Jump to content

Recommended Posts

I originally posted in the General Forum, but I think this is the more-appropriate forum for my issue(s).

I have been doing battle with cleaning my XP Media Ctr Edition SP3 PC for a number of days now with little success. Alas, I need help in cleaning this sucker. The XP Security 2012 pop-ups have stopped, still have ping.exe process running and can't get rid of it (also have no less than 9 svchost.exe processes running as well). MalwareByte's protection is constantly blocking outbound IPs. I've scanned with MalwareByte's, SpyBot S&D, TSSKiller, CCleaner, HiJackThis & MS Security Essentials. This is the overall status of my PC. Below are the results of my DDS.scr. I copy/pasted the dds.txt and zipped & attached the attach.txt file as attach.zip. Thanks in advance on help with this.

-- Dondi

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19

Run by Administrator at 15:29:07 on 2011-12-18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1155 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\ehome\RMSvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\AirPort\APAgent.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\ehome\RMSysTry.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Dun74\VLC360\vlc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [CTHelper] CTHELPER.EXE

mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Transcode360] c:\program files\transcode360\Transcode360Tray.exe

mRun: [My Movies Tray] "c:\program files\mce\my movies\My Movies Tray.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [usbBoost] c:\program files\usbboost\TurboHddUsb.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [spybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck /autofix

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\administrator\desktop\MTV.vbs

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vlc360.lnk - c:\program files\dun74\vlc360\VLC360.bat

uPolicies-explorer: GreyMSIAds = 0 (0x0)

uPolicies-explorer: HideSCABattery = 1 (0x1)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: Interfaces\{E6B482D6-C571-43EE-B7CF-80D299D37BAF} : NameServer = 192.168.1.1,68.237.161.12

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LMIinit - LMIinit.dll

Notify: xmlproservice - xmlrpw32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

LSA: Notification Packages = scecli scecli

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\a26tfnti.default\

FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\a26tfnti.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-6-1 7936]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsla8b7afdb;MpKsla8b7afdb;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed38aca9-da6c-4adb-8a1e-9aa0e13577d6}\MpKsla8b7afdb.sys [2011-12-18 29904]

R1 oxfwlf;oxfwlf;c:\windows\system32\drivers\OxFWLF.sys [2010-6-17 12043]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-7-1 286736]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-6 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-17 366152]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]

R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]

R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-6-1 23680]

R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2011-5-26 55296]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-17 22216]

R3 powerfil;powerfil;c:\windows\system32\drivers\powerfil.sys [2008-11-15 8832]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 NAVAPEL;NAVAPEL;\??\c:\program files\symantec_client_security\symantec antivirus\navapel.sys --> c:\program files\symantec_client_security\symantec antivirus\NAVAPEL.SYS [?]

S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2004-8-10 14336]

S3 CEUSBAUD;DigiTech USB MIDI Driver (MIDI);c:\windows\system32\drivers\ceusbaud.sys [2011-6-11 17920]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 NAVAP;NAVAP;\??\c:\progra~1\symant~1\symant~1\navap.sys --> c:\progra~1\symant~1\symant~1\NAVAP.sys [?]

S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20101018.002\naveng.sys --> c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVENG.sys [?]

S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20101018.002\navex15.sys --> c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVEX15.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742); [x]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-12-18 20:21:34 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed38aca9-da6c-4adb-8a1e-9aa0e13577d6}\MpKsla8b7afdb.sys

2011-12-18 20:21:31 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed38aca9-da6c-4adb-8a1e-9aa0e13577d6}\offreg.dll

2011-12-17 17:34:16 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-17 17:34:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-17 06:31:02 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-12-17 06:31:02 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-12-17 05:59:29 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-12-17 05:59:25 -------- d-----w- c:\program files\Trend Micro

2011-12-16 08:00:02 -------- d-----w- c:\program files\AVG

2011-12-16 07:56:13 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-12-16 07:55:48 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-12-16 03:12:20 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-12-16 03:10:52 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed38aca9-da6c-4adb-8a1e-9aa0e13577d6}\mpengine.dll

2011-12-15 18:57:39 37888 ----a-w- c:\windows\system32\xmlrpw32.dll

2011-12-15 01:37:39 -------- d-----w- c:\program files\iPod

2011-12-15 01:37:34 -------- d-----w- c:\program files\iTunes

2011-12-09 05:31:10 -------- d-----w- c:\documents and settings\administrator\application data\Auslogics

2011-12-09 05:31:03 -------- d-----w- c:\program files\Auslogics

2011-12-09 04:49:10 -------- d-----w- c:\program files\CCleaner

2011-12-09 04:38:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-12-09 04:35:35 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-09 02:45:47 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2011-12-09 02:45:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

.

==================== Find3M ====================

.

2011-12-08 07:25:39 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-11-27 23:03:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-15 21:45:30 0 ---ha-w- c:\documents and settings\administrator\hwrufegslf.tmp

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 14:30:43 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-07 14:30:42 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-07 14:30:42 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2011-10-07 14:30:42 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 15:30:33.95 ===============

attach.txt

Link to post
Share on other sites

  • 3 weeks later...
  • Replies 89
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum.

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Please download and run RogueKiller.

Choose 1 to scan the system

Post back the report.

MrC

Link to post
Share on other sites

Ok here is the FSS.txt log

Farbar Service Scanner

Ran by Administrator (administrator) on 04-01-2012 at 18:50:22

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x080000000500000001000000020000000300000004000000060000000700000008000000

IpSec Tag value is correct.

**** End of log ****

...and here is the RogueKiller log:

RogueKiller V6.2.2 [12/31/2011] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Administrator [Admin rights]

Mode: Scan -- Date : 01/04/2012 18:51:24

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] Shortcut to MTV.lnk : C:\Documents and Settings\Administrator\Desktop\MTV.vbs -> FOUND

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{E6B482D6-C571-43EE-B7CF-80D299D37BAF} : NameServer (192.168.1.1,68.237.161.12) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5850BAE5-49CD-4292-9F67-15100FDE75BB} : NameServer (151.202.0.84,151.198.0.38) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{E6B482D6-C571-43EE-B7CF-80D299D37BAF} : NameServer (192.168.0.1,68.237.161.12) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 3c1e4cbc3502f365d373dcfed71a4ae0

[bSP] 3a200ce8e0e512e3e28ec5a81102d592 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 39843 Mo

1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 77818860 | Size: 160203 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] 6499cd8ffcfc7acc3b6c4f1e712460ee

[bSP] d5ba21d79064270431b71c1fdfbd4aef : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 1000203 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

TDSSKiller log

20:55:06.0984 4100 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

20:55:07.0296 4100 ============================================================

20:55:07.0296 4100 Current date / time: 2012/01/04 20:55:07.0296

20:55:07.0296 4100 SystemInfo:

20:55:07.0296 4100

20:55:07.0296 4100 OS Version: 5.1.2600 ServicePack: 3.0

20:55:07.0296 4100 Product type: Workstation

20:55:07.0296 4100 ComputerName: DONDIMCE

20:55:07.0296 4100 UserName: Administrator

20:55:07.0296 4100 Windows directory: C:\WINDOWS

20:55:07.0296 4100 System windows directory: C:\WINDOWS

20:55:07.0296 4100 Processor architecture: Intel x86

20:55:07.0296 4100 Number of processors: 2

20:55:07.0296 4100 Page size: 0x1000

20:55:07.0296 4100 Boot type: Normal boot

20:55:07.0296 4100 ============================================================

20:55:19.0562 4100 Initialize success

20:55:56.0859 5680 ============================================================

20:55:56.0859 5680 Scan started

20:55:56.0859 5680 Mode: Manual; SigCheck; TDLFS;

20:55:56.0859 5680 ============================================================

20:55:59.0218 5680 Abiosdsk - ok

20:55:59.0234 5680 abp480n5 - ok

20:55:59.0281 5680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:56:00.0390 5680 ACPI - ok

20:56:00.0468 5680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

20:56:00.0687 5680 ACPIEC - ok

20:56:00.0718 5680 adpu160m - ok

20:56:00.0750 5680 aeaudio (2c5b1f8142a96233c07c93328b5ea635) C:\WINDOWS\system32\drivers\aeaudio.sys

20:56:00.0859 5680 aeaudio - ok

20:56:00.0906 5680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:56:01.0125 5680 aec - ok

20:56:01.0156 5680 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

20:56:01.0250 5680 AFD - ok

20:56:01.0296 5680 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

20:56:01.0484 5680 agp440 - ok

20:56:01.0484 5680 Aha154x - ok

20:56:01.0515 5680 aic78u2 - ok

20:56:01.0531 5680 aic78xx - ok

20:56:01.0546 5680 AliIde - ok

20:56:01.0562 5680 amsint - ok

20:56:01.0609 5680 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

20:56:01.0812 5680 Arp1394 - ok

20:56:01.0828 5680 asc - ok

20:56:01.0843 5680 asc3350p - ok

20:56:01.0859 5680 asc3550 - ok

20:56:01.0906 5680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:56:02.0078 5680 AsyncMac - ok

20:56:02.0109 5680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:56:02.0359 5680 atapi - ok

20:56:02.0375 5680 Atdisk - ok

20:56:02.0500 5680 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

20:56:04.0062 5680 ati2mtag ( UnsignedFile.Multi.Generic ) - warning

20:56:04.0062 5680 ati2mtag - detected UnsignedFile.Multi.Generic (1)

20:56:04.0093 5680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:56:04.0296 5680 Atmarpc - ok

20:56:04.0343 5680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:56:04.0515 5680 audstub - ok

20:56:04.0546 5680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:56:04.0750 5680 Beep - ok

20:56:04.0796 5680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:56:05.0015 5680 cbidf2k - ok

20:56:05.0046 5680 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:56:05.0296 5680 CCDECODE - ok

20:56:05.0312 5680 cd20xrnt - ok

20:56:05.0343 5680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:56:05.0578 5680 Cdaudio - ok

20:56:05.0625 5680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:56:05.0843 5680 Cdfs - ok

20:56:05.0875 5680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:56:06.0140 5680 Cdrom - ok

20:56:06.0171 5680 CEUSBAUD (42291a123cad3914ead8d73169e13661) C:\WINDOWS\system32\Drivers\CEUSBAUD.sys

20:56:06.0218 5680 CEUSBAUD ( UnsignedFile.Multi.Generic ) - warning

20:56:06.0218 5680 CEUSBAUD - detected UnsignedFile.Multi.Generic (1)

20:56:06.0234 5680 Changer - ok

20:56:06.0265 5680 CmdIde - ok

20:56:06.0312 5680 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL

20:56:06.0796 5680 COMMONFX.DLL - ok

20:56:06.0906 5680 Cpqarray - ok

20:56:06.0937 5680 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL

20:56:07.0062 5680 CT20XUT.DLL - ok

20:56:07.0109 5680 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys

20:56:07.0187 5680 ctac32k - ok

20:56:07.0218 5680 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys

20:56:07.0312 5680 ctaud2k - ok

20:56:07.0437 5680 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL

20:56:07.0546 5680 CTAUDFX.DLL - ok

20:56:07.0656 5680 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys

20:56:07.0921 5680 ctdvda2k - ok

20:56:07.0953 5680 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL

20:56:08.0000 5680 CTEAPSFX.DLL - ok

20:56:08.0031 5680 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL

20:56:08.0109 5680 CTEDSPFX.DLL - ok

20:56:08.0140 5680 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL

20:56:08.0218 5680 CTEDSPIO.DLL - ok

20:56:08.0234 5680 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL

20:56:08.0328 5680 CTEDSPSY.DLL - ok

20:56:08.0359 5680 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL

20:56:08.0421 5680 CTERFXFX.DLL - ok

20:56:08.0484 5680 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL

20:56:08.0640 5680 CTEXFIFX.DLL - ok

20:56:08.0734 5680 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL

20:56:10.0140 5680 CTHWIUT.DLL - ok

20:56:10.0187 5680 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys

20:56:10.0218 5680 ctprxy2k - ok

20:56:10.0265 5680 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL

20:56:10.0375 5680 CTSBLFX.DLL - ok

20:56:10.0421 5680 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys

20:56:10.0468 5680 ctsfm2k - ok

20:56:10.0484 5680 dac2w2k - ok

20:56:10.0500 5680 dac960nt - ok

20:56:10.0546 5680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

20:56:10.0765 5680 Disk - ok

20:56:10.0812 5680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

20:56:11.0062 5680 dmboot - ok

20:56:11.0109 5680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

20:56:11.0296 5680 dmio - ok

20:56:11.0328 5680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:56:11.0515 5680 dmload - ok

20:56:11.0593 5680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:56:11.0828 5680 DMusic - ok

20:56:11.0843 5680 dpti2o - ok

20:56:11.0875 5680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:56:12.0125 5680 drmkaud - ok

20:56:12.0171 5680 E1000 (4de4bae4accb5a49fa85801d4f226355) C:\WINDOWS\system32\DRIVERS\e1000325.sys

20:56:12.0296 5680 E1000 - ok

20:56:12.0343 5680 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys

20:56:12.0546 5680 E100B ( UnsignedFile.Multi.Generic ) - warning

20:56:12.0546 5680 E100B - detected UnsignedFile.Multi.Generic (1)

20:56:12.0609 5680 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys

20:56:12.0671 5680 emupia - ok

20:56:12.0734 5680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:56:12.0937 5680 Fastfat - ok

20:56:12.0968 5680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

20:56:13.0218 5680 Fdc - ok

20:56:13.0250 5680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

20:56:13.0515 5680 Fips - ok

20:56:13.0718 5680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

20:56:13.0953 5680 Flpydisk - ok

20:56:13.0984 5680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

20:56:14.0203 5680 FltMgr - ok

20:56:14.0234 5680 FNETTBOH (a9e2df40ed6ec9e8885da72b6e1818f3) C:\WINDOWS\system32\drivers\FNETTBOH.SYS

20:56:14.0281 5680 FNETTBOH ( UnsignedFile.Multi.Generic ) - warning

20:56:14.0281 5680 FNETTBOH - detected UnsignedFile.Multi.Generic (1)

20:56:14.0328 5680 FNETURPX (784ffba7ee5c5f3a396407e4712f72f0) C:\WINDOWS\system32\drivers\FNETURPX.SYS

20:56:14.0359 5680 FNETURPX ( UnsignedFile.Multi.Generic ) - warning

20:56:14.0359 5680 FNETURPX - detected UnsignedFile.Multi.Generic (1)

20:56:14.0406 5680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:56:14.0593 5680 Fs_Rec - ok

20:56:14.0687 5680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:56:14.0921 5680 Ftdisk - ok

20:56:15.0000 5680 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

20:56:15.0187 5680 gameenum - ok

20:56:15.0234 5680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

20:56:15.0281 5680 GEARAspiWDM - ok

20:56:15.0312 5680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:56:15.0484 5680 Gpc - ok

20:56:15.0578 5680 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys

20:56:15.0671 5680 ha10kx2k - ok

20:56:15.0687 5680 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys

20:56:15.0750 5680 hap16v2k - ok

20:56:15.0765 5680 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys

20:56:15.0828 5680 hap17v2k - ok

20:56:15.0890 5680 hcwPVRP2 (db4f8d5edd3c004667f66445c84ffcf1) C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys

20:56:16.0000 5680 hcwPVRP2 ( UnsignedFile.Multi.Generic ) - warning

20:56:16.0000 5680 hcwPVRP2 - detected UnsignedFile.Multi.Generic (1)

20:56:16.0031 5680 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys

20:56:16.0296 5680 HidIr - ok

20:56:16.0328 5680 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:56:16.0562 5680 HidUsb - ok

20:56:16.0593 5680 hpn - ok

20:56:16.0625 5680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:56:16.0718 5680 HTTP - ok

20:56:16.0734 5680 i2omgmt - ok

20:56:16.0750 5680 i2omp - ok

20:56:16.0796 5680 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:56:17.0125 5680 i8042prt - ok

20:56:17.0265 5680 imagedrv (6f86988eeb7a58fbd16a77ed51a84de1) C:\WINDOWS\system32\Drivers\imagedrv.sys

20:56:17.0312 5680 imagedrv - ok

20:56:17.0484 5680 imagesrv (6cd5f93aa6691dbbc7f409a3dbfc0d8e) C:\WINDOWS\system32\DRIVERS\imagesrv.sys

20:56:18.0171 5680 imagesrv - ok

20:56:18.0218 5680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:56:18.0406 5680 Imapi - ok

20:56:18.0468 5680 ini910u - ok

20:56:18.0515 5680 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

20:56:18.0687 5680 IntelIde - ok

20:56:18.0718 5680 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:56:18.0875 5680 intelppm - ok

20:56:18.0906 5680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

20:56:19.0093 5680 Ip6Fw - ok

20:56:19.0125 5680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:56:19.0281 5680 IpFilterDriver - ok

20:56:19.0343 5680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:56:19.0531 5680 IpInIp - ok

20:56:19.0593 5680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:56:19.0781 5680 IpNat - ok

20:56:19.0812 5680 IPSec (1da6c0c952319f33a54c16c024fe905a) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:56:19.0828 5680 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\ipsec.sys. md5: 1da6c0c952319f33a54c16c024fe905a

20:56:19.0828 5680 IPSec ( LockedFile.Multi.Generic ) - warning

20:56:19.0828 5680 IPSec - detected LockedFile.Multi.Generic (1)

20:56:19.0859 5680 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys

20:56:20.0046 5680 IrBus - ok

20:56:20.0078 5680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:56:20.0234 5680 IRENUM - ok

20:56:20.0265 5680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:56:20.0468 5680 isapnp - ok

20:56:20.0500 5680 ivusb (de96bbf842059a67d876b692076d8875) C:\WINDOWS\system32\DRIVERS\ivusb.sys

20:56:20.0531 5680 ivusb - ok

20:56:20.0578 5680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:56:20.0765 5680 Kbdclass - ok

20:56:20.0796 5680 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:56:20.0953 5680 kbdhid - ok

20:56:20.0984 5680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:56:21.0156 5680 kmixer - ok

20:56:21.0218 5680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

20:56:21.0328 5680 KSecDD - ok

20:56:21.0343 5680 lbrtfdc - ok

20:56:21.0390 5680 leafnets (51674c5c2eeff3d155edab0f5ef9a4d2) C:\WINDOWS\system32\DRIVERS\leafnets.sys

20:56:21.0468 5680 leafnets - ok

20:56:21.0593 5680 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

20:56:21.0625 5680 LMIInfo - ok

20:56:21.0687 5680 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

20:56:21.0718 5680 lmimirr - ok

20:56:21.0734 5680 LMIRfsClientNP - ok

20:56:21.0781 5680 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

20:56:21.0828 5680 LMIRfsDriver - ok

20:56:21.0875 5680 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

20:56:21.0937 5680 MBAMProtector - ok

20:56:21.0984 5680 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

20:56:22.0015 5680 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

20:56:22.0015 5680 MHNDRV - detected UnsignedFile.Multi.Generic (1)

20:56:22.0046 5680 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys

20:56:22.0156 5680 MidiSyn - ok

20:56:22.0203 5680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:56:22.0421 5680 mnmdd - ok

20:56:22.0515 5680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

20:56:22.0718 5680 Modem - ok

20:56:22.0750 5680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:56:22.0937 5680 Mouclass - ok

20:56:22.0953 5680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:56:23.0125 5680 mouhid - ok

20:56:23.0171 5680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:56:23.0343 5680 MountMgr - ok

20:56:23.0390 5680 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

20:56:23.0453 5680 MpFilter - ok

20:56:23.0546 5680 MpKsle0c732c0 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C867A949-591F-4CA5-AF91-A62EDE267C7F}\MpKsle0c732c0.sys

20:56:23.0593 5680 MpKsle0c732c0 - ok

20:56:23.0609 5680 mraid35x - ok

20:56:23.0656 5680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:56:23.0828 5680 MRxDAV - ok

20:56:23.0875 5680 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:56:23.0984 5680 MRxSmb - ok

20:56:24.0031 5680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:56:24.0187 5680 Msfs - ok

20:56:24.0234 5680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:56:24.0390 5680 MSKSSRV - ok

20:56:24.0421 5680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:56:24.0593 5680 MSPCLOCK - ok

20:56:24.0609 5680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:56:24.0765 5680 MSPQM - ok

20:56:24.0812 5680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:56:24.0968 5680 mssmbios - ok

20:56:25.0000 5680 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

20:56:25.0156 5680 MSTEE - ok

20:56:25.0187 5680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

20:56:25.0250 5680 Mup - ok

20:56:25.0296 5680 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:56:25.0468 5680 NABTSFEC - ok

20:56:25.0500 5680 NAVAP - ok

20:56:25.0515 5680 NAVAPEL - ok

20:56:25.0515 5680 NAVENG - ok

20:56:25.0546 5680 NAVEX15 - ok

20:56:25.0625 5680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:56:25.0812 5680 NDIS - ok

20:56:25.0890 5680 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:56:26.0031 5680 NdisIP - ok

20:56:26.0062 5680 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:56:26.0125 5680 NdisTapi - ok

20:56:26.0156 5680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:56:26.0328 5680 Ndisuio - ok

20:56:26.0359 5680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:56:26.0562 5680 NdisWan - ok

20:56:26.0593 5680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:56:26.0703 5680 NDProxy - ok

20:56:26.0750 5680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:56:27.0015 5680 NetBIOS - ok

20:56:27.0046 5680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:56:27.0390 5680 NetBT - ok

20:56:27.0437 5680 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

20:56:27.0656 5680 NIC1394 - ok

20:56:27.0687 5680 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

20:56:27.0875 5680 nm - ok

20:56:27.0906 5680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:56:28.0078 5680 Npfs - ok

20:56:28.0109 5680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

20:56:28.0312 5680 Ntfs - ok

20:56:28.0359 5680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:56:28.0500 5680 Null - ok

20:56:28.0531 5680 NvNdis (0b7f59271f2694efd2f540b3332ddf5c) C:\WINDOWS\system32\Drivers\NvNdis.sys

20:56:28.0562 5680 NvNdis ( UnsignedFile.Multi.Generic ) - warning

20:56:28.0562 5680 NvNdis - detected UnsignedFile.Multi.Generic (1)

20:56:28.0593 5680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:56:28.0765 5680 NwlnkFlt - ok

20:56:28.0781 5680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:56:28.0984 5680 NwlnkFwd - ok

20:56:29.0015 5680 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

20:56:29.0218 5680 ohci1394 - ok

20:56:29.0265 5680 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys

20:56:29.0312 5680 ossrv - ok

20:56:29.0359 5680 oxfwlf (d2ba7e474940363d9de386f3e437de04) C:\WINDOWS\system32\drivers\oxfwlf.sys

20:56:29.0406 5680 oxfwlf ( UnsignedFile.Multi.Generic ) - warning

20:56:29.0406 5680 oxfwlf - detected UnsignedFile.Multi.Generic (1)

20:56:29.0437 5680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

20:56:29.0640 5680 Parport - ok

20:56:29.0687 5680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:56:29.0859 5680 PartMgr - ok

20:56:29.0890 5680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

20:56:30.0046 5680 ParVdm - ok

20:56:30.0062 5680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

20:56:30.0250 5680 PCI - ok

20:56:30.0265 5680 PCIDump - ok

20:56:30.0296 5680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:56:30.0468 5680 PCIIde - ok

20:56:30.0484 5680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

20:56:30.0656 5680 Pcmcia - ok

20:56:30.0671 5680 PDCOMP - ok

20:56:30.0687 5680 PDFRAME - ok

20:56:30.0718 5680 PDRELI - ok

20:56:30.0734 5680 PDRFRAME - ok

20:56:30.0750 5680 perc2 - ok

20:56:30.0765 5680 perc2hib - ok

20:56:30.0828 5680 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys

20:56:30.0843 5680 pfc ( UnsignedFile.Multi.Generic ) - warning

20:56:30.0843 5680 pfc - detected UnsignedFile.Multi.Generic (1)

20:56:30.0890 5680 PfModNT (6dabb70783ef470492adb7b9a6e60bf3) C:\WINDOWS\system32\drivers\PfModNT.sys

20:56:30.0921 5680 PfModNT - ok

20:56:30.0953 5680 powerfil (8733a00b08f8cf05d50a5b8f61758a93) C:\WINDOWS\system32\DRIVERS\powerfil.sys

20:56:31.0125 5680 powerfil - ok

20:56:31.0156 5680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:56:31.0343 5680 PptpMiniport - ok

20:56:31.0375 5680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:56:31.0656 5680 PSched - ok

20:56:31.0687 5680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:56:31.0921 5680 Ptilink - ok

20:56:31.0968 5680 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:56:32.0000 5680 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

20:56:32.0000 5680 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

20:56:32.0015 5680 ql1080 - ok

20:56:32.0031 5680 Ql10wnt - ok

20:56:32.0046 5680 ql12160 - ok

20:56:32.0078 5680 ql1240 - ok

20:56:32.0093 5680 ql1280 - ok

20:56:32.0156 5680 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys

20:56:32.0203 5680 QWAVEDRV ( UnsignedFile.Multi.Generic ) - warning

20:56:32.0203 5680 QWAVEDRV - detected UnsignedFile.Multi.Generic (1)

20:56:32.0250 5680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:56:32.0453 5680 RasAcd - ok

20:56:32.0500 5680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:56:32.0687 5680 Rasl2tp - ok

20:56:32.0703 5680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:56:32.0906 5680 RasPppoe - ok

20:56:32.0937 5680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:56:33.0093 5680 Raspti - ok

20:56:33.0109 5680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:56:33.0296 5680 Rdbss - ok

20:56:33.0328 5680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:56:33.0500 5680 RDPCDD - ok

20:56:33.0531 5680 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:56:33.0750 5680 rdpdr - ok

20:56:33.0781 5680 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

20:56:33.0890 5680 RDPWD - ok

20:56:33.0921 5680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:56:34.0156 5680 redbook - ok

20:56:34.0218 5680 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys

20:56:34.0406 5680 sbp2port - ok

20:56:34.0484 5680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:56:34.0656 5680 Secdrv - ok

20:56:34.0687 5680 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

20:56:34.0859 5680 serenum - ok

20:56:34.0968 5680 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

20:56:35.0218 5680 Serial - ok

20:56:35.0265 5680 sf (e8cc4ba7b2e962bd932c7bf678e762e0) C:\WINDOWS\system32\drivers\sf.sys

20:56:35.0328 5680 sf - ok

20:56:35.0343 5680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:56:35.0515 5680 Sfloppy - ok

20:56:35.0531 5680 Simbad - ok

20:56:35.0562 5680 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:56:35.0812 5680 SLIP - ok

20:56:35.0843 5680 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys

20:56:35.0953 5680 SMBios ( UnsignedFile.Multi.Generic ) - warning

20:56:35.0953 5680 SMBios - detected UnsignedFile.Multi.Generic (1)

20:56:36.0015 5680 smwdm (986d2f9d2653e1eda2c54c80c0309835) C:\WINDOWS\system32\drivers\smwdm.sys

20:56:36.0109 5680 smwdm - ok

20:56:36.0140 5680 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

20:56:36.0343 5680 SONYPVU1 - ok

20:56:36.0375 5680 Sparrow - ok

20:56:36.0406 5680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:56:36.0578 5680 splitter - ok

20:56:36.0609 5680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

20:56:36.0828 5680 sr - ok

20:56:36.0875 5680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

20:56:36.0968 5680 Srv - ok

20:56:37.0015 5680 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

20:56:37.0171 5680 StillCam - ok

20:56:37.0218 5680 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:56:37.0375 5680 streamip - ok

20:56:37.0406 5680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:56:37.0562 5680 swenum - ok

20:56:37.0593 5680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:56:37.0781 5680 swmidi - ok

20:56:37.0796 5680 symc810 - ok

20:56:37.0828 5680 symc8xx - ok

20:56:37.0843 5680 sym_hi - ok

20:56:37.0859 5680 sym_u3 - ok

20:56:37.0890 5680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:56:38.0093 5680 sysaudio - ok

20:56:38.0156 5680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:56:38.0296 5680 Tcpip - ok

20:56:38.0343 5680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:56:38.0515 5680 TDPIPE - ok

20:56:38.0546 5680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:56:38.0718 5680 TDTCP - ok

20:56:38.0750 5680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:56:38.0968 5680 TermDD - ok

20:56:39.0000 5680 TosIde - ok

20:56:39.0046 5680 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys

20:56:39.0281 5680 TrueSight ( UnsignedFile.Multi.Generic ) - warning

20:56:39.0281 5680 TrueSight - detected UnsignedFile.Multi.Generic (1)

20:56:39.0343 5680 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

20:56:39.0562 5680 tunmp - ok

20:56:39.0593 5680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:56:39.0828 5680 Udfs - ok

20:56:39.0859 5680 ultra - ok

20:56:39.0921 5680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:56:40.0203 5680 Update - ok

20:56:40.0250 5680 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

20:56:40.0328 5680 USBAAPL - ok

20:56:40.0359 5680 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

20:56:40.0640 5680 usbaudio - ok

20:56:40.0671 5680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:56:40.0937 5680 usbccgp - ok

20:56:40.0968 5680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:56:41.0234 5680 usbehci - ok

20:56:41.0265 5680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:56:41.0468 5680 usbhub - ok

20:56:41.0500 5680 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:56:41.0671 5680 usbprint - ok

20:56:41.0718 5680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:56:41.0859 5680 usbscan - ok

20:56:41.0906 5680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:56:42.0062 5680 USBSTOR - ok

20:56:42.0093 5680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:56:42.0296 5680 usbuhci - ok

20:56:42.0328 5680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:56:42.0515 5680 VgaSave - ok

20:56:42.0531 5680 ViaIde - ok

20:56:42.0578 5680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

20:56:42.0750 5680 VolSnap - ok

20:56:42.0796 5680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:56:42.0968 5680 Wanarp - ok

20:56:43.0015 5680 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

20:56:43.0093 5680 WDC_SAM - ok

20:56:43.0109 5680 WDICA - ok

20:56:43.0140 5680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:56:43.0359 5680 wdmaud - ok

20:56:43.0437 5680 WPRO_41_1742 - ok

20:56:43.0468 5680 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:56:43.0609 5680 WSTCODEC - ok

20:56:43.0656 5680 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:56:43.0765 5680 WudfPf - ok

20:56:43.0812 5680 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:56:43.0921 5680 WudfRd - ok

20:56:44.0000 5680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

20:56:44.0265 5680 \Device\Harddisk0\DR0 - ok

20:56:44.0281 5680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3

20:56:44.0500 5680 \Device\Harddisk1\DR3 - ok

20:56:44.0500 5680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR5

20:56:45.0062 5680 \Device\Harddisk2\DR5 - ok

20:56:45.0375 5680 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR7

20:56:45.0609 5680 \Device\Harddisk3\DR7 - ok

20:56:45.0609 5680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR8

20:56:46.0203 5680 \Device\Harddisk4\DR8 - ok

20:56:46.0218 5680 Boot (0x1200) (2831d0dada75bbb7bb6046e189cc1be5) \Device\Harddisk0\DR0\Partition0

20:56:46.0218 5680 \Device\Harddisk0\DR0\Partition0 - ok

20:56:46.0234 5680 Boot (0x1200) (2c6b0bff72e0c069f42472aacb181f8c) \Device\Harddisk0\DR0\Partition1

20:56:46.0234 5680 \Device\Harddisk0\DR0\Partition1 - ok

20:56:46.0281 5680 Boot (0x1200) (965458fc126dd2778950c2001965740a) \Device\Harddisk1\DR3\Partition0

20:56:46.0296 5680 \Device\Harddisk1\DR3\Partition0 - ok

20:56:46.0328 5680 Boot (0x1200) (214743c3335f5449d4f6961815141396) \Device\Harddisk2\DR5\Partition0

20:56:46.0328 5680 \Device\Harddisk2\DR5\Partition0 - ok

20:56:46.0328 5680 Boot (0x1200) (03d147b88e4f509c87ba38edc5da3c09) \Device\Harddisk3\DR7\Partition0

20:56:46.0343 5680 \Device\Harddisk3\DR7\Partition0 - ok

20:56:46.0359 5680 Boot (0x1200) (120b042391f8f1403f7d125faa283c07) \Device\Harddisk4\DR8\Partition0

20:56:46.0359 5680 \Device\Harddisk4\DR8\Partition0 - ok

20:56:46.0359 5680 ============================================================

20:56:46.0359 5680 Scan finished

20:56:46.0359 5680 ============================================================

20:56:46.0468 3580 Detected object count: 15

20:56:46.0468 3580 Actual detected object count: 15

20:57:48.0703 3580 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0703 3580 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:48.0703 3580 CEUSBAUD ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0703 3580 CEUSBAUD ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:48.0718 3580 E100B ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0718 3580 E100B ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:48.0718 3580 FNETTBOH ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0718 3580 FNETTBOH ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:48.0718 3580 FNETURPX ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0718 3580 FNETURPX ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:48.0734 3580 hcwPVRP2 ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0734 3580 hcwPVRP2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:48.0734 3580 IPSec ( LockedFile.Multi.Generic ) - skipped by user

20:57:48.0734 3580 IPSec ( LockedFile.Multi.Generic ) - User select action: Skip

20:57:48.0734 3580 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0734 3580 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:48.0734 3580 NvNdis ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0734 3580 NvNdis ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:48.0750 3580 oxfwlf ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0750 3580 oxfwlf ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:48.0750 3580 pfc ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0750 3580 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:48.0750 3580 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0750 3580 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:48.0750 3580 QWAVEDRV ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0750 3580 QWAVEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:48.0750 3580 SMBios ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0750 3580 SMBios ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:48.0765 3580 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:48.0765 3580 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Make sure you run ComboFix from your desktop and have disabled all malware programs, this is very important!

You may have to run ComboFix a couple of times and or reboot several times to clear out the infection

------------------

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Not sure, but I think my machine is locked up on combo fix's last reboot where it says it is generating a log and to not run any programs. The guide says this step may take a while, but I think my machine stopped responding; I remembered to shut down everything before I ran combo fix, but I forgot to uncheck the boxes in search & destroy spy bot and malware byte's anti malware settings to not start up on windows startup and this last reboot looks like it hung.

Link to post
Share on other sites

Ok, I no longer have network (IP settings are not working; can't repair the network connection and ipconfig command gives me errors. Also get all sorts of winsock errors on startup. Tried using MS FixIt to repair winsock, didnt work and also tried a netsh reset, didnt work) I will not do any more futzing with the network until you give me further instruction. I am on another computer shuttling the logs via flash drive, so here is my combofix.txt.... not so sure it finished as it sat there for a loooong time until I manually rebooted

ComboFix 12-01-04.03 - Administrator 01/04/2012 21:44:47.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1584 [GMT -5:00]

Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a26tfnti.default\extensions\{b496155d-30aa-4bb8-920a-04d109ffb095}

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a26tfnti.default\extensions\{b496155d-30aa-4bb8-920a-04d109ffb095}\chrome.manifest

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a26tfnti.default\extensions\{b496155d-30aa-4bb8-920a-04d109ffb095}\chrome\xulcache.jar

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a26tfnti.default\extensions\{b496155d-30aa-4bb8-920a-04d109ffb095}\install.rdf

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a26tfnti.default\searchplugins\bing-zugo.xml

C:\Documents and Settings\Administrator\hwrufegslf.tmp

C:\Documents and Settings\Administrator\WINDOWS

C:\Documents and Settings\All Users\Application Data\TEMP

C:\WINDOWS\$NtUninstallKB44787$\399808621

C:\WINDOWS\$NtUninstallKB44787$\592350653\@

C:\WINDOWS\$NtUninstallKB44787$\592350653\bckfg.tmp

C:\WINDOWS\$NtUninstallKB44787$\592350653\cfg.ini

C:\WINDOWS\$NtUninstallKB44787$\592350653\Desktop.ini

C:\WINDOWS\$NtUninstallKB44787$\592350653\keywords

C:\WINDOWS\$NtUninstallKB44787$\592350653\kwrd.dll

C:\WINDOWS\$NtUninstallKB44787$\592350653\L\dbvpzhgj

C:\WINDOWS\$NtUninstallKB44787$\592350653\lsflt7.ver

C:\WINDOWS\$NtUninstallKB44787$\592350653\U\00000001.@

C:\WINDOWS\$NtUninstallKB44787$\592350653\U\00000002.@

C:\WINDOWS\$NtUninstallKB44787$\592350653\U\00000004.@

C:\WINDOWS\$NtUninstallKB44787$\592350653\U\80000000.@

C:\WINDOWS\$NtUninstallKB44787$\592350653\U\80000004.@

C:\WINDOWS\$NtUninstallKB44787$\592350653\U\80000032.@

C:\WINDOWS\kb913800.exe

C:\WINDOWS\system32\SET92.tmp

C:\WINDOWS\system32\SETA3.tmp

C:\WINDOWS\system32\SETAC.tmp

C:\WINDOWS\system32\SETB5.tmp

C:\WINDOWS\system32\SETB8.tmp

C:\WINDOWS\system32\SETBE.tmp

C:\WINDOWS\system32\SETC1.tmp

C:\WINDOWS\system32\SETC4.tmp

C:\WINDOWS\system32\xmlrpw32.dll

C:\WINDOWS\XSxS

I:\Autorun.inf

J:\autorun.inf

L:\Autorun.inf

C:\WINDOWS\$NtUninstallKB44787$ . . . . Failed to delete

((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))

2012-01-05 03:07:34 . 2012-01-05 03:07:34 56200 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C867A949-591F-4CA5-AF91-A62EDE267C7F}\offreg.dll

2012-01-04 23:51:06 . 2012-01-04 23:51:06 111872 ----a-w- C:\WINDOWS\system32\drivers\TrueSight.sys

2011-12-22 05:44:45 . 2011-11-30 07:21:44 6823496 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C867A949-591F-4CA5-AF91-A62EDE267C7F}\mpengine.dll

2011-12-18 20:31:36 . 2011-12-18 20:31:36 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth

2011-12-17 21:09:11 . 2011-12-17 21:09:11 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8D50E0A0-BDC4-478A-B305-2C90839CD6E9}-A0193330.exe

2011-12-17 21:09:11 . 2011-12-17 21:09:11 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{69AF7BA9-D1BE-4500-870C-A9ED890A010B}-A0193400.exe

2011-12-17 21:09:06 . 2011-12-17 21:09:06 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1F20FD2D-4BF4-4807-94B2-D7321EDAFDFB}-A0027261.exe

2011-12-17 21:09:04 . 2011-12-17 21:09:04 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FE7F776B-2D39-41B2-B7C1-372A964E0DB5}-A0027192.exe

2011-12-17 21:09:02 . 2011-12-17 21:09:02 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{A3BCBC79-6628-4D9A-859B-8A33522D5114}-A0027056.exe

2011-12-17 21:09:02 . 2011-12-17 21:09:02 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{525C59F1-4A7E-4149-A643-F245ABA0B392}-A0027124.exe

2011-12-17 17:34:16 . 2011-12-10 20:24:06 20464 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2011-12-17 17:34:15 . 2012-01-05 00:12:14 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2011-12-17 06:31:02 . 2011-12-17 08:55:08 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2011-12-17 06:31:02 . 2011-12-17 06:35:00 -------- d-----w- C:\Program Files\Spybot - Search & Destroy

2011-12-17 05:59:29 . 2011-12-17 05:59:32 388096 ----a-r- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-17 05:59:25 . 2011-12-17 05:59:25 -------- d-----w- C:\Program Files\Trend Micro

2011-12-17 04:34:15 . 2011-12-17 04:34:15 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D026EE29-CB60-4592-ADE4-091B2E6AE395}-A0193330.exe

2011-12-17 04:34:15 . 2011-12-17 04:34:15 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B7950F68-48CD-4E06-B807-87B6E0EDE3FB}-A0027056.exe

2011-12-17 04:34:15 . 2011-12-17 04:34:15 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{AFC77CBA-4C4E-47E7-A040-0AC7EB5FF577}-A0027261.exe

2011-12-17 04:34:15 . 2011-12-17 04:34:15 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5C4CEE39-384A-4DBE-B6C1-5D3EF125C918}-A0027124.exe

2011-12-17 04:34:15 . 2011-12-17 04:34:15 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1622A377-0375-4A86-A583-C78C5494CFFC}-A0027192.exe

2011-12-17 04:34:10 . 2011-12-17 04:34:10 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9F11835D-FC56-40D6-B1C2-E39A3B4CFF3B}-A0193400.exe

2011-12-17 03:13:23 . 2011-12-17 03:13:23 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{C2DC7F42-4D0F-44CE-8094-FD7F2A70FCCF}-A0027056.exe

2011-12-17 03:13:23 . 2011-12-17 03:13:23 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{3869BA65-082A-4BB2-95EF-40093D435B79}-A0027124.exe

2011-12-17 03:13:22 . 2011-12-17 03:13:22 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{BCA44248-3F95-4E71-A95A-F3B810F1C5A9}-A0193400.exe

2011-12-17 03:13:22 . 2011-12-17 03:13:22 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8422E27D-1BC0-442A-A394-3E5031F4D586}-A0027192.exe

2011-12-17 03:13:22 . 2011-12-17 03:13:22 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{827CE6EA-3803-48C3-A3E3-1FDDCEC141D8}-A0027261.exe

2011-12-17 03:13:22 . 2011-12-17 03:13:22 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{7D336F6D-8111-4602-AA81-D4B683EE8E59}-A0193330.exe

2011-12-16 16:03:36 . 2011-12-16 16:03:36 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{CAB83086-7C12-4626-BBA7-32666AA6D169}-A0193400.exe

2011-12-16 16:03:33 . 2011-12-16 16:03:33 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{EB11E7C0-B6EC-46FE-BC75-98FDE8ECCB3E}-A0193330.exe

2011-12-16 16:03:21 . 2011-12-16 16:03:21 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{471085BA-EC51-4397-8EEC-D436954974C3}-A0027261.exe

2011-12-16 16:03:09 . 2011-12-16 16:03:09 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{092F92E6-E717-4431-83DA-467643B73C30}-A0027192.exe

2011-12-16 16:03:00 . 2011-12-16 16:03:00 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{22D80A96-30E5-4916-A832-CA1B03E80F52}-A0027124.exe

2011-12-16 16:02:51 . 2011-12-16 16:02:51 16619 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B6A85ADF-1D21-457A-B462-E7F57E6B667D}-A0027056.exe

2011-12-16 08:00:02 . 2011-12-16 08:00:02 -------- d-----w- C:\Program Files\AVG

2011-12-16 07:56:13 . 2011-12-16 07:56:13 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\Common Files

2011-12-16 07:55:48 . 2011-12-16 07:56:42 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData

2011-12-16 03:12:20 . 2011-11-30 07:21:44 6823496 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-15 07:24:52 . 2011-12-15 11:22:48 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

2011-12-15 01:37:39 . 2011-12-15 01:37:39 -------- d-----w- C:\Program Files\iPod

2011-12-15 01:37:34 . 2011-12-15 01:39:04 -------- d-----w- C:\Program Files\iTunes

2011-12-09 05:31:10 . 2011-12-09 07:41:05 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Auslogics

2011-12-09 05:31:03 . 2011-12-09 05:35:26 -------- d-----w- C:\Program Files\Auslogics

2011-12-09 04:49:10 . 2011-12-09 04:49:17 -------- d-----w- C:\Program Files\CCleaner

2011-12-09 04:38:20 . 2011-11-15 19:29:56 222080 ------w- C:\WINDOWS\system32\MpSigStub.exe

2011-12-09 04:35:35 . 2011-12-09 04:36:12 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-12-09 02:45:47 . 2011-12-09 02:45:47 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2011-12-09 02:45:40 . 2011-12-09 02:45:40 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2011-12-08 05:26:01 . 2011-12-08 05:26:01 -------- d-s---w- C:\Documents and Settings\NetworkService\UserData

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-12-17 12:59:17 . 2009-05-06 16:12:33 83360 ----a-w- C:\WINDOWS\system32\LMIRfsClientNP.dll

2011-12-17 12:59:16 . 2009-05-06 16:12:34 52096 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-12-17 12:59:16 . 2009-05-06 16:12:34 30592 ----a-w- C:\WINDOWS\system32\LMIport.dll

2011-12-17 12:59:16 . 2009-05-06 16:09:47 87424 ----a-w- C:\WINDOWS\system32\LMIinit.dll

2011-12-08 07:25:39 . 2008-11-15 15:46:25 57600 ----a-w- C:\WINDOWS\system32\drivers\redbook.sys

2011-11-27 23:03:18 . 2011-05-28 23:00:44 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2011-10-24 18:29:02 . 2011-10-24 18:29:02 94208 ----a-w- C:\WINDOWS\system32\QuickTimeVR.qtx

2011-10-24 18:29:02 . 2011-10-24 18:29:02 69632 ----a-w- C:\WINDOWS\system32\QuickTime.qts

2011-10-10 14:22:41 . 2005-01-25 21:16:30 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll

2011-10-07 14:30:43 . 2009-05-06 16:12:33 83360 ----a-w- C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak

2011-10-07 14:30:42 . 2009-05-06 16:09:47 87424 ----a-w- C:\WINDOWS\system32\LMIinit.dll.000.bak

2011-11-21 04:04:51 . 2011-04-30 17:14:33 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

Link to post
Share on other sites

Sorry MrC.... Hope I am not making this more difficult for you... I looked at posts of other people's Combofix.txt files and realized that my ComboFix session from above was incomplete so I ran another one. Much faster this time and the machine only rebooted once (rebooted twice the 1st time and hung after the 2nd reboot). Still no network. I am turning my PC off now... here is the log:

ComboFix 12-01-04.03 - Administrator 01/05/2012 1:40.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1583 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a26tfnti.default\extensions\{b496155d-30aa-4bb8-920a-04d109ffb095}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a26tfnti.default\extensions\{b496155d-30aa-4bb8-920a-04d109ffb095}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a26tfnti.default\extensions\{b496155d-30aa-4bb8-920a-04d109ffb095}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a26tfnti.default\searchplugins\bing-zugo.xml

c:\documents and settings\Administrator\hwrufegslf.tmp

c:\windows\$NtUninstallKB44787$\399808621

c:\windows\$NtUninstallKB44787$\592350653\@

c:\windows\$NtUninstallKB44787$\592350653\bckfg.tmp

c:\windows\$NtUninstallKB44787$\592350653\cfg.ini

c:\windows\$NtUninstallKB44787$\592350653\Desktop.ini

c:\windows\$NtUninstallKB44787$\592350653\keywords

c:\windows\$NtUninstallKB44787$\592350653\kwrd.dll

c:\windows\$NtUninstallKB44787$\592350653\L\dbvpzhgj

c:\windows\$NtUninstallKB44787$\592350653\lsflt7.ver

c:\windows\$NtUninstallKB44787$\592350653\U\00000001.@

c:\windows\$NtUninstallKB44787$\592350653\U\00000002.@

c:\windows\$NtUninstallKB44787$\592350653\U\00000004.@

c:\windows\$NtUninstallKB44787$\592350653\U\80000000.@

c:\windows\$NtUninstallKB44787$\592350653\U\80000004.@

c:\windows\$NtUninstallKB44787$\592350653\U\80000032.@

c:\windows\kb913800.exe

c:\windows\system32\SET92.tmp

c:\windows\system32\SETA3.tmp

c:\windows\system32\SETAC.tmp

c:\windows\system32\SETB5.tmp

c:\windows\system32\SETB8.tmp

c:\windows\system32\SETBE.tmp

c:\windows\system32\SETC1.tmp

c:\windows\system32\SETC4.tmp

c:\windows\system32\xmlrpw32.dll

I:\Autorun.inf

J:\autorun.inf

L:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))

.

.

2012-01-05 06:37 . 2012-01-05 06:37 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C867A949-591F-4CA5-AF91-A62EDE267C7F}\offreg.dll

2012-01-05 04:29 . 2008-06-20 11:51 361600 ----a-w- C:\tcpip.sys

2012-01-05 00:19 . 2012-01-05 00:19 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.0

2012-01-05 00:19 . 2012-01-05 00:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0

2012-01-04 23:51 . 2012-01-04 23:51 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2011-12-22 05:44 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C867A949-591F-4CA5-AF91-A62EDE267C7F}\mpengine.dll

2011-12-18 20:31 . 2011-12-18 20:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2011-12-17 21:09 . 2011-12-17 21:09 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8D50E0A0-BDC4-478A-B305-2C90839CD6E9}-A0193330.exe

2011-12-17 21:09 . 2011-12-17 21:09 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{69AF7BA9-D1BE-4500-870C-A9ED890A010B}-A0193400.exe

2011-12-17 21:09 . 2011-12-17 21:09 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1F20FD2D-4BF4-4807-94B2-D7321EDAFDFB}-A0027261.exe

2011-12-17 21:09 . 2011-12-17 21:09 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FE7F776B-2D39-41B2-B7C1-372A964E0DB5}-A0027192.exe

2011-12-17 21:09 . 2011-12-17 21:09 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{A3BCBC79-6628-4D9A-859B-8A33522D5114}-A0027056.exe

2011-12-17 21:09 . 2011-12-17 21:09 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{525C59F1-4A7E-4149-A643-F245ABA0B392}-A0027124.exe

2011-12-17 17:34 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-17 17:34 . 2012-01-05 00:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-17 06:31 . 2012-01-05 04:47 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-12-17 06:31 . 2012-01-05 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-12-17 05:59 . 2011-12-17 05:59 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-17 05:59 . 2011-12-17 05:59 -------- d-----w- c:\program files\Trend Micro

2011-12-17 04:34 . 2011-12-17 04:34 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D026EE29-CB60-4592-ADE4-091B2E6AE395}-A0193330.exe

2011-12-17 04:34 . 2011-12-17 04:34 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B7950F68-48CD-4E06-B807-87B6E0EDE3FB}-A0027056.exe

2011-12-17 04:34 . 2011-12-17 04:34 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{AFC77CBA-4C4E-47E7-A040-0AC7EB5FF577}-A0027261.exe

2011-12-17 04:34 . 2011-12-17 04:34 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5C4CEE39-384A-4DBE-B6C1-5D3EF125C918}-A0027124.exe

2011-12-17 04:34 . 2011-12-17 04:34 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1622A377-0375-4A86-A583-C78C5494CFFC}-A0027192.exe

2011-12-17 04:34 . 2011-12-17 04:34 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9F11835D-FC56-40D6-B1C2-E39A3B4CFF3B}-A0193400.exe

2011-12-17 03:13 . 2011-12-17 03:13 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{C2DC7F42-4D0F-44CE-8094-FD7F2A70FCCF}-A0027056.exe

2011-12-17 03:13 . 2011-12-17 03:13 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{3869BA65-082A-4BB2-95EF-40093D435B79}-A0027124.exe

2011-12-17 03:13 . 2011-12-17 03:13 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{BCA44248-3F95-4E71-A95A-F3B810F1C5A9}-A0193400.exe

2011-12-17 03:13 . 2011-12-17 03:13 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8422E27D-1BC0-442A-A394-3E5031F4D586}-A0027192.exe

2011-12-17 03:13 . 2011-12-17 03:13 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{827CE6EA-3803-48C3-A3E3-1FDDCEC141D8}-A0027261.exe

2011-12-17 03:13 . 2011-12-17 03:13 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{7D336F6D-8111-4602-AA81-D4B683EE8E59}-A0193330.exe

2011-12-16 16:03 . 2011-12-16 16:03 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{CAB83086-7C12-4626-BBA7-32666AA6D169}-A0193400.exe

2011-12-16 16:03 . 2011-12-16 16:03 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{EB11E7C0-B6EC-46FE-BC75-98FDE8ECCB3E}-A0193330.exe

2011-12-16 16:03 . 2011-12-16 16:03 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{471085BA-EC51-4397-8EEC-D436954974C3}-A0027261.exe

2011-12-16 16:03 . 2011-12-16 16:03 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{092F92E6-E717-4431-83DA-467643B73C30}-A0027192.exe

2011-12-16 16:03 . 2011-12-16 16:03 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{22D80A96-30E5-4916-A832-CA1B03E80F52}-A0027124.exe

2011-12-16 16:02 . 2011-12-16 16:02 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B6A85ADF-1D21-457A-B462-E7F57E6B667D}-A0027056.exe

2011-12-16 08:00 . 2011-12-16 08:00 -------- d-----w- c:\program files\AVG

2011-12-16 07:56 . 2011-12-16 07:56 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-12-16 07:55 . 2011-12-16 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-12-16 03:12 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-15 07:24 . 2011-12-15 11:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-12-15 01:37 . 2011-12-15 01:37 -------- d-----w- c:\program files\iPod

2011-12-15 01:37 . 2011-12-15 01:39 -------- d-----w- c:\program files\iTunes

2011-12-09 05:31 . 2011-12-09 07:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Auslogics

2011-12-09 05:31 . 2011-12-09 05:35 -------- d-----w- c:\program files\Auslogics

2011-12-09 04:49 . 2011-12-09 04:49 -------- d-----w- c:\program files\CCleaner

2011-12-09 04:38 . 2011-11-15 19:29 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-12-09 04:35 . 2011-12-09 04:36 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-09 02:45 . 2011-12-09 02:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-12-09 02:45 . 2011-12-09 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-08 05:26 . 2011-12-08 05:26 -------- d-s---w- c:\documents and settings\NetworkService\UserData

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-17 12:59 . 2009-05-06 16:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-12-17 12:59 . 2009-05-06 16:12 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-12-17 12:59 . 2009-05-06 16:12 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-12-17 12:59 . 2009-05-06 16:09 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-12-08 07:25 . 2008-11-15 15:46 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-11-27 23:03 . 2011-05-28 23:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-10 14:22 . 2005-01-25 21:16 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 14:30 . 2009-05-06 16:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2011-10-07 14:30 . 2009-05-06 16:09 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2011-11-21 04:04 . 2011-04-30 17:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

[-] 2008-04-13 19:19 . 1DA6C0C952319F33A54C16C024FE905A . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys

[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys

.

[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

[-] 2008-04-13 19:19 . 1DA6C0C952319F33A54C16C024FE905A . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys

[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-01 344064]

"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-10-23 962560]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]

"Transcode360"="c:\program files\Transcode360\Transcode360Tray.exe" [2006-05-02 192512]

"My Movies Tray"="c:\program files\MCE\My Movies\My Movies Tray.exe" [2009-11-16 312280]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]

"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-06-02 3788800]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Shortcut to MTV.lnk - c:\documents and settings\Administrator\Desktop\MTV.vbs [2008-12-18 2502]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]

VLC360.lnk - c:\program files\Dun74\VLC360\VLC360.bat [2006-3-27 76]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"GreyMSIAds"= 0 (0x0)

"HideSCABattery"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2011-12-17 12:59 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\o:\0autocheck autochk /p \??\j:\0autocheck autochk /p \??\I:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\dCut\\DCutService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Transcode360\\Transcode360Tray.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\ehome\\ehExtHost.exe"=

"c:\\Program Files\\NETGEAR ReadyNAS\\RAIDar.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\AirPort\\APUtil.exe"=

"c:\\Program Files\\AirPort\\APAgent.exe"=

"c:\\Program Files\\NETGEAR ReadyNAS\\Remote\\bin\\ReadyNASRemote.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"20001:UDP"= 20001:UDP:MicroSAN

"3776:UDP"= 3776:UDP:Media Center Extender Service

"3390:TCP"= 3390:TCP:Remote Media Center Experience

"5353:UDP"= 5353:UDP:Bonjour

"9100:TCP"= 9100:TCP:PORT_9100_TCP

"161:UDP"= 161:UDP:PORT_161_UDP

"427:UDP"= 427:UDP:PORT_427_UDP

"50000:UDP"= 50000:UDP:IHA_MessageCenter

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [6/1/2010 7:59 PM 7936]

R1 oxfwlf;oxfwlf;c:\windows\system32\drivers\OxFWLF.sys [6/17/2010 6:52 PM 12043]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [7/1/2011 2:01 PM 286736]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 5:56 PM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/17/2011 12:34 PM 652872]

R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [6/1/2010 7:59 PM 23680]

R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [5/26/2011 12:51 PM 55296]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/17/2011 12:34 PM 20464]

R3 powerfil;powerfil;c:\windows\system32\drivers\powerfil.sys [11/15/2008 10:46 AM 8832]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 5:29 PM 29293408]

S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [8/10/2004 7:00 AM 14336]

S3 CEUSBAUD;DigiTech USB MIDI Driver (MIDI);c:\windows\system32\drivers\ceusbaud.sys [6/11/2011 11:27 AM 17920]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742); [x]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

QWAVE REG_MULTI_SZ QWAVE

xmlpros REG_MULTI_SZ XMLProvS

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-12-21 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2012-01-05 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2011-12-22 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2011-12-21 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2011-12-20 c:\windows\Tasks\Auslogics BoostSpeed Integrator Scan and Repair.job

- c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2011-12-09 23:33]

.

2012-01-05 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]

.

.

------- Supplementary Scan -------

.

TCP: Interfaces\{E6B482D6-C571-43EE-B7CF-80D299D37BAF}: NameServer = 192.168.1.1,68.237.161.12

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a26tfnti.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SpybotSnD - c:\program files\Spybot - Search & Destroy\SpybotSD.exe

Notify-xmlproservice - xmlrpw32.dll

SafeBoot-68114861.sys

SafeBoot-WinDefend

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-05 01:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(700)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Completion time: 2012-01-05 01:56:15

ComboFix-quarantined-files.txt 2012-01-05 06:56

.

Pre-Run: 13,348,659,200 bytes free

Post-Run: 13,313,150,976 bytes free

.

- - End Of File - - 0632D190D152E4CAA8D2B57873FA121F

Link to post
Share on other sites

OK, first delete your copy of ComboFix and download a fresh copy, transfer it to the sick computer, don't run it yet.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

FCopy::

c:\windows\ServicePackFiles\i386\ipsec.sys | c:\windows\system32\drivers\ipsec.sys

c:\windows\ServicePackFiles\i386\ipsec.sys | C:\WINDOWS\system32\dllcache\ipsec.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

Ok... I ran the last Combofix via the drag-and-drop of the ipsec copy script. Didn't have internet when it was finished, but I rebooted, the machine did a chkdsk, fixed bad sectors, etc., and my NIC was able to get its static IP settings to stick; internet is back. So far, the Combofix has run 3 times, and has found a rootkit on each. The latest combofix.txt is copy/pasted below:

ComboFix 12-01-05.01 - Administrator 01/05/2012 10:15:52.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1579 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\ServicePackFiles\i386\ipsec.sys --> c:\windows\system32\drivers\ipsec.sys

c:\windows\ServicePackFiles\i386\ipsec.sys --> c:\windows\system32\dllcache\ipsec.sys

.

((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))

.

.

2012-01-05 15:12 . 2012-01-05 15:12 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C867A949-591F-4CA5-AF91-A62EDE267C7F}\offreg.dll

2012-01-05 06:56 . 2012-01-05 06:56 -------- d-----w- c:\documents and settings\Dondi

2012-01-05 04:29 . 2008-06-20 11:51 361600 ----a-w- C:\tcpip.sys

2012-01-05 00:19 . 2012-01-05 00:19 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.0

2012-01-05 00:19 . 2012-01-05 00:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0

2012-01-04 23:51 . 2012-01-04 23:51 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2011-12-22 05:44 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C867A949-591F-4CA5-AF91-A62EDE267C7F}\mpengine.dll

2011-12-18 20:31 . 2011-12-18 20:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2011-12-17 21:09 . 2011-12-17 21:09 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8D50E0A0-BDC4-478A-B305-2C90839CD6E9}-A0193330.exe

2011-12-17 21:09 . 2011-12-17 21:09 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{69AF7BA9-D1BE-4500-870C-A9ED890A010B}-A0193400.exe

2011-12-17 21:09 . 2011-12-17 21:09 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1F20FD2D-4BF4-4807-94B2-D7321EDAFDFB}-A0027261.exe

2011-12-17 21:09 . 2011-12-17 21:09 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FE7F776B-2D39-41B2-B7C1-372A964E0DB5}-A0027192.exe

2011-12-17 21:09 . 2011-12-17 21:09 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{A3BCBC79-6628-4D9A-859B-8A33522D5114}-A0027056.exe

2011-12-17 21:09 . 2011-12-17 21:09 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{525C59F1-4A7E-4149-A643-F245ABA0B392}-A0027124.exe

2011-12-17 17:34 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-17 17:34 . 2012-01-05 00:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-17 06:31 . 2012-01-05 04:47 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-12-17 06:31 . 2012-01-05 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-12-17 05:59 . 2011-12-17 05:59 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-17 05:59 . 2011-12-17 05:59 -------- d-----w- c:\program files\Trend Micro

2011-12-17 04:34 . 2011-12-17 04:34 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D026EE29-CB60-4592-ADE4-091B2E6AE395}-A0193330.exe

2011-12-17 04:34 . 2011-12-17 04:34 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B7950F68-48CD-4E06-B807-87B6E0EDE3FB}-A0027056.exe

2011-12-17 04:34 . 2011-12-17 04:34 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{AFC77CBA-4C4E-47E7-A040-0AC7EB5FF577}-A0027261.exe

2011-12-17 04:34 . 2011-12-17 04:34 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5C4CEE39-384A-4DBE-B6C1-5D3EF125C918}-A0027124.exe

2011-12-17 04:34 . 2011-12-17 04:34 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1622A377-0375-4A86-A583-C78C5494CFFC}-A0027192.exe

2011-12-17 04:34 . 2011-12-17 04:34 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9F11835D-FC56-40D6-B1C2-E39A3B4CFF3B}-A0193400.exe

2011-12-17 03:13 . 2011-12-17 03:13 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{C2DC7F42-4D0F-44CE-8094-FD7F2A70FCCF}-A0027056.exe

2011-12-17 03:13 . 2011-12-17 03:13 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{3869BA65-082A-4BB2-95EF-40093D435B79}-A0027124.exe

2011-12-17 03:13 . 2011-12-17 03:13 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{BCA44248-3F95-4E71-A95A-F3B810F1C5A9}-A0193400.exe

2011-12-17 03:13 . 2011-12-17 03:13 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8422E27D-1BC0-442A-A394-3E5031F4D586}-A0027192.exe

2011-12-17 03:13 . 2011-12-17 03:13 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{827CE6EA-3803-48C3-A3E3-1FDDCEC141D8}-A0027261.exe

2011-12-17 03:13 . 2011-12-17 03:13 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{7D336F6D-8111-4602-AA81-D4B683EE8E59}-A0193330.exe

2011-12-16 16:03 . 2011-12-16 16:03 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{CAB83086-7C12-4626-BBA7-32666AA6D169}-A0193400.exe

2011-12-16 16:03 . 2011-12-16 16:03 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{EB11E7C0-B6EC-46FE-BC75-98FDE8ECCB3E}-A0193330.exe

2011-12-16 16:03 . 2011-12-16 16:03 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{471085BA-EC51-4397-8EEC-D436954974C3}-A0027261.exe

2011-12-16 16:03 . 2011-12-16 16:03 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{092F92E6-E717-4431-83DA-467643B73C30}-A0027192.exe

2011-12-16 16:03 . 2011-12-16 16:03 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{22D80A96-30E5-4916-A832-CA1B03E80F52}-A0027124.exe

2011-12-16 16:02 . 2011-12-16 16:02 16619 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B6A85ADF-1D21-457A-B462-E7F57E6B667D}-A0027056.exe

2011-12-16 08:00 . 2011-12-16 08:00 -------- d-----w- c:\program files\AVG

2011-12-16 07:56 . 2011-12-16 07:56 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-12-16 07:55 . 2011-12-16 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-12-16 03:12 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-15 07:24 . 2011-12-15 11:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-12-15 01:37 . 2011-12-15 01:37 -------- d-----w- c:\program files\iPod

2011-12-15 01:37 . 2011-12-15 01:39 -------- d-----w- c:\program files\iTunes

2011-12-09 05:31 . 2011-12-09 07:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Auslogics

2011-12-09 05:31 . 2011-12-09 05:35 -------- d-----w- c:\program files\Auslogics

2011-12-09 04:49 . 2011-12-09 04:49 -------- d-----w- c:\program files\CCleaner

2011-12-09 04:38 . 2011-11-15 19:29 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-12-09 04:35 . 2011-12-09 04:36 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-09 02:45 . 2011-12-09 02:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-12-09 02:45 . 2011-12-09 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-08 05:26 . 2011-12-08 05:26 -------- d-s---w- c:\documents and settings\NetworkService\UserData

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-17 12:59 . 2009-05-06 16:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-12-17 12:59 . 2009-05-06 16:12 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-12-17 12:59 . 2009-05-06 16:12 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-12-17 12:59 . 2009-05-06 16:09 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-12-08 07:25 . 2008-11-15 15:46 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-11-27 23:03 . 2011-05-28 23:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-10 14:22 . 2005-01-25 21:16 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-11-21 04:04 . 2011-04-30 17:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-05_06.53.16 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-05 15:14 . 2012-01-05 15:14 16384 c:\windows\Temp\Perflib_Perfdata_51c.dat

+ 2012-01-05 15:14 . 2012-01-05 15:14 16384 c:\windows\Temp\Perflib_Perfdata_1e4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-01 344064]

"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-10-23 962560]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]

"Transcode360"="c:\program files\Transcode360\Transcode360Tray.exe" [2006-05-02 192512]

"My Movies Tray"="c:\program files\MCE\My Movies\My Movies Tray.exe" [2009-11-16 312280]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]

"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-06-02 3788800]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Shortcut to MTV.lnk - c:\documents and settings\Administrator\Desktop\MTV.vbs [2008-12-18 2502]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]

VLC360.lnk - c:\program files\Dun74\VLC360\VLC360.bat [2006-3-27 76]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"GreyMSIAds"= 0 (0x0)

"HideSCABattery"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2011-12-17 12:59 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\o:\0autocheck autochk /p \??\j:\0autocheck autochk /p \??\I:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\dCut\\DCutService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Transcode360\\Transcode360Tray.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\ehome\\ehExtHost.exe"=

"c:\\Program Files\\NETGEAR ReadyNAS\\RAIDar.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\AirPort\\APUtil.exe"=

"c:\\Program Files\\AirPort\\APAgent.exe"=

"c:\\Program Files\\NETGEAR ReadyNAS\\Remote\\bin\\ReadyNASRemote.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"20001:UDP"= 20001:UDP:MicroSAN

"3776:UDP"= 3776:UDP:Media Center Extender Service

"3390:TCP"= 3390:TCP:Remote Media Center Experience

"5353:UDP"= 5353:UDP:Bonjour

"9100:TCP"= 9100:TCP:PORT_9100_TCP

"161:UDP"= 161:UDP:PORT_161_UDP

"427:UDP"= 427:UDP:PORT_427_UDP

"50000:UDP"= 50000:UDP:IHA_MessageCenter

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [6/1/2010 7:59 PM 7936]

R1 oxfwlf;oxfwlf;c:\windows\system32\drivers\OxFWLF.sys [6/17/2010 6:52 PM 12043]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [7/1/2011 2:01 PM 286736]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 5:56 PM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/17/2011 12:34 PM 652872]

R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [6/1/2010 7:59 PM 23680]

R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [5/26/2011 12:51 PM 55296]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/17/2011 12:34 PM 20464]

R3 powerfil;powerfil;c:\windows\system32\drivers\powerfil.sys [11/15/2008 10:46 AM 8832]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 5:29 PM 29293408]

S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [8/10/2004 7:00 AM 14336]

S3 CEUSBAUD;DigiTech USB MIDI Driver (MIDI);c:\windows\system32\drivers\ceusbaud.sys [6/11/2011 11:27 AM 17920]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742); [x]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

QWAVE REG_MULTI_SZ QWAVE

xmlpros REG_MULTI_SZ XMLProvS

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-12-21 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2012-01-05 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2011-12-22 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2011-12-21 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2011-12-20 c:\windows\Tasks\Auslogics BoostSpeed Integrator Scan and Repair.job

- c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2011-12-09 23:33]

.

2012-01-05 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]

.

.

------- Supplementary Scan -------

.

TCP: Interfaces\{E6B482D6-C571-43EE-B7CF-80D299D37BAF}: NameServer = 192.168.1.1,68.237.161.12

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a26tfnti.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-05 10:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(700)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Completion time: 2012-01-05 10:32:24

ComboFix-quarantined-files.txt 2012-01-05 15:32

ComboFix2.txt 2012-01-05 06:56

.

Pre-Run: 13,312,720,896 bytes free

Post-Run: 13,300,285,440 bytes free

.

- - End Of File - - 851A3C1D2B92989B0772D72A0A71009C

Link to post
Share on other sites

I am unsure if it specified, but I know a dialog box came up each time saying it detected it and was working on a rootkit, had to reboot and Combofix also did the deeper scans each time (maybe it always does?). Sorry I couldn't be more specific, but I don't recall it signifying the rootkit name. I am assuming it still being Zero.Access?? Windows Update has appeared for the first time in a long while in the systray though... good sign. Thanks MrC. I am shutting the computer down and off to work. I will await your direction for when I get home later.

RogueKiller log

RogueKiller V6.2.2 [12/31/2011] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Administrator [Admin rights]

Mode: Scan -- Date : 01/05/2012 11:38:58

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[sUSP PATH] Shortcut to MTV.lnk : C:\Documents and Settings\Administrator\Desktop\MTV.vbs -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{E6B482D6-C571-43EE-B7CF-80D299D37BAF} : NameServer (192.168.1.1,68.237.161.12) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 3c1e4cbc3502f365d373dcfed71a4ae0

[bSP] 3a200ce8e0e512e3e28ec5a81102d592 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 39843 Mo

1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 77818860 | Size: 160203 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] 6499cd8ffcfc7acc3b6c4f1e712460ee

[bSP] d5ba21d79064270431b71c1fdfbd4aef : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 1000203 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

TDSSkiller log

11:39:47.0171 4500 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

11:39:47.0406 4500 ============================================================

11:39:47.0406 4500 Current date / time: 2012/01/05 11:39:47.0406

11:39:47.0406 4500 SystemInfo:

11:39:47.0421 4500

11:39:47.0421 4500 OS Version: 5.1.2600 ServicePack: 3.0

11:39:47.0421 4500 Product type: Workstation

11:39:47.0421 4500 ComputerName: DONDIMCE

11:39:47.0421 4500 UserName: Administrator

11:39:47.0421 4500 Windows directory: C:\WINDOWS

11:39:47.0421 4500 System windows directory: C:\WINDOWS

11:39:47.0421 4500 Processor architecture: Intel x86

11:39:47.0421 4500 Number of processors: 2

11:39:47.0421 4500 Page size: 0x1000

11:39:47.0421 4500 Boot type: Normal boot

11:39:47.0421 4500 ============================================================

11:39:54.0781 4500 Initialize success

11:40:05.0468 4684 ============================================================

11:40:05.0468 4684 Scan started

11:40:05.0468 4684 Mode: Manual; SigCheck; TDLFS;

11:40:05.0468 4684 ============================================================

11:40:07.0625 4684 Abiosdsk - ok

11:40:07.0656 4684 abp480n5 - ok

11:40:07.0703 4684 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:40:08.0062 4684 ACPI - ok

11:40:08.0093 4684 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

11:40:08.0296 4684 ACPIEC - ok

11:40:08.0312 4684 adpu160m - ok

11:40:08.0359 4684 aeaudio (2c5b1f8142a96233c07c93328b5ea635) C:\WINDOWS\system32\drivers\aeaudio.sys

11:40:08.0390 4684 aeaudio - ok

11:40:08.0421 4684 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:40:08.0593 4684 aec - ok

11:40:08.0640 4684 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

11:40:08.0671 4684 AFD - ok

11:40:08.0703 4684 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

11:40:08.0843 4684 agp440 - ok

11:40:08.0859 4684 Aha154x - ok

11:40:08.0875 4684 aic78u2 - ok

11:40:08.0890 4684 aic78xx - ok

11:40:08.0921 4684 AliIde - ok

11:40:08.0937 4684 amsint - ok

11:40:08.0968 4684 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

11:40:09.0109 4684 Arp1394 - ok

11:40:09.0109 4684 asc - ok

11:40:09.0125 4684 asc3350p - ok

11:40:09.0140 4684 asc3550 - ok

11:40:09.0187 4684 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:40:09.0312 4684 AsyncMac - ok

11:40:09.0375 4684 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:40:09.0515 4684 atapi - ok

11:40:09.0515 4684 Atdisk - ok

11:40:09.0640 4684 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

11:40:09.0859 4684 ati2mtag ( UnsignedFile.Multi.Generic ) - warning

11:40:09.0859 4684 ati2mtag - detected UnsignedFile.Multi.Generic (1)

11:40:09.0890 4684 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:40:10.0015 4684 Atmarpc - ok

11:40:10.0046 4684 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:40:10.0171 4684 audstub - ok

11:40:10.0203 4684 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:40:10.0343 4684 Beep - ok

11:40:10.0406 4684 catchme - ok

11:40:10.0453 4684 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:40:10.0578 4684 cbidf2k - ok

11:40:10.0609 4684 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

11:40:10.0750 4684 CCDECODE - ok

11:40:10.0765 4684 cd20xrnt - ok

11:40:10.0796 4684 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:40:10.0921 4684 Cdaudio - ok

11:40:10.0953 4684 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:40:11.0078 4684 Cdfs - ok

11:40:11.0109 4684 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:40:11.0250 4684 Cdrom - ok

11:40:11.0281 4684 CEUSBAUD (42291a123cad3914ead8d73169e13661) C:\WINDOWS\system32\Drivers\CEUSBAUD.sys

11:40:11.0296 4684 CEUSBAUD ( UnsignedFile.Multi.Generic ) - warning

11:40:11.0296 4684 CEUSBAUD - detected UnsignedFile.Multi.Generic (1)

11:40:11.0312 4684 Changer - ok

11:40:11.0328 4684 CmdIde - ok

11:40:11.0375 4684 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL

11:40:11.0484 4684 COMMONFX.DLL - ok

11:40:11.0531 4684 Cpqarray - ok

11:40:11.0578 4684 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL

11:40:11.0609 4684 CT20XUT.DLL - ok

11:40:11.0656 4684 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys

11:40:11.0687 4684 ctac32k - ok

11:40:11.0734 4684 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys

11:40:11.0765 4684 ctaud2k - ok

11:40:11.0812 4684 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL

11:40:11.0875 4684 CTAUDFX.DLL - ok

11:40:11.0906 4684 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys

11:40:11.0937 4684 ctdvda2k - ok

11:40:11.0953 4684 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL

11:40:11.0984 4684 CTEAPSFX.DLL - ok

11:40:12.0046 4684 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL

11:40:12.0078 4684 CTEDSPFX.DLL - ok

11:40:12.0109 4684 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL

11:40:12.0140 4684 CTEDSPIO.DLL - ok

11:40:12.0171 4684 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL

11:40:12.0218 4684 CTEDSPSY.DLL - ok

11:40:12.0234 4684 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL

11:40:12.0265 4684 CTERFXFX.DLL - ok

11:40:12.0328 4684 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL

11:40:12.0437 4684 CTEXFIFX.DLL - ok

11:40:12.0453 4684 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL

11:40:12.0484 4684 CTHWIUT.DLL - ok

11:40:12.0593 4684 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys

11:40:12.0609 4684 ctprxy2k - ok

11:40:12.0640 4684 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL

11:40:12.0703 4684 CTSBLFX.DLL - ok

11:40:12.0718 4684 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys

11:40:12.0734 4684 ctsfm2k - ok

11:40:12.0750 4684 dac2w2k - ok

11:40:12.0765 4684 dac960nt - ok

11:40:12.0796 4684 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:40:12.0937 4684 Disk - ok

11:40:12.0984 4684 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:40:13.0281 4684 dmboot - ok

11:40:13.0312 4684 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:40:13.0531 4684 dmio - ok

11:40:13.0562 4684 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:40:13.0703 4684 dmload - ok

11:40:13.0734 4684 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:40:13.0859 4684 DMusic - ok

11:40:13.0875 4684 dpti2o - ok

11:40:13.0906 4684 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:40:14.0031 4684 drmkaud - ok

11:40:14.0062 4684 E1000 (4de4bae4accb5a49fa85801d4f226355) C:\WINDOWS\system32\DRIVERS\e1000325.sys

11:40:14.0078 4684 E1000 - ok

11:40:14.0125 4684 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys

11:40:14.0125 4684 E100B ( UnsignedFile.Multi.Generic ) - warning

11:40:14.0125 4684 E100B - detected UnsignedFile.Multi.Generic (1)

11:40:14.0171 4684 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys

11:40:14.0171 4684 emupia - ok

11:40:14.0234 4684 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:40:14.0375 4684 Fastfat - ok

11:40:14.0421 4684 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

11:40:14.0546 4684 Fdc - ok

11:40:14.0578 4684 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:40:14.0718 4684 Fips - ok

11:40:14.0734 4684 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

11:40:14.0875 4684 Flpydisk - ok

11:40:14.0906 4684 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:40:15.0046 4684 FltMgr - ok

11:40:15.0078 4684 FNETTBOH (a9e2df40ed6ec9e8885da72b6e1818f3) C:\WINDOWS\system32\drivers\FNETTBOH.SYS

11:40:15.0093 4684 FNETTBOH ( UnsignedFile.Multi.Generic ) - warning

11:40:15.0093 4684 FNETTBOH - detected UnsignedFile.Multi.Generic (1)

11:40:15.0109 4684 FNETURPX (784ffba7ee5c5f3a396407e4712f72f0) C:\WINDOWS\system32\drivers\FNETURPX.SYS

11:40:15.0125 4684 FNETURPX ( UnsignedFile.Multi.Generic ) - warning

11:40:15.0125 4684 FNETURPX - detected UnsignedFile.Multi.Generic (1)

11:40:15.0171 4684 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:40:15.0328 4684 Fs_Rec - ok

11:40:15.0578 4684 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:40:15.0718 4684 Ftdisk - ok

11:40:15.0953 4684 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

11:40:16.0109 4684 gameenum - ok

11:40:16.0343 4684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

11:40:16.0359 4684 GEARAspiWDM - ok

11:40:16.0593 4684 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:40:16.0750 4684 Gpc - ok

11:40:17.0125 4684 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys

11:40:17.0453 4684 ha10kx2k - ok

11:40:17.0671 4684 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys

11:40:17.0703 4684 hap16v2k - ok

11:40:17.0937 4684 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys

11:40:17.0968 4684 hap17v2k - ok

11:40:18.0328 4684 hcwPVRP2 (db4f8d5edd3c004667f66445c84ffcf1) C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys

11:40:18.0687 4684 hcwPVRP2 ( UnsignedFile.Multi.Generic ) - warning

11:40:18.0687 4684 hcwPVRP2 - detected UnsignedFile.Multi.Generic (1)

11:40:18.0953 4684 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys

11:40:19.0109 4684 HidIr - ok

11:40:19.0375 4684 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:40:19.0531 4684 HidUsb - ok

11:40:19.0703 4684 hpn - ok

11:40:19.0937 4684 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:40:20.0015 4684 HTTP - ok

11:40:20.0203 4684 i2omgmt - ok

11:40:20.0343 4684 i2omp - ok

11:40:20.0484 4684 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:40:20.0656 4684 i8042prt - ok

11:40:20.0921 4684 imagedrv (6f86988eeb7a58fbd16a77ed51a84de1) C:\WINDOWS\system32\Drivers\imagedrv.sys

11:40:20.0921 4684 imagedrv - ok

11:40:21.0140 4684 imagesrv (6cd5f93aa6691dbbc7f409a3dbfc0d8e) C:\WINDOWS\system32\DRIVERS\imagesrv.sys

11:40:21.0171 4684 imagesrv - ok

11:40:21.0828 4684 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:40:27.0500 4684 Imapi - ok

11:40:27.0703 4684 ini910u - ok

11:40:27.0828 4684 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

11:40:28.0062 4684 IntelIde - ok

11:40:28.0250 4684 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:40:28.0375 4684 intelppm - ok

11:40:28.0593 4684 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:40:28.0765 4684 Ip6Fw - ok

11:40:29.0000 4684 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:40:29.0140 4684 IpFilterDriver - ok

11:40:29.0375 4684 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:40:29.0531 4684 IpInIp - ok

11:40:29.0781 4684 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:40:29.0937 4684 IpNat - ok

11:40:30.0171 4684 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:40:30.0343 4684 IPSec - ok

11:40:30.0531 4684 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys

11:40:30.0671 4684 IrBus - ok

11:40:30.0921 4684 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:40:31.0062 4684 IRENUM - ok

11:40:31.0296 4684 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:40:31.0453 4684 isapnp - ok

11:40:31.0640 4684 ivusb (de96bbf842059a67d876b692076d8875) C:\WINDOWS\system32\DRIVERS\ivusb.sys

11:40:31.0656 4684 ivusb - ok

11:40:31.0890 4684 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:40:32.0031 4684 Kbdclass - ok

11:40:32.0281 4684 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

11:40:32.0406 4684 kbdhid - ok

11:40:33.0250 4684 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:40:33.0890 4684 kmixer - ok

11:40:34.0062 4684 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:40:34.0093 4684 KSecDD - ok

11:40:34.0281 4684 lbrtfdc - ok

11:40:34.0484 4684 leafnets (51674c5c2eeff3d155edab0f5ef9a4d2) C:\WINDOWS\system32\DRIVERS\leafnets.sys

11:40:34.0531 4684 leafnets - ok

11:40:34.0703 4684 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

11:40:34.0718 4684 LMIInfo - ok

11:40:34.0968 4684 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

11:40:34.0984 4684 lmimirr - ok

11:40:35.0156 4684 LMIRfsClientNP - ok

11:40:35.0359 4684 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

11:40:35.0390 4684 LMIRfsDriver - ok

11:40:35.0640 4684 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

11:40:35.0671 4684 MBAMProtector - ok

11:40:35.0890 4684 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

11:40:35.0921 4684 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

11:40:35.0921 4684 MHNDRV - detected UnsignedFile.Multi.Generic (1)

11:40:36.0187 4684 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys

11:40:36.0296 4684 MidiSyn - ok

11:40:36.0531 4684 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:40:36.0656 4684 mnmdd - ok

11:40:36.0734 4684 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:40:36.0921 4684 Modem - ok

11:40:37.0000 4684 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:40:37.0156 4684 Mouclass - ok

11:40:37.0250 4684 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:40:37.0421 4684 mouhid - ok

11:40:37.0468 4684 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:40:37.0593 4684 MountMgr - ok

11:40:37.0656 4684 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

11:40:37.0671 4684 MpFilter - ok

11:40:37.0687 4684 mraid35x - ok

11:40:37.0734 4684 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:40:37.0875 4684 MRxDAV - ok

11:40:38.0000 4684 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:40:38.0093 4684 MRxSmb - ok

11:40:38.0203 4684 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:40:38.0328 4684 Msfs - ok

11:40:38.0359 4684 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:40:38.0484 4684 MSKSSRV - ok

11:40:38.0515 4684 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:40:38.0640 4684 MSPCLOCK - ok

11:40:38.0656 4684 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:40:38.0781 4684 MSPQM - ok

11:40:38.0890 4684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:40:39.0015 4684 mssmbios - ok

11:40:39.0031 4684 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

11:40:39.0156 4684 MSTEE - ok

11:40:39.0187 4684 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

11:40:39.0203 4684 Mup - ok

11:40:39.0234 4684 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

11:40:39.0359 4684 NABTSFEC - ok

11:40:39.0375 4684 NAVAP - ok

11:40:39.0390 4684 NAVAPEL - ok

11:40:39.0390 4684 NAVENG - ok

11:40:39.0406 4684 NAVEX15 - ok

11:40:39.0484 4684 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:40:39.0625 4684 NDIS - ok

11:40:39.0656 4684 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

11:40:39.0781 4684 NdisIP - ok

11:40:39.0921 4684 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:40:40.0500 4684 NdisTapi - ok

11:40:40.0531 4684 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:40:40.0671 4684 Ndisuio - ok

11:40:40.0687 4684 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:40:40.0828 4684 NdisWan - ok

11:40:40.0906 4684 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

11:40:40.0921 4684 NDProxy - ok

11:40:41.0046 4684 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:40:41.0187 4684 NetBIOS - ok

11:40:41.0234 4684 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:40:41.0359 4684 NetBT - ok

11:40:41.0390 4684 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

11:40:41.0531 4684 NIC1394 - ok

11:40:41.0562 4684 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

11:40:41.0687 4684 nm - ok

11:40:41.0718 4684 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:40:41.0843 4684 Npfs - ok

11:40:42.0000 4684 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:40:42.0218 4684 Ntfs - ok

11:40:42.0250 4684 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:40:42.0390 4684 Null - ok

11:40:42.0437 4684 NvNdis (0b7f59271f2694efd2f540b3332ddf5c) C:\WINDOWS\system32\Drivers\NvNdis.sys

11:40:42.0453 4684 NvNdis ( UnsignedFile.Multi.Generic ) - warning

11:40:42.0453 4684 NvNdis - detected UnsignedFile.Multi.Generic (1)

11:40:42.0484 4684 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:40:42.0671 4684 NwlnkFlt - ok

11:40:42.0687 4684 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:40:42.0890 4684 NwlnkFwd - ok

11:40:42.0968 4684 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

11:40:43.0093 4684 ohci1394 - ok

11:40:43.0140 4684 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys

11:40:43.0156 4684 ossrv - ok

11:40:43.0187 4684 oxfwlf (d2ba7e474940363d9de386f3e437de04) C:\WINDOWS\system32\drivers\oxfwlf.sys

11:40:43.0187 4684 oxfwlf ( UnsignedFile.Multi.Generic ) - warning

11:40:43.0187 4684 oxfwlf - detected UnsignedFile.Multi.Generic (1)

11:40:43.0218 4684 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

11:40:43.0343 4684 Parport - ok

11:40:43.0375 4684 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:40:43.0500 4684 PartMgr - ok

11:40:43.0531 4684 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:40:43.0656 4684 ParVdm - ok

11:40:43.0687 4684 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:40:43.0812 4684 PCI - ok

11:40:43.0859 4684 PCIDump - ok

11:40:43.0890 4684 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:40:44.0031 4684 PCIIde - ok

11:40:44.0062 4684 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:40:44.0187 4684 Pcmcia - ok

11:40:44.0203 4684 PDCOMP - ok

11:40:44.0218 4684 PDFRAME - ok

11:40:44.0234 4684 PDRELI - ok

11:40:44.0250 4684 PDRFRAME - ok

11:40:44.0265 4684 perc2 - ok

11:40:44.0281 4684 perc2hib - ok

11:40:44.0343 4684 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys

11:40:44.0343 4684 pfc ( UnsignedFile.Multi.Generic ) - warning

11:40:44.0343 4684 pfc - detected UnsignedFile.Multi.Generic (1)

11:40:44.0390 4684 PfModNT (6dabb70783ef470492adb7b9a6e60bf3) C:\WINDOWS\system32\drivers\PfModNT.sys

11:40:44.0406 4684 PfModNT - ok

11:40:44.0437 4684 powerfil (8733a00b08f8cf05d50a5b8f61758a93) C:\WINDOWS\system32\DRIVERS\powerfil.sys

11:40:44.0562 4684 powerfil - ok

11:40:44.0593 4684 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:40:44.0734 4684 PptpMiniport - ok

11:40:44.0828 4684 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:40:44.0968 4684 PSched - ok

11:40:45.0015 4684 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:40:45.0140 4684 Ptilink - ok

11:40:45.0156 4684 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

11:40:45.0171 4684 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

11:40:45.0171 4684 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

11:40:45.0187 4684 ql1080 - ok

11:40:45.0203 4684 Ql10wnt - ok

11:40:45.0218 4684 ql12160 - ok

11:40:45.0234 4684 ql1240 - ok

11:40:45.0250 4684 ql1280 - ok

11:40:45.0296 4684 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys

11:40:45.0312 4684 QWAVEDRV ( UnsignedFile.Multi.Generic ) - warning

11:40:45.0312 4684 QWAVEDRV - detected UnsignedFile.Multi.Generic (1)

11:40:45.0343 4684 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:40:45.0468 4684 RasAcd - ok

11:40:45.0500 4684 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:40:45.0625 4684 Rasl2tp - ok

11:40:45.0656 4684 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:40:45.0781 4684 RasPppoe - ok

11:40:45.0812 4684 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:40:45.0937 4684 Raspti - ok

11:40:45.0968 4684 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:40:46.0093 4684 Rdbss - ok

11:40:46.0109 4684 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:40:46.0250 4684 RDPCDD - ok

11:40:46.0281 4684 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:40:46.0421 4684 rdpdr - ok

11:40:46.0453 4684 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

11:40:46.0468 4684 RDPWD - ok

11:40:46.0500 4684 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:40:46.0625 4684 redbook - ok

11:40:46.0671 4684 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys

11:40:46.0796 4684 sbp2port - ok

11:40:46.0828 4684 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:40:46.0968 4684 Secdrv - ok

11:40:47.0000 4684 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

11:40:47.0125 4684 serenum - ok

11:40:47.0156 4684 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

11:40:47.0671 4684 Serial - ok

11:40:47.0718 4684 sf (e8cc4ba7b2e962bd932c7bf678e762e0) C:\WINDOWS\system32\drivers\sf.sys

11:40:47.0734 4684 sf - ok

11:40:47.0796 4684 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:40:47.0921 4684 Sfloppy - ok

11:40:47.0937 4684 Simbad - ok

11:40:47.0968 4684 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

11:40:48.0093 4684 SLIP - ok

11:40:48.0125 4684 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys

11:40:48.0125 4684 SMBios ( UnsignedFile.Multi.Generic ) - warning

11:40:48.0125 4684 SMBios - detected UnsignedFile.Multi.Generic (1)

11:40:48.0203 4684 smwdm (986d2f9d2653e1eda2c54c80c0309835) C:\WINDOWS\system32\drivers\smwdm.sys

11:40:48.0234 4684 smwdm - ok

11:40:48.0265 4684 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

11:40:48.0390 4684 SONYPVU1 - ok

11:40:48.0406 4684 Sparrow - ok

11:40:48.0437 4684 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:40:48.0562 4684 splitter - ok

11:40:48.0593 4684 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:40:48.0734 4684 sr - ok

11:40:48.0796 4684 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

11:40:48.0843 4684 Srv - ok

11:40:48.0890 4684 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

11:40:49.0000 4684 StillCam - ok

11:40:49.0046 4684 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

11:40:49.0171 4684 streamip - ok

11:40:49.0203 4684 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:40:49.0328 4684 swenum - ok

11:40:49.0343 4684 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:40:49.0484 4684 swmidi - ok

11:40:49.0500 4684 symc810 - ok

11:40:49.0515 4684 symc8xx - ok

11:40:49.0531 4684 sym_hi - ok

11:40:49.0546 4684 sym_u3 - ok

11:40:49.0593 4684 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:40:49.0718 4684 sysaudio - ok

11:40:49.0796 4684 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:40:49.0921 4684 Tcpip - ok

11:40:49.0968 4684 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:40:50.0093 4684 TDPIPE - ok

11:40:50.0156 4684 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:40:50.0281 4684 TDTCP - ok

11:40:50.0312 4684 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:40:50.0437 4684 TermDD - ok

11:40:50.0468 4684 TosIde - ok

11:40:50.0515 4684 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys

11:40:50.0515 4684 TrueSight ( UnsignedFile.Multi.Generic ) - warning

11:40:50.0515 4684 TrueSight - detected UnsignedFile.Multi.Generic (1)

11:40:50.0562 4684 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

11:40:50.0703 4684 tunmp - ok

11:40:50.0734 4684 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:40:50.0859 4684 Udfs - ok

11:40:50.0875 4684 ultra - ok

11:40:50.0921 4684 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:40:51.0062 4684 Update - ok

11:40:51.0109 4684 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

11:40:51.0125 4684 USBAAPL - ok

11:40:51.0171 4684 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

11:40:51.0296 4684 usbaudio - ok

11:40:51.0328 4684 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:40:51.0453 4684 usbccgp - ok

11:40:51.0484 4684 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:40:51.0593 4684 usbehci - ok

11:40:51.0625 4684 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:40:51.0765 4684 usbhub - ok

11:40:51.0796 4684 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:40:51.0921 4684 usbprint - ok

11:40:51.0953 4684 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:40:52.0078 4684 usbscan - ok

11:40:52.0109 4684 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:40:52.0234 4684 USBSTOR - ok

11:40:52.0250 4684 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:40:52.0375 4684 usbuhci - ok

11:40:52.0390 4684 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:40:52.0531 4684 VgaSave - ok

11:40:52.0546 4684 ViaIde - ok

11:40:52.0593 4684 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:40:52.0718 4684 VolSnap - ok

11:40:52.0750 4684 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:40:52.0875 4684 Wanarp - ok

11:40:52.0937 4684 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

11:40:52.0968 4684 WDC_SAM - ok

11:40:52.0984 4684 WDICA - ok

11:40:53.0015 4684 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:40:53.0140 4684 wdmaud - ok

11:40:53.0187 4684 WPRO_41_1742 - ok

11:40:53.0234 4684 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

11:40:53.0437 4684 WS2IFSL - ok

11:40:53.0468 4684 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

11:40:53.0671 4684 WSTCODEC - ok

11:40:53.0718 4684 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

11:40:53.0750 4684 WudfPf - ok

11:40:53.0796 4684 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

11:40:53.0812 4684 WudfRd - ok

11:40:53.0890 4684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

11:40:54.0125 4684 \Device\Harddisk0\DR0 - ok

11:40:54.0125 4684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3

11:40:54.0343 4684 \Device\Harddisk1\DR3 - ok

11:40:54.0343 4684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR5

11:40:54.0890 4684 \Device\Harddisk2\DR5 - ok

11:40:55.0187 4684 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR7

11:40:55.0421 4684 \Device\Harddisk3\DR7 - ok

11:40:55.0437 4684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR8

11:40:55.0968 4684 \Device\Harddisk4\DR8 - ok

11:40:55.0968 4684 Boot (0x1200) (2831d0dada75bbb7bb6046e189cc1be5) \Device\Harddisk0\DR0\Partition0

11:40:55.0968 4684 \Device\Harddisk0\DR0\Partition0 - ok

11:40:55.0984 4684 Boot (0x1200) (2c6b0bff72e0c069f42472aacb181f8c) \Device\Harddisk0\DR0\Partition1

11:40:55.0984 4684 \Device\Harddisk0\DR0\Partition1 - ok

11:40:56.0000 4684 Boot (0x1200) (965458fc126dd2778950c2001965740a) \Device\Harddisk1\DR3\Partition0

11:40:56.0000 4684 \Device\Harddisk1\DR3\Partition0 - ok

11:40:56.0031 4684 Boot (0x1200) (214743c3335f5449d4f6961815141396) \Device\Harddisk2\DR5\Partition0

11:40:56.0031 4684 \Device\Harddisk2\DR5\Partition0 - ok

11:40:56.0031 4684 Boot (0x1200) (03d147b88e4f509c87ba38edc5da3c09) \Device\Harddisk3\DR7\Partition0

11:40:56.0031 4684 \Device\Harddisk3\DR7\Partition0 - ok

11:40:56.0046 4684 Boot (0x1200) (120b042391f8f1403f7d125faa283c07) \Device\Harddisk4\DR8\Partition0

11:40:56.0046 4684 \Device\Harddisk4\DR8\Partition0 - ok

11:40:56.0046 4684 ============================================================

11:40:56.0046 4684 Scan finished

11:40:56.0046 4684 ============================================================

11:40:56.0156 4412 Detected object count: 14

11:40:56.0156 4412 Actual detected object count: 14

11:41:03.0750 4412 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0750 4412 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:03.0750 4412 CEUSBAUD ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0750 4412 CEUSBAUD ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:03.0750 4412 E100B ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0750 4412 E100B ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:03.0750 4412 FNETTBOH ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0750 4412 FNETTBOH ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:03.0750 4412 FNETURPX ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0765 4412 FNETURPX ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:03.0765 4412 hcwPVRP2 ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0765 4412 hcwPVRP2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:03.0765 4412 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0765 4412 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:03.0765 4412 NvNdis ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0765 4412 NvNdis ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:03.0765 4412 oxfwlf ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0765 4412 oxfwlf ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:03.0765 4412 pfc ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0765 4412 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:03.0765 4412 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0765 4412 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:03.0781 4412 QWAVEDRV ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0781 4412 QWAVEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:03.0781 4412 SMBios ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0781 4412 SMBios ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:03.0781 4412 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:03.0781 4412 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Download aswMBR to your desktop.

http://public.avast.com/~gmerek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Link to post
Share on other sites

Wow, that "Quick Scan" took a really long time. Here is the log:

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software

Run date: 2012-01-05 19:08:34

-----------------------------

19:08:34.171 OS Version: Windows 5.1.2600 Service Pack 3

19:08:34.171 Number of processors: 2 586 0x409

19:08:34.187 ComputerName: DONDIMCE UserName:

19:08:41.609 Initialize success

19:09:35.812 AVAST engine defs: 12010501

19:10:11.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

19:10:11.312 Disk 0 Vendor: ST3200822A 3.01 Size: 190782MB BusType: 3

19:10:11.328 Disk 0 MBR read successfully

19:10:11.328 Disk 0 MBR scan

19:10:11.437 Disk 0 Windows XP default MBR code

19:10:11.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 37997 MB offset 63

19:10:11.468 Disk 0 Partition - 00 0F Extended LBA 152782 MB offset 77818860

19:10:11.500 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152782 MB offset 77818923

19:10:11.531 Disk 0 scanning sectors +390716865

19:10:11.640 Disk 0 scanning C:\WINDOWS\system32\drivers

19:10:49.078 Service scanning

19:10:50.984 Modules scanning

19:11:03.156 Disk 0 trace - called modules:

19:11:03.156

19:11:03.609 AVAST engine scan C:\WINDOWS

19:11:08.546 AVAST engine scan C:\WINDOWS\system32

19:12:58.687 AVAST engine scan C:\WINDOWS\system32\drivers

19:13:14.250 AVAST engine scan C:\Documents and Settings\Administrator

20:16:41.406 AVAST engine scan C:\Documents and Settings\All Users

20:18:56.750 Scan finished successfully

20:19:35.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"

20:19:35.625 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

Link to post
Share on other sites

Looks OK, the infection is gone, ComboFix took care of that.

I don't know why it still sees a rootkit.

Please do this:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Ok, will do. I wanted to ask you about what I should use for external USB drives. I have a number of them with files on them. If I had to guess, I would say that maybe the root of the problem came from one of those external drives. I recently attached a USB hub to the PC and connected all my USB drives. I am thinking that my problem started there while the drives went into Autorun mode (I have since disabled the Autorun for external drives). Perhaps you could give me some guidance on how to attack the USB drives (e.g., which scan tools, etc.) I will post the logs soon. Thanks MrC

Link to post
Share on other sites

Is this what you're looking for:

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

MrC

Link to post
Share on other sites

Thanks, I will do that once we are all done, and when I have some time to go through them. Now that we are getting close, I was wondering you would suggest what utilities, tools, etc I should have on my machine and which ones I should have running resident on the PC. I know there is a thread somewhere, but perhaps you could give me some guidance in this thread. I also have a NAS box and another USB hanging off of an Apple Airport Extreme; both have shares that I have mapped to drive letters to this PC. I hope to give them a thorough scan as well. Thanks in advance MrC

Link to post
Share on other sites

At some point please update your Java, older versions are vulnerable to malware.

Java 6 Update 19<-----should be 30

Control panel > Java > Update tab > Update

------------------

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/15 01:00:04 | 000,012,748 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\441012f6c087i562i532w0vpl3l8
    [2011/12/15 01:00:04 | 000,012,748 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\441012f6c087i562i532w0vpl3l8
    [2011/12/07 21:33:42 | 000,015,728 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\663815s6c502f177c640s6gwy0d0
    [2011/12/07 21:33:42 | 000,015,728 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\663815s6c502f177c640s6gwy0d0
    [2011/10/31 19:09:52 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP
    [2011/10/31 19:09:52 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr
    [2011/10/31 19:04:12 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP
    [2011/10/15 16:46:53 | 000,001,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\8c94a2bd
    [2011/10/15 16:40:17 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\9b312ab8
    [2011/10/15 14:44:15 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\7becd547
    [2011/12/08 23:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mBjNeCk15405

    :files
    C:\WINDOWS\tasks\*.job
    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.