Jump to content

umshewa

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral

About umshewa

  • Birthday 04/10/1976

Profile Information

  • Location
    Alaska
  1. I think most things are solved. I'll open a new case if needed...Thank you!!
  2. The picture didn't paste...sorry.... virus.bmp
  3. I did just get this notification on my antivirus.
  4. They seem much better....I would like to fix my proxy problem. Each time I open Firefox it puts me on a proxy of 127.0.0.1 and port 52061. I would like it to stop this. I think it is doing it in Opera too. Can you help me with that? Thanks for everything so far!! This was amazing!!!
  5. ComboFix 12-02-24.02 - Mike's Music 02/28/2012 14:36:42.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1463 [GMT -9:00] Running from: c:\documents and settings\Mike's Music\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Mike's Music\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\ServicePackFiles\i386\redbook.sys --> c:\windows\system32\drivers\redbook.sys . ((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 ))))))))))))))))))))))))))))))) . . 2012-02-27 21:01 . 2012-02-27 21:01 -------- d-----w- c:\program files\ESET 2012-02-21 22:04 . 2012-02-21 22:04 -------- d-s---w- c:\documents and settings\NetworkService.NT AUTHORITY.000\UserData 2012-02-21 21:52 . 2012-02-24 00:46 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-02-21 01:34 . 2012-02-21 01:34 -------- d-----w- c:\program files\eBay 2012-02-21 01:34 . 2012-02-21 01:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\eBay 2012-02-16 00:24 . 2012-02-16 00:24 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\Citrix 2012-02-15 22:47 . 2012-02-15 22:47 -------- d-----w- c:\program files\Audible 2012-02-08 23:48 . 2012-02-08 23:48 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\Intuit 2012-02-08 23:35 . 2012-02-08 23:35 -------- d-----w- c:\documents and settings\Mike's Music\Application Data\Intuit 2012-02-08 23:34 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\IsolatedStorage 2012-02-08 23:33 . 2012-02-08 23:34 -------- d-----w- c:\program files\Common Files\Intuit 2012-02-08 23:31 . 2012-02-08 23:31 -------- d-----w- c:\program files\TurboTax 2012-02-08 23:30 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Intuit 2012-02-02 22:27 . 2012-02-02 23:41 -------- d-----w- C:\Pinger . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-07 20:51 . 2010-03-05 01:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-02-07 20:51 . 2010-03-05 01:27 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2012-02-07 20:51 . 2010-03-05 01:27 30592 ----a-w- c:\windows\system32\LMIport.dll 2012-02-07 20:51 . 2010-03-05 01:27 87424 ----a-w- c:\windows\system32\LMIinit.dll 2012-01-25 23:38 . 2012-01-25 23:38 10 ----a-w- c:\windows\Fonts\wfonts.key 2011-12-15 21:02 . 2010-03-05 01:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2011-12-15 21:02 . 2010-03-05 01:27 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak 2011-12-11 00:24 . 2010-03-19 02:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 03:37 . 2009-09-04 03:37 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 20:36 . 2010-04-08 20:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2009-09-04 03:37 . 2009-09-04 03:37 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll 2010-04-08 20:36 . 2010-04-08 20:36 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll 2012-02-18 22:03 . 2011-05-09 20:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-02-24_21.54.13 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-28 23:46 . 2012-02-28 23:46 16384 c:\windows\temp\Perflib_Perfdata_cc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-12-17 4763256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-31 7634944] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-31 86016] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048] "SetDefPrt"="c:\program files\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-27 49152] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2008-05-24 1011712] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-03 281768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-22 273544] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736] . c:\documents and settings\Mike's Music\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] . c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2012-02-07 20:51 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PGPtray.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\PGPtray.lnk backup=c:\windows\pss\PGPtray.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 03:43 69632 ----a-w- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-02-02 21:18 136176 ----atw- c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-10-31 06:35 1622016 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 20:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-07-06 01:08 16380416 ----a-w- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-10-13 18:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2007-06-16 01:45 1826816 ----a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Aji Reader Service\\ARService.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Paros\\IEEmbed.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Documents and Settings\\Mike's Music\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/17/2010 4:04 PM 136360] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 8:13 AM 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856] R2 M4-Service;M4-Service;c:\documents and settings\Mike's Music\Application Data\Mikogo 4\M4-Service.exe [8/3/2011 11:40 PM 1003888] R2 PGPmemlock;PGPmemlock;c:\windows\system32\drivers\PGPmemlock.sys [4/1/2010 9:36 AM 6656] S0 dfym;dfym;c:\windows\system32\drivers\wlurfrtl.sys --> c:\windows\system32\drivers\wlurfrtl.sys [?] S0 jndx;jndx;c:\windows\system32\drivers\xakx.sys --> c:\windows\system32\drivers\xakx.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2011 2:11 PM 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2011 2:11 PM 136176] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] . Contents of the 'Scheduled Tasks' folder . 2012-02-17 c:\windows\Tasks\AIMsi backup.job - c:\windows\system32\ntbackup.exe [2003-07-16 14:42] . 2011-05-10 c:\windows\Tasks\expressburnShakeIcon.job - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-12-02 23:47] . 2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 23:11] . 2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 23:11] . 2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1035525444-1801674531-1003Core.job - c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 21:18] . 2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1035525444-1801674531-1003UA.job - c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 21:18] . 2012-02-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1035525444-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 18:47] . 2012-02-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1035525444-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 18:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=AVBR uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.0.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-28 14:47 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-583907252-1035525444-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4A20EFFE-A0CB-5B69-CEAE-6BC814877705}*] "iafhmchhlnhjjbpmka"=hex:63,61,64,6a,6d,68,00,7c . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(668) c:\windows\system32\LMIinit.dll . - - - - - - - > 'explorer.exe'(2864) c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\progra~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\progra~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe c:\progra~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe c:\windows\System32\nvsvc32.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\progra~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe c:\documents and settings\Mike's Music\Application Data\Mikogo 4\M4-Capture.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2012-02-28 14:51:55 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-28 23:51 ComboFix2.txt 2012-02-25 21:23 ComboFix3.txt 2012-02-24 21:59 . Pre-Run: 14,871,916,544 bytes free Post-Run: 14,852,595,712 bytes free . - - End Of File - - F721476593EC94E19E57B101FF10B564
  6. Here's the next thing...thanks!!! SystemLook 30.07.11 by jpshortstuff Log created at 11:49 on 28/02/2012 by Mike's Music Administrator - Elevation successful ========== filefind ========== Searching for "*redbook*" C:\WINDOWS\$NtServicePackUninstall$\redbook.sys -----c- 57472 bytes [00:25 05/03/2010] [07:59 04/08/2004] B31B4588E4086D8D84ADBF9845C2402B C:\WINDOWS\ServicePackFiles\i386\redbook.sys -----c- 57600 bytes [00:03 05/03/2010] [09:10 14/04/2008] F828DD7E1419B6653894A8F97A0094C5 C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\backup\redbook.sys -----c- 56576 bytes [23:10 01/03/2010] [01:27 29/08/2002] AB56D6ED4E86D2B6F819A24A070F35F7 C:\WINDOWS\system32\dllcache\redbook.sys --a--c- 57600 bytes [20:03 26/02/2010] [09:10 14/04/2008] F828DD7E1419B6653894A8F97A0094C5 C:\WINDOWS\system32\drivers\redbook.sys --a---- 57600 bytes [20:03 26/02/2010] [09:10 14/04/2008] (Unable to calculate MD5) -= EOF =-
  7. Hope this all makes sense. Thanks again for the help!! # utc_time=2012-02-27 10:29:03 # local_time=2012-02-27 01:29:03 (-0900, Alaskan Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1026 16777214 0 100 63170875 96329597 0 0 # compatibility_mode=1797 16775145 100 94 261467 95736367 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=165822 # found=40 # cleaned=39 # scan_time=4767 C:\Documents and Settings\Joe\Desktop\jZipV1c.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Mike's Music\My Documents\cnet_DBFWonder1_3StandardSetup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0114164.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0118180.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0118192.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0118207.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0119206.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0119226.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0121235.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126242.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126248.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126249.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126250.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126251.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126252.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126253.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126254.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126255.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126256.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126257.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126258.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126259.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126260.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126261.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126262.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126263.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126264.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126265.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126266.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126267.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126268.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126269.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126270.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126271.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126272.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126275.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP562\A0137528.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{CB23DD1B-4F0E-46B1-A565-B8C402183FD5}\RP67\A0027123.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{CB23DD1B-4F0E-46B1-A565-B8C402183FD5}\RP67\A0028144.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\system32\drivers\redbook.sys a variant of Win32/Rootkit.Kryptik.JM trojan (unable to clean) 00000000000000000000000000000000 I
  8. Here you go.... ComboFix 12-02-24.02 - Mike's Music 02/25/2012 12:13:04.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1466 [GMT -9:00] Running from: c:\documents and settings\Mike's Music\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Mike's Music\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . FILE :: "c:\windows\system32\inetwh32.dll" "c:\windows\system32\roboex32.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Mike's Music\Application Data\C4B74 c:\documents and settings\Mike's Music\Application Data\C4B74\47F1.4B7 c:\documents and settings\Mike's Music\Desktop\System Check.lnk c:\program files\747F1 C:\Thumbs.db c:\windows\system32\inetwh32.dll c:\windows\system32\roboex32.dll . . ((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 ))))))))))))))))))))))))))))))) . . 2012-02-21 22:04 . 2012-02-21 22:04 -------- d-s---w- c:\documents and settings\NetworkService.NT AUTHORITY.000\UserData 2012-02-21 21:52 . 2012-02-24 00:46 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-02-21 01:34 . 2012-02-21 01:34 -------- d-----w- c:\program files\eBay 2012-02-21 01:34 . 2012-02-21 01:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\eBay 2012-02-16 00:24 . 2012-02-16 00:24 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\Citrix 2012-02-15 22:47 . 2012-02-15 22:47 -------- d-----w- c:\program files\Audible 2012-02-08 23:48 . 2012-02-08 23:48 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\Intuit 2012-02-08 23:35 . 2012-02-08 23:35 -------- d-----w- c:\documents and settings\Mike's Music\Application Data\Intuit 2012-02-08 23:34 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\IsolatedStorage 2012-02-08 23:33 . 2012-02-08 23:34 -------- d-----w- c:\program files\Common Files\Intuit 2012-02-08 23:31 . 2012-02-08 23:31 -------- d-----w- c:\program files\TurboTax 2012-02-08 23:30 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Intuit 2012-02-02 22:27 . 2012-02-02 23:41 -------- d-----w- C:\Pinger . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-07 20:51 . 2010-03-05 01:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-02-07 20:51 . 2010-03-05 01:27 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2012-02-07 20:51 . 2010-03-05 01:27 30592 ----a-w- c:\windows\system32\LMIport.dll 2012-02-07 20:51 . 2010-03-05 01:27 87424 ----a-w- c:\windows\system32\LMIinit.dll 2012-01-25 23:38 . 2012-01-25 23:38 10 ----a-w- c:\windows\Fonts\wfonts.key 2011-12-15 21:02 . 2010-03-05 01:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2011-12-15 21:02 . 2010-03-05 01:27 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak 2011-12-11 00:24 . 2010-03-19 02:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 03:37 . 2009-09-04 03:37 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 20:36 . 2010-04-08 20:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2009-09-04 03:37 . 2009-09-04 03:37 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll 2010-04-08 20:36 . 2010-04-08 20:36 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll 2012-02-18 22:03 . 2011-05-09 20:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-02-24_21.54.13 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-25 21:09 . 2012-02-25 21:09 16384 c:\windows\Temp\Perflib_Perfdata_148.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-12-17 4763256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-31 7634944] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-31 86016] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048] "SetDefPrt"="c:\program files\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-27 49152] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2008-05-24 1011712] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-03 281768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-22 273544] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736] . c:\documents and settings\Mike's Music\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] . c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2012-02-07 20:51 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PGPtray.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\PGPtray.lnk backup=c:\windows\pss\PGPtray.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 03:43 69632 ----a-w- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-02-02 21:18 136176 ----atw- c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-10-31 06:35 1622016 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 20:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-07-06 01:08 16380416 ----a-w- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-10-13 18:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2007-06-16 01:45 1826816 ----a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Aji Reader Service\\ARService.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Paros\\IEEmbed.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Documents and Settings\\Mike's Music\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/17/2010 4:04 PM 136360] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 8:13 AM 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856] R2 PGPmemlock;PGPmemlock;c:\windows\system32\drivers\PGPmemlock.sys [4/1/2010 9:36 AM 6656] S0 dfym;dfym;c:\windows\system32\drivers\wlurfrtl.sys --> c:\windows\system32\drivers\wlurfrtl.sys [?] S0 jndx;jndx;c:\windows\system32\drivers\xakx.sys --> c:\windows\system32\drivers\xakx.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2011 2:11 PM 136176] S2 M4-Service;M4-Service;c:\documents and settings\Mike's Music\Application Data\Mikogo 4\M4-Service.exe [8/3/2011 11:40 PM 1003888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2011 2:11 PM 136176] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] . Contents of the 'Scheduled Tasks' folder . 2012-02-17 c:\windows\Tasks\AIMsi backup.job - c:\windows\system32\ntbackup.exe [2003-07-16 14:42] . 2011-05-10 c:\windows\Tasks\expressburnShakeIcon.job - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-12-02 23:47] . 2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 23:11] . 2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 23:11] . 2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1035525444-1801674531-1003Core.job - c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 21:18] . 2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1035525444-1801674531-1003UA.job - c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 21:18] . 2012-02-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1035525444-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 18:47] . 2012-02-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1035525444-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 18:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=AVBR uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.0.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-25 12:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-583907252-1035525444-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4A20EFFE-A0CB-5B69-CEAE-6BC814877705}*] "iafhmchhlnhjjbpmka"=hex:63,61,64,6a,6d,68,00,7c . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(664) c:\windows\system32\LMIinit.dll . Completion time: 2012-02-25 12:23:44 ComboFix-quarantined-files.txt 2012-02-25 21:23 ComboFix2.txt 2012-02-24 21:59 . Pre-Run: 15,054,090,240 bytes free Post-Run: 15,035,129,856 bytes free . - - End Of File - - 7B31C22F5A425990686BE54AD21C2465
  9. Thank you. Here is the ComboFix.txt file. Also, just to make sure, I still have some proxy thing automaticly starting with my browser. I'm using firefox. Just making sure you know this. Thank you again for your help!! ComboFix 12-02-24.02 - Mike's Music 02/24/2012 12:36:14.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1529 [GMT -9:00] Running from: c:\documents and settings\Mike's Music\My Documents\CW Musical\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ADS - WINDOWS: deleted 72 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users.WINDOWS\Application Data\~zDyjS4nzjxmJwu c:\documents and settings\All Users.WINDOWS\Application Data\~zDyjS4nzjxmJwur c:\documents and settings\All Users.WINDOWS\Application Data\TEMP c:\documents and settings\All Users.WINDOWS\Application Data\zDyjS4nzjxmJwu c:\documents and settings\Charlie\Local Settings\Temporary Internet Files\fbk.sts c:\documents and settings\Joe\g2mdlhlpx.exe c:\documents and settings\Joe\WINDOWS c:\documents and settings\Mike's Music\Application Data\EurekaLog c:\documents and settings\Mike's Music\g2mdlhlpx.exe c:\documents and settings\Mike's Music\GoToAssistDownloadHelper.exe c:\documents and settings\Mike's Music\Start Menu\Programs\System Check c:\documents and settings\Mike's Music\Start Menu\Programs\System Check\System Check.lnk c:\documents and settings\Mike's Music\Start Menu\Programs\System Check\Uninstall System Check.lnk c:\program files\iexplorer c:\program files\iexplorer\AxInterop.QTOControlLib.dll c:\program files\iexplorer\ICSharpCode.SharpZipLib.dll c:\program files\iexplorer\iExplorer.exe c:\program files\iexplorer\Interop.QTOControlLib.dll c:\program files\iexplorer\Interop.QTOLibrary.dll c:\program files\iexplorer\isxdl.dll c:\program files\iexplorer\MPCrashReporter.dll c:\program files\iexplorer\MPUpdater.dll c:\program files\iexplorer\msvcr71.dll c:\program files\iexplorer\PodPhone2.dll c:\program files\iexplorer\unins000.dat c:\program files\iexplorer\unins000.exe c:\program files\iexplorer\unins000.msg c:\program files\LP c:\program files\LP\BC6C\16.tmp c:\program files\LP\BC6C\17.tmp c:\program files\LP\BC6C\18.tmp c:\program files\WinPCap c:\program files\WinPCap\LICENSE c:\program files\WinPCap\rpcapd.exe c:\program files\WinPCap\uninstall.exe c:\windows\$NtUninstallKB54259$ c:\windows\$NtUninstallKB54259$\2474209116 c:\windows\$NtUninstallKB54259$\936043577\@ c:\windows\$NtUninstallKB54259$\936043577\cfg.ini c:\windows\$NtUninstallKB54259$\936043577\Desktop.ini c:\windows\$NtUninstallKB54259$\936043577\L\mwfklnci c:\windows\$NtUninstallKB54259$\936043577\oemid c:\windows\$NtUninstallKB54259$\936043577\U\00000001.@ c:\windows\$NtUninstallKB54259$\936043577\U\00000002.@ c:\windows\$NtUninstallKB54259$\936043577\U\00000004.@ c:\windows\$NtUninstallKB54259$\936043577\U\80000000.@ c:\windows\$NtUninstallKB54259$\936043577\U\80000004.@ c:\windows\$NtUninstallKB54259$\936043577\U\80000032.@ c:\windows\$NtUninstallKB54259$\936043577\version . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_6TO4 -------\Legacy_NETWORKLOG -------\Service_6to4 . . ((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 ))))))))))))))))))))))))))))))) . . 2012-02-21 22:04 . 2012-02-21 22:04 -------- d-s---w- c:\documents and settings\NetworkService.NT AUTHORITY.000\UserData 2012-02-21 21:52 . 2012-02-24 00:46 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-02-21 20:46 . 2012-02-21 20:46 -------- d-----w- c:\program files\747F1 2012-02-21 20:45 . 2012-02-22 21:42 -------- d-----w- c:\documents and settings\Mike's Music\Application Data\C4B74 2012-02-21 01:34 . 2012-02-21 01:34 -------- d-----w- c:\program files\eBay 2012-02-21 01:34 . 2012-02-21 01:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\eBay 2012-02-16 00:24 . 2012-02-16 00:24 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\Citrix 2012-02-15 22:47 . 2012-02-15 22:47 -------- d-----w- c:\program files\Audible 2012-02-08 23:48 . 2012-02-08 23:48 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\Intuit 2012-02-08 23:35 . 2012-02-08 23:35 -------- d-----w- c:\documents and settings\Mike's Music\Application Data\Intuit 2012-02-08 23:34 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\IsolatedStorage 2012-02-08 23:33 . 2012-02-08 23:34 -------- d-----w- c:\program files\Common Files\Intuit 2012-02-08 23:31 . 2012-02-08 23:31 -------- d-----w- c:\program files\TurboTax 2012-02-08 23:30 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Intuit 2012-02-04 00:36 . 2012-02-04 00:36 49152 ----a-r- c:\windows\system32\inetwh32.dll 2012-02-04 00:36 . 2012-02-04 00:36 1044480 ----a-r- c:\windows\system32\roboex32.dll 2012-02-02 22:27 . 2012-02-02 23:41 -------- d-----w- C:\Pinger . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-07 20:51 . 2010-03-05 01:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-02-07 20:51 . 2010-03-05 01:27 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2012-02-07 20:51 . 2010-03-05 01:27 30592 ----a-w- c:\windows\system32\LMIport.dll 2012-02-07 20:51 . 2010-03-05 01:27 87424 ----a-w- c:\windows\system32\LMIinit.dll 2012-01-25 23:38 . 2012-01-25 23:38 10 ----a-w- c:\windows\Fonts\wfonts.key 2011-12-15 21:02 . 2010-03-05 01:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2011-12-15 21:02 . 2010-03-05 01:27 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak 2011-12-11 00:24 . 2010-03-19 02:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 03:37 . 2009-09-04 03:37 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 20:36 . 2010-04-08 20:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2009-09-04 03:37 . 2009-09-04 03:37 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll 2010-04-08 20:36 . 2010-04-08 20:36 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll 2012-02-18 22:03 . 2011-05-09 20:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-12-17 4763256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-31 7634944] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-31 86016] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048] "SetDefPrt"="c:\program files\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-27 49152] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2008-05-24 1011712] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-03 281768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-22 273544] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736] . c:\documents and settings\Mike's Music\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] . c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2012-02-07 20:51 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PGPtray.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\PGPtray.lnk backup=c:\windows\pss\PGPtray.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 03:43 69632 ----a-w- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-02-02 21:18 136176 ----atw- c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-10-31 06:35 1622016 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 20:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-07-06 01:08 16380416 ----a-w- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-10-13 18:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2007-06-16 01:45 1826816 ----a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Aji Reader Service\\ARService.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Paros\\IEEmbed.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Documents and Settings\\Mike's Music\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/17/2010 4:04 PM 136360] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 8:13 AM 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856] R2 M4-Service;M4-Service;c:\documents and settings\Mike's Music\Application Data\Mikogo 4\M4-Service.exe [8/3/2011 11:40 PM 1003888] R2 PGPmemlock;PGPmemlock;c:\windows\system32\drivers\PGPmemlock.sys [4/1/2010 9:36 AM 6656] S0 dfym;dfym;c:\windows\system32\drivers\wlurfrtl.sys --> c:\windows\system32\drivers\wlurfrtl.sys [?] S0 jndx;jndx;c:\windows\system32\drivers\xakx.sys --> c:\windows\system32\drivers\xakx.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2011 2:11 PM 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2011 2:11 PM 136176] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] . NETSVCS REQUIRES REPAIRS - current entries shown 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman mcmscsvc GoToAssist mctskshd.exe w300bus DCFS2K a016obex lxce_device winvnc4 BCMModem se58nd5 viaagp protectionservice nisum bdftdif digirefresh rapapp mcproxy tdimsys smstsmgr RSAFAL quickhealfirewall Mtlmnt5 mscsptisrv iolo_srv s117mdfl GTF32BUS Atmuni emAudio LwUsbHid govsrv dlcj_device symredrv PCDRSRVC Ktp U2SP ISODrive s217obex ventrilo slpmonx rtl8023 avidstartup smartscaps WscNetDr NETMDUSB epoxusdm tossmbnt alcaudsl iaimtv1 admservice tvtnetwk avgtdi upsentry_smart ctmmfilt roxmediadb roxliveshare w550bus GV600_4 VHidMinidrv PSI_SVC_2 SISNICXP s616unic defwatch mssql$microsoftsmlbiz M2500 rdnaoflsvc stylexphelper npapimon gearsecurity PCTINDIS5 ca-messagequeuing atitunep sit_mdm se2Bnd5 tomcatcws3 clmtomcatstartersvc nipxirmu motoswitchservice SaiNtSub symappcore iaimfp2 vmnetdhcp cmdmon btserial slimsvc R300 k750bus VNUSB IFPUSB oraclexeclragent om518p penrendezvous PEVSystemStart fasttrackinstallerservice vmsprog WacomVKHid SANDRA VAIOMediaPlatform-MusicServer-HTTP dlaboiom aswlsvc besclient zmxpzip atimtag NETw3x32 NVR0Dev s716nd5 ipassconnectengine twotrack qbfcservice dm1service hpzius12 hpt3xx snare iaimfp0 wintabservice db2das00 vwd LEX_AS_NIC_SERVICE_YNOS symantecantibotagent athr CTEDSPIO.DLL vncdrv ihcservice portio smapint LXARScan npkcusb sonypvs1 vpcusb sonicwall_netextender elnkupdateservice Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt TermService wuauserv BITS ShellHWDetection helpsvc xmlprov wscsvc WmdmPmSN napagent hkmsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . . Contents of the 'Scheduled Tasks' folder . 2012-02-17 c:\windows\Tasks\AIMsi backup.job - c:\windows\system32\ntbackup.exe [2003-07-16 14:42] . 2011-05-10 c:\windows\Tasks\expressburnShakeIcon.job - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-12-02 23:47] . 2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 23:11] . 2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 23:11] . 2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1035525444-1801674531-1003Core.job - c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 21:18] . 2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1035525444-1801674531-1003UA.job - c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 21:18] . 2012-02-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1035525444-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 18:47] . 2012-02-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1035525444-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 18:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=AVBR uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files\iExplorer\unins000.exe AddRemove-313212019.www1.movie-promo.com - c:\program files\Microsoft Silverlight\4.0.60129.0\Silverlight.Configuration.exe AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Mike's Music\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-24 12:54 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-583907252-1035525444-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4A20EFFE-A0CB-5B69-CEAE-6BC814877705}*] "iafhmchhlnhjjbpmka"=hex:63,61,64,6a,6d,68,00,7c . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(668) c:\windows\system32\LMIinit.dll . - - - - - - - > 'explorer.exe'(2388) c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll c:\windows\system32\LMIRfsClientNP.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\progra~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\progra~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\progra~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe c:\windows\System32\nvsvc32.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\progra~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe c:\documents and settings\Mike's Music\Application Data\Mikogo 4\M4-Capture.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2012-02-24 12:59:30 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-24 21:59 . Pre-Run: 14,157,324,288 bytes free Post-Run: 15,050,653,696 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - AFFF1B782AFE03703F3CEEC458AE9D2A
  10. OK, so I finally got everything you want. Please note that this is my work computer and being 12 hours differance this is getting very hard. I've been out of a computer now 3 days because of time differance. If there is anything I can do in steps please tell me everything. I can't be doing one step this day and this step tomorrow....I need to get this fixed. I do appriciate your help please know. This is just killing me at getting work done! I have the log files for you but please know that I'm still having the firefox problem with starting with a proxy server. I can disable it everytime I go online but I would like to fix that too! Thank you for your help!! TDSSKiller log 15:51:50.0890 3572 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14 15:51:51.0546 3572 ============================================================ 15:51:51.0562 3572 Current date / time: 2012/02/23 15:51:51.0546 15:51:51.0562 3572 SystemInfo: 15:51:51.0562 3572 15:51:51.0562 3572 OS Version: 5.1.2600 ServicePack: 3.0 15:51:51.0562 3572 Product type: Workstation 15:51:51.0562 3572 ComputerName: OFC2 15:51:51.0562 3572 UserName: Mike's Music 15:51:51.0562 3572 Windows directory: C:\WINDOWS 15:51:51.0562 3572 System windows directory: C:\WINDOWS 15:51:51.0562 3572 Processor architecture: Intel x86 15:51:51.0562 3572 Number of processors: 1 15:51:51.0562 3572 Page size: 0x1000 15:51:51.0562 3572 Boot type: Normal boot 15:51:51.0562 3572 ============================================================ 15:51:53.0109 3572 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:51:53.0109 3572 \Device\Harddisk0\DR0: 15:51:53.0109 3572 MBR used 15:51:53.0109 3572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1 15:51:53.0187 3572 Initialize success 15:51:53.0187 3572 ============================================================ 15:51:57.0406 4032 ============================================================ 15:51:57.0406 4032 Scan started 15:51:57.0406 4032 Mode: Manual; SigCheck; TDLFS; 15:51:57.0406 4032 ============================================================ 15:51:57.0625 4032 Abiosdsk - ok 15:51:57.0687 4032 abp480n5 - ok 15:51:57.0734 4032 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:51:59.0125 4032 ACPI - ok 15:51:59.0203 4032 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 15:51:59.0531 4032 ACPIEC - ok 15:51:59.0578 4032 adpu160m - ok 15:51:59.0640 4032 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 15:51:59.0781 4032 aec - ok 15:51:59.0843 4032 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 15:52:00.0109 4032 AFD - ok 15:52:00.0109 4032 Aha154x - ok 15:52:00.0140 4032 aic78u2 - ok 15:52:00.0203 4032 aic78xx - ok 15:52:00.0234 4032 AliIde - ok 15:52:00.0234 4032 amsint - ok 15:52:00.0328 4032 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys 15:52:00.0453 4032 AnyDVD - ok 15:52:00.0468 4032 asc - ok 15:52:00.0484 4032 asc3350p - ok 15:52:00.0500 4032 asc3550 - ok 15:52:00.0625 4032 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:52:01.0015 4032 AsyncMac - ok 15:52:01.0062 4032 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 15:52:01.0250 4032 atapi - ok 15:52:01.0250 4032 Atdisk - ok 15:52:01.0296 4032 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:52:01.0593 4032 Atmarpc - ok 15:52:01.0625 4032 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 15:52:01.0843 4032 audstub - ok 15:52:01.0906 4032 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 15:52:01.0921 4032 avgio - ok 15:52:01.0953 4032 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 15:52:02.0031 4032 avgntflt - ok 15:52:02.0078 4032 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 15:52:02.0187 4032 avipbb - ok 15:52:02.0234 4032 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 15:52:02.0406 4032 Beep - ok 15:52:02.0468 4032 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys 15:52:02.0546 4032 BrPar ( UnsignedFile.Multi.Generic ) - warning 15:52:02.0546 4032 BrPar - detected UnsignedFile.Multi.Generic (1) 15:52:02.0578 4032 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 15:52:02.0781 4032 cbidf2k - ok 15:52:02.0796 4032 cd20xrnt - ok 15:52:02.0828 4032 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 15:52:03.0140 4032 Cdaudio - ok 15:52:03.0187 4032 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 15:52:03.0515 4032 Cdfs - ok 15:52:03.0546 4032 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:52:03.0703 4032 Cdrom - ok 15:52:03.0703 4032 Changer - ok 15:52:03.0734 4032 CmdIde - ok 15:52:03.0750 4032 Cpqarray - ok 15:52:03.0750 4032 dac2w2k - ok 15:52:03.0765 4032 dac960nt - ok 15:52:03.0781 4032 dfym - ok 15:52:03.0812 4032 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 15:52:04.0015 4032 Disk - ok 15:52:04.0093 4032 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 15:52:04.0343 4032 dmboot - ok 15:52:04.0375 4032 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 15:52:04.0781 4032 dmio - ok 15:52:04.0812 4032 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 15:52:05.0093 4032 dmload - ok 15:52:05.0156 4032 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 15:52:05.0718 4032 DMusic - ok 15:52:05.0734 4032 dpti2o - ok 15:52:05.0781 4032 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 15:52:05.0890 4032 drmkaud - ok 15:52:05.0921 4032 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 15:52:05.0953 4032 ElbyCDIO - ok 15:52:06.0000 4032 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 15:52:06.0484 4032 Fastfat - ok 15:52:06.0562 4032 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 15:52:06.0875 4032 Fdc - ok 15:52:06.0906 4032 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 15:52:07.0093 4032 Fips - ok 15:52:07.0171 4032 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 15:52:07.0421 4032 Flpydisk - ok 15:52:07.0500 4032 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 15:52:07.0906 4032 FltMgr - ok 15:52:07.0953 4032 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:52:08.0109 4032 Fs_Rec - ok 15:52:08.0125 4032 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:52:08.0500 4032 Ftdisk - ok 15:52:08.0531 4032 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 15:52:08.0593 4032 GEARAspiWDM - ok 15:52:08.0656 4032 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:52:09.0000 4032 Gpc - ok 15:52:09.0093 4032 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:52:09.0109 4032 HDAudBus ( UnsignedFile.Multi.Generic ) - warning 15:52:09.0109 4032 HDAudBus - detected UnsignedFile.Multi.Generic (1) 15:52:09.0171 4032 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:52:09.0281 4032 HidUsb - ok 15:52:09.0281 4032 hpn - ok 15:52:09.0312 4032 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 15:52:09.0421 4032 HTTP - ok 15:52:09.0437 4032 i2omgmt - ok 15:52:09.0468 4032 i2omp - ok 15:52:09.0515 4032 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:52:09.0906 4032 i8042prt - ok 15:52:09.0906 4032 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 15:52:10.0031 4032 Imapi - ok 15:52:10.0046 4032 ini910u - ok 15:52:10.0250 4032 IntcAzAudAddService (1ebde650d97a8eccdc1cc4a0804647cd) C:\WINDOWS\system32\drivers\RtkHDAud.sys 15:52:10.0703 4032 IntcAzAudAddService - ok 15:52:10.0765 4032 IntelIde - ok 15:52:10.0875 4032 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 15:52:11.0281 4032 ip6fw - ok 15:52:11.0531 4032 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:52:12.0640 4032 IpFilterDriver - ok 15:52:12.0750 4032 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:52:12.0890 4032 IpInIp - ok 15:52:12.0937 4032 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:52:13.0031 4032 IpNat - ok 15:52:13.0062 4032 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:52:13.0390 4032 IPSec - ok 15:52:13.0421 4032 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 15:52:13.0781 4032 IRENUM - ok 15:52:13.0812 4032 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:52:13.0953 4032 isapnp - ok 15:52:13.0968 4032 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:52:14.0078 4032 Kbdclass - ok 15:52:14.0125 4032 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 15:52:14.0421 4032 kmixer - ok 15:52:14.0468 4032 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 15:52:14.0937 4032 KSecDD - ok 15:52:14.0953 4032 lbrtfdc - ok 15:52:15.0125 4032 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 15:52:15.0140 4032 LMIInfo - ok 15:52:15.0171 4032 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 15:52:15.0187 4032 lmimirr - ok 15:52:15.0187 4032 LMIRfsClientNP - ok 15:52:15.0203 4032 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 15:52:15.0218 4032 LMIRfsDriver - ok 15:52:15.0281 4032 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 15:52:15.0484 4032 mnmdd - ok 15:52:15.0546 4032 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 15:52:15.0750 4032 Modem - ok 15:52:15.0828 4032 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys 15:52:16.0078 4032 motmodem - ok 15:52:16.0203 4032 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:52:16.0546 4032 Mouclass - ok 15:52:16.0609 4032 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 15:52:16.0750 4032 MountMgr - ok 15:52:16.0843 4032 mraid35x - ok 15:52:16.0906 4032 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:52:17.0156 4032 MRxDAV - ok 15:52:17.0171 4032 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:52:17.0437 4032 MRxSmb - ok 15:52:17.0500 4032 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 15:52:17.0609 4032 Msfs - ok 15:52:17.0625 4032 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:52:17.0906 4032 MSKSSRV - ok 15:52:17.0937 4032 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:52:18.0281 4032 MSPCLOCK - ok 15:52:18.0296 4032 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 15:52:18.0640 4032 MSPQM - ok 15:52:18.0671 4032 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:52:18.0765 4032 mssmbios - ok 15:52:18.0828 4032 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 15:52:18.0921 4032 Mup - ok 15:52:18.0953 4032 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 15:52:19.0421 4032 NDIS - ok 15:52:19.0453 4032 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:52:19.0640 4032 NdisTapi - ok 15:52:19.0671 4032 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:52:19.0859 4032 Ndisuio - ok 15:52:19.0906 4032 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:52:20.0312 4032 NdisWan - ok 15:52:20.0328 4032 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 15:52:20.0437 4032 NDProxy - ok 15:52:20.0468 4032 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 15:52:20.0562 4032 NetBIOS - ok 15:52:20.0593 4032 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 15:52:21.0156 4032 NetBT - ok 15:52:21.0312 4032 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 15:52:21.0625 4032 Npfs - ok 15:52:21.0703 4032 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 15:52:22.0078 4032 Ntfs - ok 15:52:22.0109 4032 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 15:52:22.0312 4032 Null - ok 15:52:22.0453 4032 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 15:52:23.0343 4032 nv - ok 15:52:23.0421 4032 nvata (9eccd189a9554c30a0d18a429778c7ba) C:\WINDOWS\system32\DRIVERS\nvata.sys 15:52:23.0593 4032 nvata - ok 15:52:23.0687 4032 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 15:52:23.0890 4032 NVENETFD - ok 15:52:23.0921 4032 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 15:52:24.0187 4032 nvnetbus - ok 15:52:24.0203 4032 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:52:24.0343 4032 NwlnkFlt - ok 15:52:24.0359 4032 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:52:24.0781 4032 NwlnkFwd - ok 15:52:24.0828 4032 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 15:52:25.0000 4032 Parport - ok 15:52:25.0093 4032 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 15:52:25.0375 4032 PartMgr - ok 15:52:25.0437 4032 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 15:52:25.0890 4032 ParVdm - ok 15:52:25.0953 4032 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 15:52:26.0203 4032 PCI - ok 15:52:26.0203 4032 PCIDump - ok 15:52:26.0265 4032 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 15:52:26.0437 4032 PCIIde - ok 15:52:26.0500 4032 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 15:52:26.0609 4032 Pcmcia - ok 15:52:26.0625 4032 PDCOMP - ok 15:52:26.0640 4032 PDFRAME - ok 15:52:26.0671 4032 PDRELI - ok 15:52:26.0703 4032 PDRFRAME - ok 15:52:26.0703 4032 perc2 - ok 15:52:26.0750 4032 perc2hib - ok 15:52:26.0828 4032 PGPmemlock (a549dc21b37f1eece4e89acc993aaabb) C:\WINDOWS\system32\drivers\PGPmemlock.sys 15:52:26.0953 4032 PGPmemlock ( UnsignedFile.Multi.Generic ) - warning 15:52:26.0953 4032 PGPmemlock - detected UnsignedFile.Multi.Generic (1) 15:52:27.0000 4032 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:52:27.0312 4032 PptpMiniport - ok 15:52:27.0421 4032 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 15:52:28.0187 4032 Processor - ok 15:52:28.0250 4032 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 15:52:28.0515 4032 PSched - ok 15:52:28.0578 4032 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:52:28.0843 4032 Ptilink - ok 15:52:28.0843 4032 ql1080 - ok 15:52:28.0875 4032 Ql10wnt - ok 15:52:28.0890 4032 ql12160 - ok 15:52:28.0906 4032 ql1240 - ok 15:52:28.0921 4032 ql1280 - ok 15:52:28.0968 4032 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:52:29.0343 4032 RasAcd - ok 15:52:29.0390 4032 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:52:29.0531 4032 Rasl2tp - ok 15:52:29.0640 4032 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:52:29.0875 4032 RasPppoe - ok 15:52:29.0921 4032 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 15:52:30.0078 4032 Raspti - ok 15:52:30.0093 4032 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:52:30.0390 4032 Rdbss - ok 15:52:30.0437 4032 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:52:30.0562 4032 RDPCDD - ok 15:52:30.0640 4032 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:52:31.0281 4032 rdpdr - ok 15:52:31.0312 4032 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 15:52:31.0437 4032 RDPWD - ok 15:52:31.0625 4032 redbook (cce6de646a2a9691cad011937cb59f70) C:\WINDOWS\system32\DRIVERS\redbook.sys 15:52:31.0703 4032 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\redbook.sys. md5: cce6de646a2a9691cad011937cb59f70 15:52:31.0703 4032 redbook ( LockedFile.Multi.Generic ) - warning 15:52:31.0703 4032 redbook - detected LockedFile.Multi.Generic (1) 15:52:31.0796 4032 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:52:31.0984 4032 Secdrv - ok 15:52:32.0156 4032 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 15:52:32.0515 4032 serenum - ok 15:52:32.0625 4032 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 15:52:54.0453 4032 Serial - ok 15:52:54.0531 4032 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 15:52:54.0734 4032 Sfloppy - ok 15:52:54.0765 4032 Simbad - ok 15:52:54.0859 4032 Sparrow - ok 15:52:54.0906 4032 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 15:52:55.0140 4032 splitter - ok 15:52:55.0187 4032 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 15:52:55.0515 4032 sr - ok 15:52:55.0609 4032 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 15:52:55.0921 4032 Srv - ok 15:52:55.0953 4032 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 15:52:55.0968 4032 ssmdrv - ok 15:52:56.0015 4032 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 15:52:56.0312 4032 StillCam - ok 15:52:56.0343 4032 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 15:52:56.0531 4032 swenum - ok 15:52:56.0640 4032 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 15:52:56.0937 4032 swmidi - ok 15:52:57.0031 4032 symc810 - ok 15:52:57.0125 4032 symc8xx - ok 15:52:57.0140 4032 sym_hi - ok 15:52:57.0171 4032 sym_u3 - ok 15:52:57.0218 4032 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 15:52:57.0593 4032 sysaudio - ok 15:52:57.0656 4032 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:52:58.0031 4032 Tcpip - ok 15:52:58.0078 4032 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 15:52:58.0218 4032 TDPIPE - ok 15:52:58.0265 4032 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 15:52:58.0593 4032 TDTCP - ok 15:52:58.0625 4032 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 15:52:58.0781 4032 TermDD - ok 15:52:58.0796 4032 TosIde - ok 15:52:58.0890 4032 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 15:52:59.0218 4032 Udfs - ok 15:52:59.0250 4032 ultra - ok 15:52:59.0312 4032 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 15:52:59.0859 4032 Update - ok 15:52:59.0937 4032 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 15:53:00.0406 4032 USBAAPL - ok 15:53:00.0500 4032 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:53:00.0906 4032 usbccgp - ok 15:53:00.0968 4032 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:53:01.0109 4032 usbehci - ok 15:53:01.0140 4032 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:53:01.0281 4032 usbhub - ok 15:53:01.0296 4032 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 15:53:01.0515 4032 usbohci - ok 15:53:01.0546 4032 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:53:01.0734 4032 usbscan - ok 15:53:01.0765 4032 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:53:02.0046 4032 USBSTOR - ok 15:53:02.0078 4032 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 15:53:02.0218 4032 VgaSave - ok 15:53:02.0218 4032 ViaIde - ok 15:53:02.0250 4032 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 15:53:02.0531 4032 VolSnap - ok 15:53:02.0593 4032 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:53:02.0828 4032 Wanarp - ok 15:53:02.0906 4032 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 15:53:02.0953 4032 Wdf01000 - ok 15:53:02.0953 4032 WDICA - ok 15:53:03.0000 4032 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 15:53:03.0343 4032 wdmaud - ok 15:53:03.0656 4032 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 15:53:03.0828 4032 WS2IFSL - ok 15:53:03.0968 4032 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 15:53:04.0156 4032 \Device\Harddisk0\DR0 - ok 15:53:04.0156 4032 Boot (0x1200) (4443162ff56254fd0dad60b375312fcc) \Device\Harddisk0\DR0\Partition0 15:53:04.0156 4032 \Device\Harddisk0\DR0\Partition0 - ok 15:53:04.0156 4032 ============================================================ 15:53:04.0156 4032 Scan finished 15:53:04.0156 4032 ============================================================ 15:53:04.0296 3880 Detected object count: 4 15:53:04.0296 3880 Actual detected object count: 4 15:54:10.0578 3880 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user 15:54:10.0578 3880 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:54:10.0578 3880 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user 15:54:10.0578 3880 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:54:10.0578 3880 PGPmemlock ( UnsignedFile.Multi.Generic ) - skipped by user 15:54:10.0578 3880 PGPmemlock ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:54:10.0578 3880 redbook ( LockedFile.Multi.Generic ) - skipped by user 15:54:10.0578 3880 redbook ( LockedFile.Multi.Generic ) - User select action: Skip 15:54:14.0828 0624 Deinitialize success Malwarebytes' Anti-Malware log Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.23.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Mike's Music :: OFC2 [administrator] 2/23/2012 3:56:53 PM mbam-log-2012-02-23 (15-56-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 370707 Time elapsed: 1 hour(s), 36 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\zDyjS4nzjxmJwu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. (end) DDS log file . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21 Run by Mike's Music at 17:54:15 on 2012-02-23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1416 [GMT -9:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Documents and Settings\Mike's Music\Application Data\Mikogo 4\M4-Service.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe C:\Documents and Settings\Mike's Music\Application Data\Mikogo 4\M4-Capture.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=AVBR uSearch Page = hxxp://www.bing.com/?pc=AVBR uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe" uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe uRun: [Google Update] "c:\documents and settings\mike's music\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [setDefPrt] c:\program files\brother\brmfl05c\BrStDvPt.exe mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\mike's~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: mswsock.dll Trusted Zone: intuit.com\ttlc DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/E/1/F/E1F6B9B3-49AA-42BB-9115-D9FB57768CC2/wmavax.CAB DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267483563402 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{8B4BF036-8AC2-4A69-9BFD-6FFFFBABE2FF} : DhcpNameServer = 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: LMIinit - LMIinit.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-17 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-17 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-17 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-17 66616] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-3-4 47640] R2 M4-Service;M4-Service;c:\documents and settings\mike's music\application data\mikogo 4\M4-Service.exe [2011-8-3 1003888] R2 PGPmemlock;PGPmemlock;c:\windows\system32\drivers\PGPmemlock.sys [2010-4-1 6656] S0 dfym;dfym;c:\windows\system32\drivers\wlurfrtl.sys --> c:\windows\system32\drivers\wlurfrtl.sys [?] S0 jndx;jndx;c:\windows\system32\drivers\xakx.sys --> c:\windows\system32\drivers\xakx.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-27 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-27 136176] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2012-02-21 21:52:57 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-02-21 20:46:24 -------- d-----w- c:\program files\747F1 2012-02-21 20:45:57 -------- d-----w- c:\program files\LP 2012-02-21 20:45:57 -------- d-----w- c:\documents and settings\mike's music\application data\C4B74 2012-02-21 01:34:26 -------- d-----w- c:\program files\eBay 2012-02-21 01:34:26 -------- d-----w- c:\documents and settings\all users.windows\eBay 2012-02-16 00:24:21 -------- d-----w- c:\documents and settings\mike's music\local settings\application data\Citrix 2012-02-16 00:24:19 102248 ----a-w- c:\documents and settings\mike's music\GoToAssistDownloadHelper.exe 2012-02-15 22:47:00 -------- d-----w- c:\program files\Audible 2012-02-08 23:48:37 -------- d-----w- c:\documents and settings\mike's music\local settings\application data\Intuit 2012-02-08 23:35:28 -------- d-----w- c:\documents and settings\mike's music\application data\Intuit 2012-02-08 23:34:00 -------- d-----w- c:\documents and settings\mike's music\local settings\application data\IsolatedStorage 2012-02-08 23:33:57 -------- d-----w- c:\program files\common files\Intuit 2012-02-08 23:31:00 -------- d-----w- c:\program files\TurboTax 2012-02-08 23:30:39 -------- d-----w- c:\documents and settings\all users.windows\application data\Intuit 2012-02-04 00:36:22 49152 ----a-r- c:\windows\system32\inetwh32.dll 2012-02-04 00:36:22 1044480 ----a-r- c:\windows\system32\roboex32.dll 2012-02-02 22:27:15 -------- d-----w- C:\Pinger . ==================== Find3M ==================== . 2012-02-07 20:51:52 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-02-07 20:51:52 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2012-02-07 20:51:51 87424 ----a-w- c:\windows\system32\LMIinit.dll 2012-02-07 20:51:51 30592 ----a-w- c:\windows\system32\LMIport.dll 2011-12-15 21:02:18 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2011-12-15 21:02:16 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak 2011-12-11 00:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 17:55:35.71 =============== Attach Log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/1/2010 1:19:33 PM System Uptime: 2/23/2012 5:40:58 PM (0 hours ago) . Motherboard: | | NF-MCP61 Processor: AMD Athlon Processor LE-1600 | Socket AM2 | 2210/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 75 GiB total, 13.272 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMATAPI_DVD_C__DH52C2S____________________NP57\3032383036303332303034323637353220202020 Manufacturer: (Standard CD-ROM drives) Name: ATAPI DVD C DH52C2S PNP Device ID: IDE\CDROMATAPI_DVD_C__DH52C2S____________________NP57\3032383036303332303034323637353220202020 Service: cdrom . ==== System Restore Points =================== . RP503: 11/21/2011 1:11:33 PM - System Checkpoint RP504: 11/22/2011 1:19:21 PM - System Checkpoint RP505: 11/23/2011 1:47:54 PM - System Checkpoint RP506: 11/28/2011 3:44:51 PM - System Checkpoint RP507: 11/29/2011 4:30:27 PM - System Checkpoint RP508: 11/30/2011 6:49:35 PM - System Checkpoint RP509: 12/2/2011 12:51:01 PM - System Checkpoint RP510: 12/3/2011 1:22:12 PM - System Checkpoint RP511: 12/5/2011 12:42:02 PM - System Checkpoint RP512: 12/6/2011 3:14:31 PM - System Checkpoint RP513: 12/7/2011 4:09:25 PM - System Checkpoint RP514: 12/8/2011 5:01:31 PM - System Checkpoint RP515: 12/9/2011 5:39:20 PM - System Checkpoint RP516: 12/12/2011 12:25:17 PM - System Checkpoint RP517: 12/14/2011 12:15:21 PM - System Checkpoint RP518: 12/15/2011 12:16:33 PM - System Checkpoint RP519: 12/16/2011 12:11:55 PM - Printer Driver LogMeIn Printer Driver Installed RP520: 12/17/2011 12:29:12 PM - System Checkpoint RP521: 12/19/2011 12:13:02 PM - System Checkpoint RP522: 12/20/2011 12:19:07 PM - System Checkpoint RP523: 12/21/2011 1:03:53 PM - System Checkpoint RP524: 12/22/2011 2:53:53 PM - System Checkpoint RP525: 12/23/2011 3:26:40 PM - System Checkpoint RP526: 12/27/2011 12:55:36 PM - System Checkpoint RP527: 12/28/2011 3:06:22 PM - System Checkpoint RP528: 12/29/2011 6:35:16 PM - System Checkpoint RP529: 1/3/2012 10:08:18 AM - System Checkpoint RP530: 1/4/2012 12:12:00 PM - System Checkpoint RP531: 1/5/2012 1:45:23 PM - System Checkpoint RP532: 1/6/2012 4:09:59 PM - System Checkpoint RP533: 1/7/2012 4:42:36 PM - System Checkpoint RP534: 1/9/2012 12:41:13 PM - System Checkpoint RP535: 1/10/2012 5:19:54 PM - System Checkpoint RP536: 1/11/2012 6:01:28 PM - System Checkpoint RP537: 1/12/2012 3:38:04 PM - Removed Opera 11.51. RP538: 1/13/2012 6:12:54 PM - System Checkpoint RP539: 1/16/2012 1:36:49 PM - System Checkpoint RP540: 1/17/2012 4:52:30 PM - System Checkpoint RP541: 1/18/2012 5:53:01 PM - System Checkpoint RP542: 1/25/2012 12:22:51 PM - System Checkpoint RP543: 1/26/2012 2:08:51 PM - System Checkpoint RP544: 1/27/2012 3:21:28 PM - System Checkpoint RP545: 2/1/2012 2:53:09 PM - System Checkpoint RP546: 2/2/2012 3:25:27 PM - System Checkpoint RP547: 2/3/2012 5:13:53 PM - System Checkpoint RP548: 2/7/2012 1:56:48 PM - System Checkpoint RP549: 2/8/2012 11:53:42 AM - Printer Driver LogMeIn Printer Driver Installed RP550: 2/8/2012 2:34:08 PM - Installed TurboTax 2011 wrapper RP551: 2/10/2012 12:14:18 PM - System Checkpoint RP552: 2/11/2012 12:24:23 PM - System Checkpoint RP553: 2/13/2012 5:32:19 PM - System Checkpoint RP554: 2/15/2012 1:08:53 PM - System Checkpoint RP555: 2/15/2012 5:22:28 PM - Installed Windows Media Player Firefox Plugin RP556: 2/15/2012 5:40:20 PM - Removed Windows Media Player Firefox Plugin RP557: 2/15/2012 5:40:31 PM - Installed Windows Media Player Firefox Plugin RP558: 2/16/2012 6:44:11 PM - System Checkpoint RP559: 2/18/2012 12:13:10 PM - System Checkpoint RP560: 2/20/2012 4:34:21 PM - Installed Turbo Lister 2. RP561: 2/23/2012 4:58:15 PM - System Checkpoint . ==== Installed Programs ====================== . Adobe Acrobat 6.0.1 Standard Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.4.7 AIMsi RunTime AnyDVD Apple Application Support Apple Mobile Device Support Apple Software Update Audible Download Manager AudioConverter Studio 6.1 Auslogics Disk Defrag Avira AntiVir Personal - Free Antivirus AviSynth 2.5 BeerSmith Brewing Software Bonjour Brother HL-4040CN Brother MFL-Pro Suite CloneDVD2 CoffeeCup Free FTP Compatibility Pack for the 2007 Office system Data Lifeguard Diagnostic for Windows 1.22 DBF Commander 1.1.25 DBF Doctor 2.6 DBF Manager DBF Recovery 3.1 DBFWonder 1.3 Standard Version Express Burn Disc Burning Software Free RAR Extract Frog Free YouTube to iPod Converter version 3.8 Google Earth Plug-in Google Talk Plugin Google Update Helper GoToMeeting 4.5.0.457 HandBrake 0.9.5 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB971276-v3) Hulu Downloader 2.4.5.2 iExplorer 2.2.1.3 iTunes Java Auto Updater Java DB 10.5.3.0 Java 6 Update 21 Java SE Development Kit 6 Update 21 LogMeIn Lorex Internet Remote Software Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft ActiveSync Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office Access database engine 2007 (English) Microsoft Office Small Business Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual FoxPro OLE DB Provider Mikogo 4 Mozilla Firefox 10.0.2 (x86 en-US) Mozilla Thunderbird 10.0.2 (x86 en-US) NVIDIA Drivers NVIDIA ForceWare Network Access Manager Octoshape add-in for Adobe Flash Player Opera 11.61 Paros 3.2.13 PC Inspector File Recovery PE Explorer 1.99 R6 PGPfreeware 6.5.8 PNY Movie Player QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Recover Files 3.21 Registry First Aid RentASoft Image Converter v2.3 Sibelius Scorch (Firefox, Opera, Netscape only) Skype Click to Call Skype™ 5.5 Solero Music Control NP 1.0.0.5 Solero Music Viewer 8.0.32.2 StreamTransport version: 1.0.2.2171 Turbo Lister 2 TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper Uninstall 1.0.0.1 Unity Web Player Videora iPhone Converter 6 VLC media player 1.1.11 WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Media Player Firefox Plugin Windows XP Service Pack 3 WinHTTrack Website Copier 3.44-1 WinX DVD to iPhone Ripper 4.0.8 WinX Free VOB to MP4 Converter 2.0.5 XPS Essentials Pack XPS Essentials Pack 1.0 Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 2/23/2012 3:54:44 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file redbook.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512. 2/23/2012 3:20:16 PM, error: Service Control Manager [7023] - The Aclient service terminated with the following error: Access is denied. 2/23/2012 3:05:11 PM, error: Service Control Manager [7023] - The w300bus service terminated with the following error: Access is denied. 2/23/2012 12:35:11 PM, error: Service Control Manager [7023] - The Vpcusb service terminated with the following error: Access is denied. 2/23/2012 12:21:46 PM, error: Service Control Manager [7023] - The Psdistributionagent service terminated with the following error: Access is denied. 2/23/2012 12:02:00 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'redbook.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 2/22/2012 11:57:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 2/21/2012 12:37:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb ElbyCDIO Fips Processor ssmdrv 2/21/2012 12:26:41 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 2/21/2012 12:24:10 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'redbook.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 2/21/2012 12:21:53 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. 2/21/2012 12:20:52 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 2/21/2012 11:58:34 AM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s). 2/21/2012 11:58:34 AM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s). 2/21/2012 11:58:34 AM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). 2/21/2012 11:58:34 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2/21/2012 11:58:34 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 2/21/2012 11:58:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb ElbyCDIO Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip 2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning. 2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The Forceware Web Interface service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning. 2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/21/2012 11:57:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 2/21/2012 11:56:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} . ==== End Of File ===========================
  11. ok...so I just re-read everything again and saw that you don't want things as attachments....soooo I will again cut and paste everything....Sorry..... TDSSKiller log 11:59:04.0953 0480 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14 11:59:05.0484 0480 ============================================================ 11:59:05.0484 0480 Current date / time: 2012/02/22 11:59:05.0484 11:59:05.0484 0480 SystemInfo: 11:59:05.0484 0480 11:59:05.0484 0480 OS Version: 5.1.2600 ServicePack: 3.0 11:59:05.0484 0480 Product type: Workstation 11:59:05.0484 0480 ComputerName: OFC2 11:59:05.0484 0480 UserName: Mike's Music 11:59:05.0484 0480 Windows directory: C:\WINDOWS 11:59:05.0484 0480 System windows directory: C:\WINDOWS 11:59:05.0484 0480 Processor architecture: Intel x86 11:59:05.0484 0480 Number of processors: 1 11:59:05.0484 0480 Page size: 0x1000 11:59:05.0484 0480 Boot type: Safe boot with network 11:59:05.0484 0480 ============================================================ 11:59:08.0109 0480 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 11:59:08.0109 0480 \Device\Harddisk0\DR0: 11:59:08.0109 0480 MBR used 11:59:08.0109 0480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1 11:59:08.0171 0480 Initialize success 11:59:08.0171 0480 ============================================================ 11:59:47.0406 0788 ============================================================ 11:59:47.0406 0788 Scan started 11:59:47.0406 0788 Mode: Manual; SigCheck; TDLFS; 11:59:47.0406 0788 ============================================================ 11:59:48.0171 0788 aaivskn (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\iplitdf.sys 11:59:48.0890 0788 aaivskn ( UnsignedFile.Multi.Generic ) - warning 11:59:48.0890 0788 aaivskn - detected UnsignedFile.Multi.Generic (1) 11:59:48.0953 0788 Abiosdsk - ok 11:59:48.0984 0788 abp480n5 - ok 11:59:49.0078 0788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 11:59:49.0812 0788 ACPI - ok 11:59:49.0890 0788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 11:59:50.0031 0788 ACPIEC - ok 11:59:50.0062 0788 adpu160m - ok 11:59:50.0109 0788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 11:59:50.0203 0788 aec - ok 11:59:50.0234 0788 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 11:59:50.0359 0788 AFD - ok 11:59:50.0375 0788 Aha154x - ok 11:59:50.0390 0788 aic78u2 - ok 11:59:50.0406 0788 aic78xx - ok 11:59:50.0437 0788 AliIde - ok 11:59:50.0453 0788 amsint - ok 11:59:50.0500 0788 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys 11:59:50.0609 0788 AnyDVD - ok 11:59:50.0625 0788 asc - ok 11:59:50.0640 0788 asc3350p - ok 11:59:50.0656 0788 asc3550 - ok 11:59:50.0734 0788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 11:59:50.0828 0788 AsyncMac - ok 11:59:50.0843 0788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 11:59:50.0937 0788 atapi - ok 11:59:50.0953 0788 Atdisk - ok 11:59:51.0000 0788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 11:59:51.0125 0788 Atmarpc - ok 11:59:51.0171 0788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 11:59:51.0296 0788 audstub - ok 11:59:51.0359 0788 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 11:59:51.0359 0788 avgio - ok 11:59:51.0406 0788 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 11:59:51.0406 0788 avgntflt - ok 11:59:51.0453 0788 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 11:59:51.0453 0788 avipbb - ok 11:59:51.0515 0788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 11:59:51.0625 0788 Beep - ok 11:59:51.0687 0788 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys 11:59:51.0703 0788 BrPar ( UnsignedFile.Multi.Generic ) - warning 11:59:51.0703 0788 BrPar - detected UnsignedFile.Multi.Generic (1) 11:59:51.0734 0788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 11:59:51.0875 0788 cbidf2k - ok 11:59:51.0890 0788 cd20xrnt - ok 11:59:51.0953 0788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 11:59:52.0078 0788 Cdaudio - ok 11:59:52.0109 0788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 11:59:52.0203 0788 Cdfs - ok 11:59:52.0234 0788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 11:59:52.0343 0788 Cdrom - ok 11:59:52.0359 0788 Changer - ok 11:59:52.0390 0788 CmdIde - ok 11:59:52.0437 0788 Cpqarray - ok 11:59:52.0453 0788 dac2w2k - ok 11:59:52.0484 0788 dac960nt - ok 11:59:52.0500 0788 dfym - ok 11:59:52.0531 0788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 11:59:52.0625 0788 Disk - ok 11:59:52.0687 0788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 11:59:52.0828 0788 dmboot - ok 11:59:52.0875 0788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 11:59:52.0968 0788 dmio - ok 11:59:53.0015 0788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 11:59:53.0140 0788 dmload - ok 11:59:53.0171 0788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 11:59:53.0281 0788 DMusic - ok 11:59:53.0296 0788 dpti2o - ok 11:59:53.0343 0788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 11:59:53.0437 0788 drmkaud - ok 11:59:53.0484 0788 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 11:59:53.0484 0788 ElbyCDIO - ok 11:59:53.0531 0788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 11:59:53.0625 0788 Fastfat - ok 11:59:53.0671 0788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 11:59:53.0781 0788 Fdc - ok 11:59:53.0796 0788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 11:59:53.0890 0788 Fips - ok 11:59:53.0921 0788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 11:59:54.0015 0788 Flpydisk - ok 11:59:54.0062 0788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 11:59:54.0156 0788 FltMgr - ok 11:59:54.0203 0788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 11:59:54.0328 0788 Fs_Rec - ok 11:59:54.0359 0788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 11:59:54.0484 0788 Ftdisk - ok 11:59:54.0531 0788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 11:59:54.0531 0788 GEARAspiWDM - ok 11:59:54.0578 0788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 11:59:54.0671 0788 Gpc - ok 11:59:54.0718 0788 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 11:59:54.0734 0788 HDAudBus ( UnsignedFile.Multi.Generic ) - warning 11:59:54.0734 0788 HDAudBus - detected UnsignedFile.Multi.Generic (1) 11:59:54.0796 0788 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 11:59:54.0890 0788 HidUsb - ok 11:59:54.0906 0788 hpn - ok 11:59:54.0953 0788 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 11:59:55.0046 0788 HTTP - ok 11:59:55.0062 0788 i2omgmt - ok 11:59:55.0078 0788 i2omp - ok 11:59:55.0109 0788 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 11:59:55.0203 0788 i8042prt - ok 11:59:55.0218 0788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 11:59:55.0312 0788 Imapi - ok 11:59:55.0328 0788 ini910u - ok 11:59:55.0468 0788 IntcAzAudAddService (1ebde650d97a8eccdc1cc4a0804647cd) C:\WINDOWS\system32\drivers\RtkHDAud.sys 11:59:55.0734 0788 IntcAzAudAddService - ok 11:59:55.0750 0788 IntelIde - ok 11:59:55.0812 0788 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 11:59:55.0953 0788 ip6fw - ok 11:59:56.0000 0788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 11:59:56.0140 0788 IpFilterDriver - ok 11:59:56.0187 0788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 11:59:56.0296 0788 IpInIp - ok 11:59:56.0328 0788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 11:59:56.0421 0788 IpNat - ok 11:59:56.0453 0788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 11:59:56.0562 0788 IPSec - ok 11:59:56.0609 0788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 11:59:56.0703 0788 IRENUM - ok 11:59:56.0734 0788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 11:59:56.0843 0788 isapnp - ok 11:59:56.0859 0788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 11:59:56.0953 0788 Kbdclass - ok 11:59:56.0984 0788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 11:59:57.0093 0788 kmixer - ok 11:59:57.0125 0788 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 11:59:57.0218 0788 KSecDD - ok 11:59:57.0234 0788 lbrtfdc - ok 11:59:57.0343 0788 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 11:59:57.0390 0788 LMIInfo - ok 11:59:57.0437 0788 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 11:59:57.0437 0788 lmimirr - ok 11:59:57.0453 0788 LMIRfsClientNP - ok 11:59:57.0484 0788 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 11:59:57.0484 0788 LMIRfsDriver - ok 11:59:57.0546 0788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 11:59:57.0671 0788 mnmdd - ok 11:59:57.0718 0788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 11:59:57.0812 0788 Modem - ok 11:59:57.0843 0788 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys 11:59:57.0890 0788 motmodem - ok 11:59:57.0921 0788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 11:59:58.0015 0788 Mouclass - ok 11:59:58.0031 0788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 11:59:58.0125 0788 MountMgr - ok 11:59:58.0140 0788 mraid35x - ok 11:59:58.0171 0788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 11:59:58.0250 0788 MRxDAV - ok 11:59:58.0265 0788 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 11:59:58.0406 0788 MRxSmb - ok 11:59:58.0437 0788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 11:59:58.0531 0788 Msfs - ok 11:59:58.0578 0788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 11:59:58.0687 0788 MSKSSRV - ok 11:59:58.0718 0788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 11:59:58.0828 0788 MSPCLOCK - ok 11:59:58.0859 0788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 11:59:58.0953 0788 MSPQM - ok 11:59:58.0984 0788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 11:59:59.0078 0788 mssmbios - ok 11:59:59.0093 0788 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 11:59:59.0171 0788 Mup - ok 11:59:59.0187 0788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 11:59:59.0296 0788 NDIS - ok 11:59:59.0328 0788 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 11:59:59.0421 0788 NdisTapi - ok 11:59:59.0437 0788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 11:59:59.0531 0788 Ndisuio - ok 11:59:59.0546 0788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 11:59:59.0640 0788 NdisWan - ok 11:59:59.0656 0788 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 11:59:59.0750 0788 NDProxy - ok 11:59:59.0781 0788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 11:59:59.0875 0788 NetBIOS - ok 11:59:59.0890 0788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 11:59:59.0984 0788 NetBT - ok 12:00:00.0015 0788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 12:00:00.0109 0788 Npfs - ok 12:00:00.0140 0788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 12:00:00.0296 0788 Ntfs - ok 12:00:00.0343 0788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 12:00:00.0468 0788 Null - ok 12:00:00.0593 0788 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12:00:00.0828 0788 nv - ok 12:00:00.0875 0788 nvata (9eccd189a9554c30a0d18a429778c7ba) C:\WINDOWS\system32\DRIVERS\nvata.sys 12:00:00.0906 0788 nvata - ok 12:00:00.0937 0788 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 12:00:00.0984 0788 NVENETFD - ok 12:00:01.0015 0788 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 12:00:01.0062 0788 nvnetbus - ok 12:00:01.0078 0788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 12:00:01.0203 0788 NwlnkFlt - ok 12:00:01.0234 0788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 12:00:01.0359 0788 NwlnkFwd - ok 12:00:01.0390 0788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 12:00:01.0500 0788 Parport - ok 12:00:01.0515 0788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 12:00:01.0625 0788 PartMgr - ok 12:00:01.0671 0788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 12:00:01.0781 0788 ParVdm - ok 12:00:01.0796 0788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 12:00:01.0875 0788 PCI - ok 12:00:01.0953 0788 PCIDump - ok 12:00:02.0000 0788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 12:00:02.0125 0788 PCIIde - ok 12:00:02.0171 0788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 12:00:02.0359 0788 Pcmcia - ok 12:00:02.0406 0788 PDCOMP - ok 12:00:02.0421 0788 PDFRAME - ok 12:00:02.0453 0788 PDRELI - ok 12:00:02.0484 0788 PDRFRAME - ok 12:00:02.0546 0788 perc2 - ok 12:00:02.0562 0788 perc2hib - ok 12:00:02.0703 0788 PGPmemlock (a549dc21b37f1eece4e89acc993aaabb) C:\WINDOWS\system32\drivers\PGPmemlock.sys 12:00:02.0859 0788 PGPmemlock ( UnsignedFile.Multi.Generic ) - warning 12:00:02.0859 0788 PGPmemlock - detected UnsignedFile.Multi.Generic (1) 12:00:02.0921 0788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 12:00:03.0140 0788 PptpMiniport - ok 12:00:03.0156 0788 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 12:00:03.0468 0788 Processor - ok 12:00:03.0515 0788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 12:00:03.0796 0788 PSched - ok 12:00:03.0875 0788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 12:00:04.0000 0788 Ptilink - ok 12:00:04.0015 0788 ql1080 - ok 12:00:04.0031 0788 Ql10wnt - ok 12:00:04.0046 0788 ql12160 - ok 12:00:04.0078 0788 ql1240 - ok 12:00:04.0093 0788 ql1280 - ok 12:00:04.0109 0788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 12:00:04.0218 0788 RasAcd - ok 12:00:04.0250 0788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 12:00:04.0343 0788 Rasl2tp - ok 12:00:04.0375 0788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 12:00:04.0468 0788 RasPppoe - ok 12:00:04.0484 0788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 12:00:04.0578 0788 Raspti - ok 12:00:04.0609 0788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 12:00:04.0703 0788 Rdbss - ok 12:00:04.0718 0788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 12:00:04.0828 0788 RDPCDD - ok 12:00:04.0875 0788 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 12:00:04.0968 0788 rdpdr - ok 12:00:05.0015 0788 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 12:00:05.0109 0788 RDPWD - ok 12:00:05.0140 0788 redbook (cce6de646a2a9691cad011937cb59f70) C:\WINDOWS\system32\DRIVERS\redbook.sys 12:00:05.0156 0788 redbook ( UnsignedFile.Multi.Generic ) - warning 12:00:05.0156 0788 redbook - detected UnsignedFile.Multi.Generic (1) 12:00:05.0250 0788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 12:00:05.0359 0788 Secdrv - ok 12:00:05.0406 0788 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 12:00:05.0484 0788 serenum - ok 12:00:05.0531 0788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 12:00:05.0625 0788 Serial - ok 12:00:05.0687 0788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 12:00:05.0765 0788 Sfloppy - ok 12:00:05.0796 0788 Simbad - ok 12:00:05.0828 0788 Sparrow - ok 12:00:05.0843 0788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 12:00:05.0937 0788 splitter - ok 12:00:05.0984 0788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 12:00:06.0078 0788 sr - ok 12:00:06.0093 0788 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 12:00:06.0218 0788 Srv - ok 12:00:06.0265 0788 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 12:00:06.0265 0788 ssmdrv - ok 12:00:06.0328 0788 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 12:00:06.0437 0788 StillCam - ok 12:00:06.0468 0788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 12:00:06.0562 0788 swenum - ok 12:00:06.0593 0788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 12:00:06.0703 0788 swmidi - ok 12:00:06.0718 0788 symc810 - ok 12:00:06.0734 0788 symc8xx - ok 12:00:06.0750 0788 sym_hi - ok 12:00:06.0781 0788 sym_u3 - ok 12:00:06.0796 0788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 12:00:06.0890 0788 sysaudio - ok 12:00:06.0937 0788 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 12:00:07.0031 0788 Tcpip - ok 12:00:07.0078 0788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 12:00:07.0156 0788 TDPIPE - ok 12:00:07.0187 0788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 12:00:07.0296 0788 TDTCP - ok 12:00:07.0343 0788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 12:00:07.0453 0788 TermDD - ok 12:00:07.0484 0788 TosIde - ok 12:00:07.0546 0788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 12:00:07.0625 0788 Udfs - ok 12:00:07.0640 0788 ultra - ok 12:00:07.0718 0788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 12:00:07.0812 0788 Update - ok 12:00:07.0875 0788 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 12:00:07.0906 0788 USBAAPL - ok 12:00:07.0953 0788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 12:00:08.0031 0788 usbccgp - ok 12:00:08.0078 0788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 12:00:08.0171 0788 usbehci - ok 12:00:08.0187 0788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 12:00:08.0296 0788 usbhub - ok 12:00:08.0343 0788 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 12:00:08.0437 0788 usbohci - ok 12:00:08.0484 0788 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 12:00:08.0562 0788 usbscan - ok 12:00:08.0593 0788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 12:00:08.0687 0788 USBSTOR - ok 12:00:08.0718 0788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 12:00:08.0812 0788 VgaSave - ok 12:00:08.0828 0788 ViaIde - ok 12:00:08.0859 0788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 12:00:08.0937 0788 VolSnap - ok 12:00:08.0968 0788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 12:00:09.0062 0788 Wanarp - ok 12:00:09.0109 0788 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 12:00:09.0125 0788 Wdf01000 - ok 12:00:09.0140 0788 WDICA - ok 12:00:09.0203 0788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 12:00:09.0281 0788 wdmaud - ok 12:00:09.0390 0788 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 12:00:09.0531 0788 WS2IFSL - ok 12:00:09.0593 0788 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 12:00:09.0750 0788 \Device\Harddisk0\DR0 - ok 12:00:09.0765 0788 Boot (0x1200) (4443162ff56254fd0dad60b375312fcc) \Device\Harddisk0\DR0\Partition0 12:00:09.0765 0788 \Device\Harddisk0\DR0\Partition0 - ok 12:00:09.0765 0788 ============================================================ 12:00:09.0765 0788 Scan finished 12:00:09.0765 0788 ============================================================ 12:00:09.0890 1832 Detected object count: 5 12:00:09.0890 1832 Actual detected object count: 5 12:00:29.0828 1832 aaivskn ( UnsignedFile.Multi.Generic ) - skipped by user 12:00:29.0828 1832 aaivskn ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:00:29.0828 1832 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user 12:00:29.0828 1832 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:00:29.0828 1832 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user 12:00:29.0828 1832 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:00:29.0843 1832 PGPmemlock ( UnsignedFile.Multi.Generic ) - skipped by user 12:00:29.0843 1832 PGPmemlock ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:00:29.0843 1832 redbook ( UnsignedFile.Multi.Generic ) - skipped by user 12:00:29.0843 1832 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:00:48.0140 0180 ============================================================ 12:00:48.0140 0180 Scan started 12:00:48.0140 0180 Mode: Manual; SigCheck; TDLFS; 12:00:48.0140 0180 ============================================================ 12:00:48.0781 0180 aaivskn (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\iplitdf.sys 12:00:48.0812 0180 aaivskn ( UnsignedFile.Multi.Generic ) - warning 12:00:48.0812 0180 aaivskn - detected UnsignedFile.Multi.Generic (1) 12:00:48.0828 0180 Abiosdsk - ok 12:00:48.0843 0180 abp480n5 - ok 12:00:48.0890 0180 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 12:00:48.0984 0180 ACPI - ok 12:00:49.0031 0180 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 12:00:49.0125 0180 ACPIEC - ok 12:00:49.0125 0180 adpu160m - ok 12:00:49.0187 0180 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 12:00:49.0281 0180 aec - ok 12:00:49.0312 0180 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 12:00:49.0406 0180 AFD - ok 12:00:49.0406 0180 Aha154x - ok 12:00:49.0421 0180 aic78u2 - ok 12:00:49.0453 0180 aic78xx - ok 12:00:49.0484 0180 AliIde - ok 12:00:49.0500 0180 amsint - ok 12:00:49.0562 0180 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys 12:00:49.0562 0180 AnyDVD - ok 12:00:49.0593 0180 asc - ok 12:00:49.0609 0180 asc3350p - ok 12:00:49.0625 0180 asc3550 - ok 12:00:49.0687 0180 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 12:00:49.0781 0180 AsyncMac - ok 12:00:49.0812 0180 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 12:00:49.0906 0180 atapi - ok 12:00:49.0921 0180 Atdisk - ok 12:00:49.0968 0180 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 12:00:50.0078 0180 Atmarpc - ok 12:00:50.0125 0180 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 12:00:50.0250 0180 audstub - ok 12:00:50.0328 0180 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 12:00:50.0328 0180 avgio - ok 12:00:50.0375 0180 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 12:00:50.0375 0180 avgntflt - ok 12:00:50.0468 0180 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 12:00:50.0468 0180 avipbb - ok 12:00:50.0531 0180 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 12:00:50.0625 0180 Beep - ok 12:00:50.0687 0180 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys 12:00:50.0703 0180 BrPar ( UnsignedFile.Multi.Generic ) - warning 12:00:50.0703 0180 BrPar - detected UnsignedFile.Multi.Generic (1) 12:00:50.0750 0180 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 12:00:50.0859 0180 cbidf2k - ok 12:00:50.0875 0180 cd20xrnt - ok 12:00:50.0921 0180 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 12:00:51.0031 0180 Cdaudio - ok 12:00:51.0062 0180 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 12:00:51.0156 0180 Cdfs - ok 12:00:51.0187 0180 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 12:00:51.0281 0180 Cdrom - ok 12:00:51.0296 0180 Changer - ok 12:00:51.0328 0180 CmdIde - ok 12:00:51.0375 0180 Cpqarray - ok 12:00:51.0390 0180 dac2w2k - ok 12:00:51.0406 0180 dac960nt - ok 12:00:51.0437 0180 dfym - ok 12:00:51.0468 0180 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 12:00:51.0562 0180 Disk - ok 12:00:51.0609 0180 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 12:00:51.0750 0180 dmboot - ok 12:00:51.0765 0180 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 12:00:51.0843 0180 dmio - ok 12:00:51.0890 0180 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 12:00:52.0015 0180 dmload - ok 12:00:52.0046 0180 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 12:00:52.0125 0180 DMusic - ok 12:00:52.0156 0180 dpti2o - ok 12:00:52.0203 0180 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 12:00:52.0281 0180 drmkaud - ok 12:00:52.0328 0180 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 12:00:52.0343 0180 ElbyCDIO - ok 12:00:52.0375 0180 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 12:00:52.0468 0180 Fastfat - ok 12:00:52.0515 0180 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 12:00:52.0593 0180 Fdc - ok 12:00:52.0625 0180 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 12:00:52.0718 0180 Fips - ok 12:00:52.0734 0180 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 12:00:52.0812 0180 Flpydisk - ok 12:00:52.0859 0180 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 12:00:52.0953 0180 FltMgr - ok 12:00:53.0015 0180 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 12:00:53.0125 0180 Fs_Rec - ok 12:00:53.0171 0180 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 12:00:53.0281 0180 Ftdisk - ok 12:00:53.0328 0180 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 12:00:53.0343 0180 GEARAspiWDM - ok 12:00:53.0375 0180 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 12:00:53.0484 0180 Gpc - ok 12:00:53.0531 0180 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 12:00:53.0546 0180 HDAudBus ( UnsignedFile.Multi.Generic ) - warning 12:00:53.0546 0180 HDAudBus - detected UnsignedFile.Multi.Generic (1) 12:00:53.0593 0180 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 12:00:53.0687 0180 HidUsb - ok 12:00:53.0687 0180 hpn - ok 12:00:53.0718 0180 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 12:00:53.0828 0180 HTTP - ok 12:00:53.0843 0180 i2omgmt - ok 12:00:53.0859 0180 i2omp - ok 12:00:53.0890 0180 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 12:00:53.0984 0180 i8042prt - ok 12:00:54.0000 0180 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 12:00:54.0078 0180 Imapi - ok 12:00:54.0093 0180 ini910u - ok 12:00:54.0218 0180 IntcAzAudAddService (1ebde650d97a8eccdc1cc4a0804647cd) C:\WINDOWS\system32\drivers\RtkHDAud.sys 12:00:54.0390 0180 IntcAzAudAddService - ok 12:00:54.0406 0180 IntelIde - ok 12:00:54.0437 0180 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 12:00:54.0546 0180 ip6fw - ok 12:00:54.0593 0180 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 12:00:54.0703 0180 IpFilterDriver - ok 12:00:54.0734 0180 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 12:00:54.0843 0180 IpInIp - ok 12:00:54.0890 0180 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 12:00:54.0968 0180 IpNat - ok 12:00:54.0984 0180 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 12:00:55.0078 0180 IPSec - ok 12:00:55.0125 0180 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 12:00:55.0218 0180 IRENUM - ok 12:00:55.0250 0180 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 12:00:55.0359 0180 isapnp - ok 12:00:55.0390 0180 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 12:00:55.0484 0180 Kbdclass - ok 12:00:55.0500 0180 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 12:00:55.0609 0180 kmixer - ok 12:00:55.0640 0180 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 12:00:55.0734 0180 KSecDD - ok 12:00:55.0765 0180 lbrtfdc - ok 12:00:55.0906 0180 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 12:00:55.0921 0180 LMIInfo - ok 12:00:55.0953 0180 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 12:00:55.0968 0180 lmimirr - ok 12:00:55.0968 0180 LMIRfsClientNP - ok 12:00:55.0984 0180 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 12:00:56.0000 0180 LMIRfsDriver - ok 12:00:56.0078 0180 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 12:00:56.0187 0180 mnmdd - ok 12:00:56.0218 0180 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 12:00:56.0312 0180 Modem - ok 12:00:56.0359 0180 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys 12:00:56.0375 0180 motmodem - ok 12:00:56.0406 0180 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 12:00:56.0484 0180 Mouclass - ok 12:00:56.0515 0180 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 12:00:56.0609 0180 MountMgr - ok 12:00:56.0625 0180 mraid35x - ok 12:00:56.0671 0180 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 12:00:56.0750 0180 MRxDAV - ok 12:00:56.0781 0180 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 12:00:56.0906 0180 MRxSmb - ok 12:00:56.0953 0180 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 12:00:57.0046 0180 Msfs - ok 12:00:57.0093 0180 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 12:00:57.0203 0180 MSKSSRV - ok 12:00:57.0250 0180 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 12:00:57.0343 0180 MSPCLOCK - ok 12:00:57.0390 0180 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 12:00:57.0468 0180 MSPQM - ok 12:00:57.0500 0180 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 12:00:57.0578 0180 mssmbios - ok 12:00:57.0609 0180 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 12:00:57.0687 0180 Mup - ok 12:00:57.0718 0180 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 12:00:57.0812 0180 NDIS - ok 12:00:57.0859 0180 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12:00:57.0937 0180 NdisTapi - ok 12:00:57.0968 0180 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 12:00:58.0062 0180 Ndisuio - ok 12:00:58.0078 0180 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 12:00:58.0171 0180 NdisWan - ok 12:00:58.0187 0180 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 12:00:58.0281 0180 NDProxy - ok 12:00:58.0343 0180 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 12:00:58.0421 0180 NetBIOS - ok 12:00:58.0453 0180 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 12:00:58.0546 0180 NetBT - ok 12:00:58.0609 0180 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 12:00:58.0703 0180 Npfs - ok 12:00:58.0750 0180 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 12:00:58.0843 0180 Ntfs - ok 12:00:58.0906 0180 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 12:00:59.0015 0180 Null - ok 12:00:59.0140 0180 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12:00:59.0250 0180 nv - ok 12:00:59.0296 0180 nvata (9eccd189a9554c30a0d18a429778c7ba) C:\WINDOWS\system32\DRIVERS\nvata.sys 12:00:59.0312 0180 nvata - ok 12:00:59.0359 0180 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 12:00:59.0375 0180 NVENETFD - ok 12:00:59.0421 0180 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 12:00:59.0421 0180 nvnetbus - ok 12:00:59.0468 0180 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 12:00:59.0578 0180 NwlnkFlt - ok 12:00:59.0593 0180 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 12:00:59.0718 0180 NwlnkFwd - ok 12:00:59.0765 0180 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 12:00:59.0859 0180 Parport - ok 12:00:59.0875 0180 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 12:01:00.0015 0180 PartMgr - ok 12:01:00.0062 0180 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 12:01:00.0156 0180 ParVdm - ok 12:01:00.0171 0180 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 12:01:00.0265 0180 PCI - ok 12:01:00.0281 0180 PCIDump - ok 12:01:00.0328 0180 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 12:01:00.0484 0180 PCIIde - ok 12:01:00.0531 0180 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 12:01:00.0625 0180 Pcmcia - ok 12:01:00.0640 0180 PDCOMP - ok 12:01:00.0640 0180 PDFRAME - ok 12:01:00.0640 0180 PDRELI - ok 12:01:00.0656 0180 PDRFRAME - ok 12:01:00.0656 0180 perc2 - ok 12:01:00.0671 0180 perc2hib - ok 12:01:00.0703 0180 PGPmemlock (a549dc21b37f1eece4e89acc993aaabb) C:\WINDOWS\system32\drivers\PGPmemlock.sys 12:01:00.0718 0180 PGPmemlock ( UnsignedFile.Multi.Generic ) - warning 12:01:00.0718 0180 PGPmemlock - detected UnsignedFile.Multi.Generic (1) 12:01:00.0765 0180 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 12:01:00.0843 0180 PptpMiniport - ok 12:01:00.0875 0180 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 12:01:00.0953 0180 Processor - ok 12:01:00.0968 0180 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 12:01:01.0062 0180 PSched - ok 12:01:01.0093 0180 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 12:01:01.0203 0180 Ptilink - ok 12:01:01.0218 0180 ql1080 - ok 12:01:01.0218 0180 Ql10wnt - ok 12:01:01.0234 0180 ql12160 - ok 12:01:01.0234 0180 ql1240 - ok 12:01:01.0250 0180 ql1280 - ok 12:01:01.0250 0180 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 12:01:01.0343 0180 RasAcd - ok 12:01:01.0375 0180 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 12:01:01.0468 0180 Rasl2tp - ok 12:01:01.0484 0180 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 12:01:01.0578 0180 RasPppoe - ok 12:01:01.0578 0180 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 12:01:01.0687 0180 Raspti - ok 12:01:01.0703 0180 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 12:01:01.0781 0180 Rdbss - ok 12:01:01.0796 0180 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 12:01:01.0890 0180 RDPCDD - ok 12:01:01.0937 0180 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 12:01:02.0015 0180 rdpdr - ok 12:01:02.0062 0180 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 12:01:02.0156 0180 RDPWD - ok 12:01:02.0187 0180 redbook (cce6de646a2a9691cad011937cb59f70) C:\WINDOWS\system32\DRIVERS\redbook.sys 12:01:02.0187 0180 redbook ( UnsignedFile.Multi.Generic ) - warning 12:01:02.0187 0180 redbook - detected UnsignedFile.Multi.Generic (1) 12:01:02.0250 0180 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 12:01:02.0343 0180 Secdrv - ok 12:01:02.0390 0180 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 12:01:02.0468 0180 serenum - ok 12:01:02.0500 0180 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 12:01:02.0593 0180 Serial - ok 12:01:02.0625 0180 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 12:01:02.0718 0180 Sfloppy - ok 12:01:02.0734 0180 Simbad - ok 12:01:02.0734 0180 Sparrow - ok 12:01:02.0750 0180 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 12:01:02.0828 0180 splitter - ok 12:01:02.0875 0180 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 12:01:02.0968 0180 sr - ok 12:01:02.0968 0180 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 12:01:03.0062 0180 Srv - ok 12:01:03.0109 0180 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 12:01:03.0109 0180 ssmdrv - ok 12:01:03.0156 0180 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 12:01:03.0250 0180 StillCam - ok 12:01:03.0265 0180 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 12:01:03.0390 0180 swenum - ok 12:01:03.0437 0180 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 12:01:03.0546 0180 swmidi - ok 12:01:03.0546 0180 symc810 - ok 12:01:03.0562 0180 symc8xx - ok 12:01:03.0562 0180 sym_hi - ok 12:01:03.0578 0180 sym_u3 - ok 12:01:03.0593 0180 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 12:01:03.0687 0180 sysaudio - ok 12:01:03.0718 0180 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 12:01:03.0812 0180 Tcpip - ok 12:01:03.0843 0180 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 12:01:03.0937 0180 TDPIPE - ok 12:01:03.0953 0180 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 12:01:04.0046 0180 TDTCP - ok 12:01:04.0078 0180 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 12:01:04.0171 0180 TermDD - ok 12:01:04.0187 0180 TosIde - ok 12:01:04.0218 0180 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 12:01:04.0312 0180 Udfs - ok 12:01:04.0312 0180 ultra - ok 12:01:04.0359 0180 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 12:01:04.0453 0180 Update - ok 12:01:04.0500 0180 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 12:01:04.0515 0180 USBAAPL - ok 12:01:04.0546 0180 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 12:01:04.0640 0180 usbccgp - ok 12:01:04.0656 0180 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 12:01:04.0750 0180 usbehci - ok 12:01:04.0750 0180 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 12:01:04.0843 0180 usbhub - ok 12:01:04.0890 0180 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 12:01:04.0968 0180 usbohci - ok 12:01:05.0015 0180 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 12:01:05.0093 0180 usbscan - ok 12:01:05.0109 0180 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 12:01:05.0203 0180 USBSTOR - ok 12:01:05.0234 0180 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 12:01:05.0328 0180 VgaSave - ok 12:01:05.0343 0180 ViaIde - ok 12:01:05.0375 0180 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 12:01:05.0453 0180 VolSnap - ok 12:01:05.0484 0180 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 12:01:05.0578 0180 Wanarp - ok 12:01:05.0625 0180 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 12:01:05.0640 0180 Wdf01000 - ok 12:01:05.0640 0180 WDICA - ok 12:01:05.0687 0180 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 12:01:05.0781 0180 wdmaud - ok 12:01:05.0828 0180 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 12:01:05.0921 0180 WS2IFSL - ok 12:01:05.0953 0180 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 12:01:06.0125 0180 \Device\Harddisk0\DR0 - ok 12:01:06.0125 0180 Boot (0x1200) (4443162ff56254fd0dad60b375312fcc) \Device\Harddisk0\DR0\Partition0 12:01:06.0125 0180 \Device\Harddisk0\DR0\Partition0 - ok 12:01:06.0125 0180 ============================================================ 12:01:06.0125 0180 Scan finished 12:01:06.0125 0180 ============================================================ 12:01:06.0125 1056 Detected object count: 5 12:01:06.0125 1056 Actual detected object count: 5 12:01:38.0281 1056 aaivskn ( UnsignedFile.Multi.Generic ) - skipped by user 12:01:38.0281 1056 aaivskn ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:01:38.0281 1056 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user 12:01:38.0281 1056 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:01:38.0281 1056 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user 12:01:38.0281 1056 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:01:38.0281 1056 PGPmemlock ( UnsignedFile.Multi.Generic ) - skipped by user 12:01:38.0281 1056 PGPmemlock ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:01:38.0296 1056 redbook ( UnsignedFile.Multi.Generic ) - skipped by user 12:01:38.0296 1056 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:02:50.0296 0424 Deinitialize success Malwarebytes' Anti-Malware log Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.22.05 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 6.0.2900.5512 Mike's Music :: OFC2 [administrator] 2/22/2012 12:05:41 PM mbam-log-2012-02-22 (12-05-41).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 419612 Time elapsed: 34 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DvhhCCFbLujqW.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users.WINDOWS\Application Data\DvhhCCFbLujqW.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 93 C:\Documents and Settings\All Users.WINDOWS\Application Data\DvhhCCFbLujqW.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike's Music\Application Data\C4B74\98474.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike's Music\Application Data\C4B74\A99BC.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully. C:\WINDOWS\system32\3combootp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\A88xXBar.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\acprfmgrsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\amdppm.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\amoagent.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\amon.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bcm4sbxp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\BCMModem.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bdftdif.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bthidenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cdaudio.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cebdaldr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cidaemon.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\CiscoVpnInstallService.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cm102u32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cmdide.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ctaud2k.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dashsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\db2das00.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dktknsrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\DLH5X.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\DNE.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Exportit.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gv3.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hdaudbus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\houdinilicenseserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hpqwmi.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hwdatacard.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ichaud.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ihcservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\IPSECSHM.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\irenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\k750mdfl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\KMW_SYS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\KR3NPXP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lcs.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\LMS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lxbu_device.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\MA_CMIDI.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\MKEMUSB.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mlkkbdntdriver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nalntservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ndisip.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NsTrcNT.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\omniserv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\oracle%oracle_home_service%clientcache80.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ossrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pdlndint.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pdlnsv25.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\protexislicensing.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\quickhealfirewall.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\RMSvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rt2500.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\RTLE8023xp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SaiU040B.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SECYPUSB.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\serial.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sffp_sd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sfusvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sigfilt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\snac.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\snare.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sonywbms.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sqlagent$sony_mediamgr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SRS_SSCFilter.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssfs0509.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TMHIDSRV.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tpkd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\transbaseservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\trioservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tvtnetwk.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\update.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uphclean.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\USBAAPL.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\USB_NDIS_51.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\USRpdA.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UxTuneUp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vcommmgr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\viamraid.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\viaudio.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\VMAUDIO.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wdmaud.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\websensecamreportserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\websensecamserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WmHidLo.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\z525bus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\z800mdfl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike's Music\Local Settings\Temp\~!#F.tmp (Trojan.Downloader.BH) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\hdgfsh.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ueabklu.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. (end) a new fresh DDS log file Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.22.05 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 6.0.2900.5512 Mike's Music :: OFC2 [administrator] 2/22/2012 12:05:41 PM mbam-log-2012-02-22 (12-05-41).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 419612 Time elapsed: 34 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DvhhCCFbLujqW.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users.WINDOWS\Application Data\DvhhCCFbLujqW.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 93 C:\Documents and Settings\All Users.WINDOWS\Application Data\DvhhCCFbLujqW.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike's Music\Application Data\C4B74\98474.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike's Music\Application Data\C4B74\A99BC.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully. C:\WINDOWS\system32\3combootp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\A88xXBar.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\acprfmgrsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\amdppm.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\amoagent.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\amon.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bcm4sbxp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\BCMModem.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bdftdif.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bthidenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cdaudio.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cebdaldr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cidaemon.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\CiscoVpnInstallService.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cm102u32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cmdide.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ctaud2k.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dashsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\db2das00.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dktknsrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\DLH5X.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\DNE.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Exportit.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gv3.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hdaudbus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\houdinilicenseserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hpqwmi.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hwdatacard.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ichaud.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ihcservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\IPSECSHM.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\irenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\k750mdfl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\KMW_SYS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\KR3NPXP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lcs.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\LMS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lxbu_device.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\MA_CMIDI.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\MKEMUSB.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mlkkbdntdriver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nalntservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ndisip.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NsTrcNT.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\omniserv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\oracle%oracle_home_service%clientcache80.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ossrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pdlndint.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pdlnsv25.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\protexislicensing.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\quickhealfirewall.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\RMSvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rt2500.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\RTLE8023xp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SaiU040B.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SECYPUSB.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\serial.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sffp_sd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sfusvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sigfilt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\snac.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\snare.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sonywbms.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sqlagent$sony_mediamgr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SRS_SSCFilter.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssfs0509.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TMHIDSRV.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tpkd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\transbaseservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\trioservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tvtnetwk.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\update.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uphclean.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\USBAAPL.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\USB_NDIS_51.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\USRpdA.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UxTuneUp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vcommmgr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\viamraid.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\viaudio.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\VMAUDIO.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wdmaud.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\websensecamreportserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\websensecamserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WmHidLo.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\z525bus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\z800mdfl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike's Music\Local Settings\Temp\~!#F.tmp (Trojan.Downloader.BH) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\hdgfsh.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ueabklu.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. (end)
  12. Dang, also, The link about Firefox going to proxy is happening to me too. That is why I put it in my original post. I would also like to fix that once the main problem is fixed. Thanks!!
  13. Forgot to also ask....what are you looking at and what can I look for in the future? Thanks
  14. I have done everything requested. Here are the logs too. I will also show the attach.log file too... Thanks for the help!! TDSSKiller.2.7.13.0_22.02.2012_11.59.04_log.txt attach02222012.txt dds02222012.txt mbam-log-2012-02-22 (12-05-41).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.