys
0xA7601000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7160000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7231000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA6CA5000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA695C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 32):
0 System Idle Process
4 System
1796 C:\WINDOWS\system32\smss.exe
1972 csrss.exe
1996 C:\WINDOWS\system32\winlogon.exe
2040 C:\WINDOWS\system32\services.exe
164 C:\WINDOWS\system32\lsass.exe
364 C:\WINDOWS\system32\svchost.exe
452 svchost.exe
700 C:\WINDOWS\system32\svchost.exe
956 svchost.exe
1252 svchost.exe
1400 C:\WINDOWS\system32\spoolsv.exe
1856 C:\WINDOWS\explorer.exe
1948 C:\WINDOWS\system32\hkcmd.exe
1968 C:\WINDOWS\system32\igfxpers.exe
1976 C:\WINDOWS\RTHDCPL.EXE
232 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
388 C:\WINDOWS\system32\igfxsrvc.exe
512 C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
584 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
604 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
616 C:\WINDOWS\system32\ctfmon.exe
676 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
768 svchost.exe
828 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
1268 C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
1496 C:\WINDOWS\system32\HPZipm12.exe
1652 C:\WINDOWS\system32\svchost.exe
2896 alg.exe
1516 C:\WINDOWS\system32\svchost.exe
1544 C:\Documents and Settings\Dean\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST3500630AS, Rev: 3.AAK
PhysicalDrive1 Model Number: ST3320620AS, Rev: 3.AAE
PhysicalDrive2 Model Number: WDMy Book, Rev: 1028

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
298 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: 5B9B74AA8A41E8676A3B6C4F52BB9007179BF067


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

-------

ComboFix 11-11-18.02 - Dean 18/11/2011 12:15:53.3.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.2620 [GMT -6:00]
Running from: c:\documents and settings\Dean\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-17 20:59 . 2011-11-17 20:59 388096 ----a-r- c:\documents and settings\Dean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-17 20:59 . 2011-11-17 20:59 -------- d-----w- c:\program files\Trend Micro
2011-11-13 12:21 . 2011-11-13 12:21 -------- d-sh--w- c:\documents and settings\Dean\PrivacIE
2011-11-12 18:46 . 2011-11-12 18:48 -------- dc-h--w- c:\windows\ie8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 16:15 . 2011-09-01 23:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-11-28 15:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00 . 2011-09-07 19:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-12 18:53 . 2011-03-25 19:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-17 17880576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-04-11 933]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mumservice]
2011-02-02 22:45 1066304 ----a-w- c:\program files\Motorola\Software Update\mumservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-03-07 06:52 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UsbService"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"LightScribeService"=2 (0x2)
"MotoHelper.exe"=2 (0x2)
"MotoHelper"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\B7\\system\\Bin32\\oexplore.exe"=
"c:\\B7\\system\\Bin32\\activConsole.exe"=
"c:\\B7\\system\\Bin32\\UTBrowse.exe"=
"c:\\Program Files\\BitLord 1.2\\Bitlord files\\bitlord.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"12345:TCP"= 12345:TCP:Motorola Helper
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 12:23 PM 11352]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24/06/2010 1:46 PM 28256]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 5:34 PM 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 7:27 PM 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/11/2009 5:06 PM 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28/01/2010 8:17 PM 1684736]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24/06/2010 1:46 PM 28256]
S3 eltima_usb_stub;ELTIMA Usb Stub;c:\windows\system32\drivers\usbstub.sys [17/06/2010 2:17 PM 11392]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/11/2009 5:06 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [09/02/2011 3:10 PM 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [03/02/2011 2:32 PM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [03/02/2011 2:35 PM 42752]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [09/02/2011 3:10 PM 24064]
S3 U6000ALL;HDTV110 TV Box(ALL);c:\windows\system32\drivers\dmdcap.sys [29/01/2009 6:56 PM 230784]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [17/06/2010 2:17 PM 66432]
S4 MotoHelper.exe;Motorola Helper;c:\program files\Motorola\Moto Helper Service\MotoHelper.exe [14/09/2010 11:33 PM 6656]
S4 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [02/12/2010 5:48 PM 218432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 23:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 23:06]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 23:06]
.
2010-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2010-07-21 22:52]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 192.168.*.*
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Dean\Application Data\Mozilla\Firefox\Profiles\nmtlfthn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-18 12:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,74,aa,c0,35,0c,4a,40,ba,78,91,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,74,aa,c0,35,0c,4a,40,ba,78,91,\
.
Completion time: 2011-11-18 12:23:36
ComboFix-quarantined-files.txt 2011-11-18 18:23
ComboFix2.txt 2011-09-07 19:43
ComboFix3.txt 2010-05-05 17:18
.
Pre-Run: 390,394,531,840 bytes free
Post-Run: 391,802,261,504 bytes free
.
- - End Of File - - F7A7084BDB02E81EECFD1E2F17D57E9E

#6 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 18 November 2011 - 03:11 PM

Looks clean.

Is the PC slow in general, or only when surfing?

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::
Reglock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
Registry::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=-
ClearJavaCache::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#7 impitine

impitine

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 18 November 2011 - 07:19 PM

Things are running along nicely. I suppose I can turn the error notification "ding" sound back on now :thumbup: . The computer is pretty quick, the internet is slow, but the ISP says they are upgrading and I can expect THEM to be slow till the end of December, d'oh. (they gave me some $$ back at least). How can I contribute?

Here's the CFx text:

ComboFix 11-11-18.02 - Dean 18/11/2011 17:59:12.4.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.2638 [GMT -6:00]
Running from: c:\documents and settings\Dean\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dean\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-17 20:59 . 2011-11-17 20:59 388096 ----a-r- c:\documents and settings\Dean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-17 20:59 . 2011-11-17 20:59 -------- d-----w- c:\program files\Trend Micro
2011-11-13 12:21 . 2011-11-13 12:21 -------- d-sh--w- c:\documents and settings\Dean\PrivacIE
2011-11-12 18:46 . 2011-11-12 18:48 -------- dc-h--w- c:\windows\ie8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 16:15 . 2011-09-01 23:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-11-28 15:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00 . 2011-09-07 19:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-12 18:53 . 2011-03-25 19:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-17 17880576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-04-11 933]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mumservice]
2011-02-02 22:45 1066304 ----a-w- c:\program files\Motorola\Software Update\mumservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-03-07 06:52 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UsbService"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"LightScribeService"=2 (0x2)
"MotoHelper.exe"=2 (0x2)
"MotoHelper"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\B7\\system\\Bin32\\oexplore.exe"=
"c:\\B7\\system\\Bin32\\activConsole.exe"=
"c:\\B7\\system\\Bin32\\UTBrowse.exe"=
"c:\\Program Files\\BitLord 1.2\\Bitlord files\\bitlord.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"12345:TCP"= 12345:TCP:Motorola Helper
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 12:23 PM 11352]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24/06/2010 1:46 PM 28256]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 5:34 PM 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 7:27 PM 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/11/2009 5:06 PM 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28/01/2010 8:17 PM 1684736]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24/06/2010 1:46 PM 28256]
S3 eltima_usb_stub;ELTIMA Usb Stub;c:\windows\system32\drivers\usbstub.sys [17/06/2010 2:17 PM 11392]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/11/2009 5:06 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [09/02/2011 3:10 PM 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [03/02/2011 2:32 PM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [03/02/2011 2:35 PM 42752]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [09/02/2011 3:10 PM 24064]
S3 U6000ALL;HDTV110 TV Box(ALL);c:\windows\system32\drivers\dmdcap.sys [29/01/2009 6:56 PM 230784]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [17/06/2010 2:17 PM 66432]
S4 MotoHelper.exe;Motorola Helper;c:\program files\Motorola\Moto Helper Service\MotoHelper.exe [14/09/2010 11:33 PM 6656]
S4 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [02/12/2010 5:48 PM 218432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 23:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 23:06]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 23:06]
.
2010-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2010-07-21 22:52]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 192.168.*.*
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Dean\Application Data\Mozilla\Firefox\Profiles\nmtlfthn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-18 18:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3096)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Ixia\Endpoint\endpoint.exe
c:\windows\system32\HPZipm12.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\IntelAppStore\bin\serviceManager.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2011-11-18 18:14:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-19 00:14
ComboFix2.txt 2011-11-18 18:23
ComboFix3.txt 2011-09-07 19:43
ComboFix4.txt 2010-05-05 17:18
.
Pre-Run: 391,757,615,104 bytes free
Post-Run: 391,742,050,304 bytes free
.
- - End Of File - - 03D4BAB34ACF0695900BAFC06B65A1F3

#8 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 18 November 2011 - 07:28 PM

Good!

Please do this cleanup now:


Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among many other things your Restore Points will be purged and a new clean one created.

Delete the DDS files, TDSSKiller, MBRCheck, and Security Check folder from your Desktop.


And always happy for Forum donations - thanks in advance..

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#9 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 18 November 2011 - 07:44 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button