Jump to content

Ping.exe

Chlebowski

By Chlebowski
in Resolved Malware Removal Logs

 Share

Recommended Posts

Chlebowski

Chlebowski

Posted
Posted

I'm hit with a virus or script that keeps running Ping.exe and it eats all my memory. Ran the DDS and I am a registered user of Malwarebytes Anti-malware. What is my next step? Here is the DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Owner at 6:15:11 on 2011-12-23

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll

mURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

LSP: mswsock.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3D54FEE0-CE46-11D4-8288-0050BA6A5ABF} - file:///C:/Program%20Files/Newsoft/Presto!%20Mr.%20Photo%203/CardExpr/iepiev20.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: TPSvc - TPSvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\w6b3epfq.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=68107931&tool_id=62781&qkw=

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2011-12-16 18:27:35 1409 ----a-w- c:\windows\QTFont.for

2011-12-10 18:09:54 -------- d-----w- c:\documents and settings\owner\application data\Visan

2011-12-10 18:09:54 -------- d-----w- c:\documents and settings\all users\application data\Visan

2011-12-10 18:08:44 -------- d-----w- c:\program files\HP Photo Creations

2011-12-10 18:08:44 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations

2011-12-04 11:19:17 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2011-12-04 11:19:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-12-04 11:18:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-04 11:18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-02 10:54:57 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-12-02 10:54:43 -------- d-----w- c:\program files\PC Tools

2011-12-02 10:52:10 -------- d-----w- c:\documents and settings\owner\application data\TestApp

2011-12-02 05:06:29 767952 ----a-w- c:\windows\BDTSupport.dll1241.old

2011-12-02 05:06:29 767952 ----a-w- c:\windows\BDTSupport.dll1228.old

2011-12-02 05:06:29 767952 ----a-w- c:\windows\BDTSupport.dll1218.old

2011-12-02 05:06:28 2246608 ----a-w- c:\windows\PCTBDCore.dll1241.old

2011-12-02 05:06:28 2246608 ----a-w- c:\windows\PCTBDCore.dll1228.old

2011-12-02 05:06:28 2000848 ----a-w- c:\windows\PCTBDCore.dll1218.old

2011-12-02 05:06:28 149456 ----a-w- c:\windows\SGDetectionTool.dll1241.old

2011-12-02 05:06:28 149456 ----a-w- c:\windows\SGDetectionTool.dll1228.old

2011-12-02 05:06:28 149456 ----a-w- c:\windows\SGDetectionTool.dll1218.old

2011-12-02 05:06:28 -------- d-----w- c:\program files\Browser Defender

2011-12-02 02:15:51 -------- d-----w- c:\program files\PC Tools Security

2011-12-02 02:15:51 -------- d-----w- c:\program files\common files\PC Tools

2011-12-02 02:15:51 -------- d-----w- c:\documents and settings\owner\application data\PC Tools

2011-12-02 02:11:44 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-12-01 22:13:18 116224 ----a-w- c:\windows\system32\OAfNkA.com

2011-12-01 21:54:28 116224 ----a-w- c:\windows\system32\OAfNkA.com_

2011-11-29 11:38:25 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

.

==================== Find3M ====================

.

2011-11-17 18:38:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-31 14:11:02 5359888 ----a-w- c:\windows\uninst.exe

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 6:15:43.95 ===============

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Hello Chlebowski and welcome to Malwarebytes! :welcome:

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe
Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
-------------
In your next reply, please include:
  • FSS.txt
  • TDSSKiller report
  • C:\ComboFix.txt
  • MBRCheck report

How is your computer running now?

Link to post
Share on other sites
Chlebowski

Chlebowski

Posted
  • Author
Posted

Thanks D-FRED-BROWN. The computer seems to be running pretty good so far. Should I have that many svchost.exe running? Here are the files you wanted:

[*]FSS.txt

[*]TDSSKiller report

[*]C:\ComboFix.txt

[*]MBRCheck report

Farbar Service Scanner

Ran by Owner (administrator) on 26-12-2011 at 07:48:43

Microsoft Windows XP Service Pack 3 (X86)

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is set to Disabled. The default start type is Auto.

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

winmgmt Service is not running. Checking service configuration:

The start type of winmgmt service is set to Disabled. The default start type is Auto.

The ImagePath of winmgmt service is OK.

The ServiceDll of winmgmt service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x0700000005000000010000000200000003000000040000000600000007000000

**** End of log ****

07:51:57.0000 3880 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

07:51:57.0375 3880 ============================================================

07:51:57.0375 3880 Current date / time: 2011/12/26 07:51:57.0375

07:51:57.0375 3880 SystemInfo:

07:51:57.0375 3880

07:51:57.0375 3880 OS Version: 5.1.2600 ServicePack: 3.0

07:51:57.0375 3880 Product type: Workstation

07:51:57.0375 3880 ComputerName: VALUED-56A3AD4F

07:51:57.0375 3880 UserName: Owner

07:51:57.0375 3880 Windows directory: C:\WINDOWS

07:51:57.0375 3880 System windows directory: C:\WINDOWS

07:51:57.0375 3880 Processor architecture: Intel x86

07:51:57.0375 3880 Number of processors: 1

07:51:57.0375 3880 Page size: 0x1000

07:51:57.0375 3880 Boot type: Normal boot

07:51:57.0375 3880 ============================================================

07:52:00.0078 3880 Initialize success

07:52:15.0328 1784 ============================================================

07:52:15.0328 1784 Scan started

07:52:15.0328 1784 Mode: Manual;

07:52:15.0328 1784 ============================================================

07:52:21.0875 1784 Abiosdsk - ok

07:52:21.0937 1784 abp480n5 - ok

07:52:22.0015 1784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

07:52:22.0031 1784 ACPI - ok

07:52:22.0109 1784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

07:52:22.0109 1784 ACPIEC - ok

07:52:22.0171 1784 adpu160m - ok

07:52:22.0281 1784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

07:52:22.0296 1784 aec - ok

07:52:22.0390 1784 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

07:52:22.0390 1784 AFD - ok

07:52:22.0437 1784 Aha154x - ok

07:52:22.0468 1784 aic78u2 - ok

07:52:22.0515 1784 aic78xx - ok

07:52:22.0750 1784 ALCXWDM (5003d2e3f6b220ed3b0f1ac2816c2a18) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

07:52:22.0890 1784 ALCXWDM - ok

07:52:22.0968 1784 AliIde - ok

07:52:23.0031 1784 amsint - ok

07:52:23.0078 1784 asc - ok

07:52:23.0125 1784 asc3350p - ok

07:52:23.0156 1784 asc3550 - ok

07:52:23.0312 1784 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

07:52:23.0312 1784 Aspi32 - ok

07:52:23.0406 1784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

07:52:23.0406 1784 AsyncMac - ok

07:52:23.0484 1784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

07:52:23.0484 1784 atapi - ok

07:52:23.0531 1784 Atdisk - ok

07:52:23.0640 1784 ati2mtag (4938ad74de9088f70922fabf86912eee) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

07:52:23.0671 1784 ati2mtag - ok

07:52:23.0750 1784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

07:52:23.0750 1784 Atmarpc - ok

07:52:23.0843 1784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

07:52:23.0843 1784 audstub - ok

07:52:23.0937 1784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

07:52:23.0937 1784 Beep - ok

07:52:24.0031 1784 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys

07:52:24.0031 1784 BIOS - ok

07:52:24.0140 1784 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

07:52:24.0156 1784 BVRPMPR5 - ok

07:52:24.0234 1784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

07:52:24.0250 1784 cbidf2k - ok

07:52:24.0343 1784 cd20xrnt - ok

07:52:24.0453 1784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

07:52:24.0453 1784 Cdaudio - ok

07:52:24.0562 1784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

07:52:24.0578 1784 Cdfs - ok

07:52:24.0671 1784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

07:52:24.0671 1784 Cdrom - ok

07:52:24.0765 1784 Changer - ok

07:52:24.0828 1784 CmdIde - ok

07:52:24.0890 1784 Cpqarray - ok

07:52:24.0953 1784 dac2w2k - ok

07:52:24.0984 1784 dac960nt - ok

07:52:25.0078 1784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

07:52:25.0078 1784 Disk - ok

07:52:25.0171 1784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

07:52:25.0203 1784 dmboot - ok

07:52:25.0312 1784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

07:52:25.0312 1784 dmio - ok

07:52:25.0390 1784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

07:52:25.0390 1784 dmload - ok

07:52:25.0546 1784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

07:52:25.0546 1784 DMusic - ok

07:52:25.0625 1784 dpti2o - ok

07:52:25.0734 1784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

07:52:25.0734 1784 drmkaud - ok

07:52:25.0953 1784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

07:52:25.0953 1784 Fastfat - ok

07:52:26.0109 1784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

07:52:26.0109 1784 Fdc - ok

07:52:26.0250 1784 FET5X86V (41561219a8c2d5cc17aa463acff0506f) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

07:52:26.0265 1784 FET5X86V - ok

07:52:26.0296 1784 FETND5BV (41561219a8c2d5cc17aa463acff0506f) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

07:52:26.0328 1784 FETND5BV - ok

07:52:26.0421 1784 FETNDIS - ok

07:52:26.0609 1784 FileMonitor (f1fc45d2712d0aafee45a728fbe16062) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys

07:52:26.0625 1784 FileMonitor - ok

07:52:26.0750 1784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

07:52:26.0765 1784 Fips - ok

07:52:26.0875 1784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

07:52:26.0875 1784 Flpydisk - ok

07:52:27.0031 1784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

07:52:27.0062 1784 FltMgr - ok

07:52:27.0218 1784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

07:52:27.0218 1784 Fs_Rec - ok

07:52:27.0328 1784 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\WINDOWS\system32\drivers\ftdibus.sys

07:52:27.0328 1784 FTDIBUS - ok

07:52:27.0437 1784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

07:52:27.0437 1784 Ftdisk - ok

07:52:27.0546 1784 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\WINDOWS\system32\drivers\ftser2k.sys

07:52:27.0546 1784 FTSER2K - ok

07:52:27.0640 1784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

07:52:27.0640 1784 Gpc - ok

07:52:27.0781 1784 ham50 (d42c4846a2f3b29a10f57ff914ae8c13) C:\WINDOWS\system32\DRIVERS\ham50.sys

07:52:27.0796 1784 ham50 - ok

07:52:27.0953 1784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

07:52:27.0953 1784 HidUsb - ok

07:52:28.0015 1784 hpn - ok

07:52:28.0125 1784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

07:52:28.0171 1784 HTTP - ok

07:52:28.0359 1784 i2omgmt - ok

07:52:28.0406 1784 i2omp - ok

07:52:28.0562 1784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

07:52:28.0562 1784 i8042prt - ok

07:52:28.0625 1784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

07:52:28.0625 1784 Imapi - ok

07:52:28.0703 1784 ini910u - ok

07:52:28.0781 1784 IntelIde - ok

07:52:28.0859 1784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

07:52:28.0859 1784 intelppm - ok

07:52:28.0921 1784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

07:52:28.0921 1784 Ip6Fw - ok

07:52:29.0015 1784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

07:52:29.0015 1784 IpFilterDriver - ok

07:52:29.0093 1784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

07:52:29.0093 1784 IpInIp - ok

07:52:29.0156 1784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

07:52:29.0171 1784 IpNat - ok

07:52:29.0250 1784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

07:52:29.0250 1784 IPSec - ok

07:52:29.0312 1784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

07:52:29.0328 1784 IRENUM - ok

07:52:29.0390 1784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

07:52:29.0390 1784 isapnp - ok

07:52:29.0453 1784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

07:52:29.0453 1784 Kbdclass - ok

07:52:29.0546 1784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

07:52:29.0546 1784 kbdhid - ok

07:52:29.0640 1784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

07:52:29.0640 1784 kmixer - ok

07:52:29.0734 1784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

07:52:29.0734 1784 KSecDD - ok

07:52:29.0812 1784 lbrtfdc - ok

07:52:30.0000 1784 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

07:52:30.0000 1784 MBAMProtector - ok

07:52:30.0093 1784 MBAMSwissArmy - ok

07:52:30.0203 1784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

07:52:30.0203 1784 mnmdd - ok

07:52:30.0343 1784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

07:52:30.0343 1784 Modem - ok

07:52:30.0437 1784 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

07:52:30.0437 1784 MODEMCSA - ok

07:52:30.0546 1784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

07:52:30.0546 1784 Mouclass - ok

07:52:30.0640 1784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

07:52:30.0640 1784 mouhid - ok

07:52:30.0750 1784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

07:52:30.0765 1784 MountMgr - ok

07:52:30.0828 1784 mraid35x - ok

07:52:30.0953 1784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

07:52:30.0968 1784 MRxDAV - ok

07:52:31.0093 1784 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

07:52:31.0125 1784 MRxSmb - ok

07:52:31.0250 1784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

07:52:31.0250 1784 Msfs - ok

07:52:31.0375 1784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

07:52:31.0375 1784 MSKSSRV - ok

07:52:31.0453 1784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

07:52:31.0453 1784 MSPCLOCK - ok

07:52:31.0593 1784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

07:52:31.0593 1784 MSPQM - ok

07:52:31.0687 1784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

07:52:31.0687 1784 mssmbios - ok

07:52:31.0812 1784 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

07:52:31.0812 1784 Mup - ok

07:52:31.0953 1784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

07:52:31.0968 1784 NDIS - ok

07:52:32.0031 1784 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

07:52:32.0062 1784 NdisTapi - ok

07:52:32.0203 1784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

07:52:32.0203 1784 Ndisuio - ok

07:52:32.0328 1784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

07:52:32.0328 1784 NdisWan - ok

07:52:32.0406 1784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

07:52:32.0421 1784 NDProxy - ok

07:52:32.0500 1784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

07:52:32.0500 1784 NetBIOS - ok

07:52:32.0578 1784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

07:52:32.0578 1784 NetBT - ok

07:52:32.0687 1784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

07:52:32.0687 1784 Npfs - ok

07:52:32.0781 1784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

07:52:32.0796 1784 Ntfs - ok

07:52:32.0890 1784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

07:52:32.0890 1784 Null - ok

07:52:32.0953 1784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

07:52:32.0953 1784 NwlnkFlt - ok

07:52:33.0031 1784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

07:52:33.0046 1784 NwlnkFwd - ok

07:52:33.0125 1784 papycpu (8051a829dc5544c55fb647447c4b0286) C:\WINDOWS\system32\drivers\papycpu.sys

07:52:33.0140 1784 papycpu - ok

07:52:33.0187 1784 papyjoy (a4b3fb04a3f6367bc264e8addcae2a48) C:\WINDOWS\system32\drivers\papyjoy.sys

07:52:33.0187 1784 papyjoy - ok

07:52:33.0265 1784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

07:52:33.0281 1784 Parport - ok

07:52:33.0343 1784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

07:52:33.0343 1784 PartMgr - ok

07:52:33.0421 1784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

07:52:33.0421 1784 ParVdm - ok

07:52:33.0500 1784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

07:52:33.0515 1784 PCI - ok

07:52:33.0546 1784 PCIDump - ok

07:52:33.0640 1784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

07:52:33.0640 1784 PCIIde - ok

07:52:33.0718 1784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

07:52:33.0718 1784 Pcmcia - ok

07:52:33.0765 1784 PDCOMP - ok

07:52:33.0828 1784 PDFRAME - ok

07:52:33.0890 1784 PDRELI - ok

07:52:33.0937 1784 PDRFRAME - ok

07:52:33.0984 1784 perc2 - ok

07:52:34.0109 1784 perc2hib - ok

07:52:34.0234 1784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

07:52:34.0234 1784 PptpMiniport - ok

07:52:34.0312 1784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

07:52:34.0312 1784 PSched - ok

07:52:34.0375 1784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

07:52:34.0375 1784 Ptilink - ok

07:52:34.0453 1784 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

07:52:34.0453 1784 PxHelp20 - ok

07:52:34.0515 1784 ql1080 - ok

07:52:34.0578 1784 Ql10wnt - ok

07:52:34.0640 1784 ql12160 - ok

07:52:34.0687 1784 ql1240 - ok

07:52:34.0734 1784 ql1280 - ok

07:52:34.0796 1784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

07:52:34.0796 1784 RasAcd - ok

07:52:34.0859 1784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

07:52:34.0875 1784 Rasl2tp - ok

07:52:34.0921 1784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

07:52:34.0921 1784 RasPppoe - ok

07:52:34.0968 1784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

07:52:34.0968 1784 Raspti - ok

07:52:35.0046 1784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

07:52:35.0062 1784 Rdbss - ok

07:52:35.0203 1784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

07:52:35.0203 1784 RDPCDD - ok

07:52:35.0375 1784 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

07:52:35.0375 1784 RDPWD - ok

07:52:35.0515 1784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

07:52:35.0515 1784 redbook - ok

07:52:35.0656 1784 RegFilter (2ca761ce3abb7bbbb9c5519b2fb54f5e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys

07:52:35.0656 1784 RegFilter - ok

07:52:35.0781 1784 RTL8023xp (223d721e1334425df479b58123c9e886) C:\WINDOWS\system32\DRIVERS\EG1032xp.sys

07:52:35.0796 1784 RTL8023xp - ok

07:52:35.0906 1784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

07:52:35.0906 1784 Secdrv - ok

07:52:35.0984 1784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

07:52:36.0000 1784 serenum - ok

07:52:36.0062 1784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

07:52:36.0062 1784 Serial - ok

07:52:36.0140 1784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

07:52:36.0156 1784 Sfloppy - ok

07:52:36.0375 1784 Simbad - ok

07:52:36.0421 1784 Sparrow - ok

07:52:36.0500 1784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

07:52:36.0531 1784 splitter - ok

07:52:36.0640 1784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

07:52:36.0640 1784 sr - ok

07:52:36.0781 1784 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

07:52:36.0812 1784 Srv - ok

07:52:36.0906 1784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

07:52:36.0921 1784 swenum - ok

07:52:37.0000 1784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

07:52:37.0000 1784 swmidi - ok

07:52:37.0109 1784 symc810 - ok

07:52:37.0156 1784 symc8xx - ok

07:52:37.0218 1784 sym_hi - ok

07:52:37.0296 1784 sym_u3 - ok

07:52:37.0390 1784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

07:52:37.0390 1784 sysaudio - ok

07:52:37.0531 1784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

07:52:37.0531 1784 Tcpip - ok

07:52:37.0640 1784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

07:52:37.0656 1784 TDPIPE - ok

07:52:37.0734 1784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

07:52:37.0734 1784 TDTCP - ok

07:52:37.0812 1784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

07:52:37.0812 1784 TermDD - ok

07:52:37.0906 1784 TosIde - ok

07:52:38.0031 1784 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

07:52:38.0031 1784 uagp35 - ok

07:52:38.0140 1784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

07:52:38.0171 1784 Udfs - ok

07:52:38.0296 1784 ultra - ok

07:52:38.0390 1784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

07:52:38.0421 1784 Update - ok

07:52:38.0593 1784 UrlFilter (62551ba687f1d0f582810cfa37384bb0) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys

07:52:38.0593 1784 UrlFilter - ok

07:52:38.0687 1784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

07:52:38.0703 1784 usbccgp - ok

07:52:38.0781 1784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

07:52:38.0781 1784 usbehci - ok

07:52:38.0906 1784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

07:52:38.0921 1784 usbhub - ok

07:52:39.0000 1784 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

07:52:39.0015 1784 usbohci - ok

07:52:39.0093 1784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

07:52:39.0109 1784 usbprint - ok

07:52:39.0156 1784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

07:52:39.0156 1784 usbscan - ok

07:52:39.0234 1784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

07:52:39.0234 1784 USBSTOR - ok

07:52:39.0312 1784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

07:52:39.0312 1784 usbuhci - ok

07:52:39.0421 1784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

07:52:39.0437 1784 VgaSave - ok

07:52:39.0531 1784 viagfx (bcb2353661cb74a28c2e3e08ccfdff12) C:\WINDOWS\system32\DRIVERS\vtmini.sys

07:52:39.0546 1784 viagfx - ok

07:52:39.0687 1784 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\drivers\ViaIde.sys

07:52:39.0687 1784 ViaIde - ok

07:52:39.0750 1784 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys

07:52:39.0765 1784 videX32 - ok

07:52:39.0875 1784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

07:52:39.0875 1784 VolSnap - ok

07:52:39.0968 1784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

07:52:39.0968 1784 Wanarp - ok

07:52:40.0031 1784 WDICA - ok

07:52:40.0109 1784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

07:52:40.0109 1784 wdmaud - ok

07:52:40.0468 1784 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

07:52:40.0468 1784 WS2IFSL - ok

07:52:40.0531 1784 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

07:52:40.0531 1784 WudfPf - ok

07:52:40.0593 1784 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

07:52:40.0593 1784 WudfRd - ok

07:52:40.0687 1784 xfilt (fcbc27869092850cdb75139f3818653a) C:\WINDOWS\system32\DRIVERS\xfilt.sys

07:52:40.0687 1784 xfilt - ok

07:52:40.0750 1784 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0

07:52:40.0765 1784 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

07:52:40.0765 1784 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

07:52:40.0812 1784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

07:52:41.0046 1784 \Device\Harddisk1\DR1 - ok

07:52:41.0062 1784 Boot (0x1200) (c0ea8aa4645a704e487618b16b6a98c8) \Device\Harddisk0\DR0\Partition0

07:52:41.0062 1784 \Device\Harddisk0\DR0\Partition0 - ok

07:52:41.0078 1784 Boot (0x1200) (afe5d15929af794541b00200b42481d5) \Device\Harddisk1\DR1\Partition0

07:52:41.0078 1784 \Device\Harddisk1\DR1\Partition0 - ok

07:52:41.0093 1784 ============================================================

07:52:41.0093 1784 Scan finished

07:52:41.0093 1784 ============================================================

07:52:41.0125 1572 Detected object count: 1

07:52:41.0125 1572 Actual detected object count: 1

07:52:50.0593 1572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

07:52:50.0625 1572 \Device\Harddisk0\DR0 - ok

07:52:50.0625 1572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

07:53:36.0671 3772 Deinitialize success

ComboFix 11-12-25.03 - Owner 12/26/2011 8:18.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1205 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\$NtUninstallKB19027$

c:\windows\$NtUninstallKB19027$\1697984358\@

c:\windows\$NtUninstallKB19027$\1697984358\bckfg.tmp

c:\windows\$NtUninstallKB19027$\1697984358\cfg.ini

c:\windows\$NtUninstallKB19027$\1697984358\Desktop.ini

c:\windows\$NtUninstallKB19027$\1697984358\keywords

c:\windows\$NtUninstallKB19027$\1697984358\kwrd.dll

c:\windows\$NtUninstallKB19027$\1697984358\L\leaqjkll

c:\windows\$NtUninstallKB19027$\1697984358\lsflt7.ver

c:\windows\$NtUninstallKB19027$\1697984358\U\00000001.@

c:\windows\$NtUninstallKB19027$\1697984358\U\00000002.@

c:\windows\$NtUninstallKB19027$\1697984358\U\00000004.@

c:\windows\$NtUninstallKB19027$\1697984358\U\80000000.@

c:\windows\$NtUninstallKB19027$\1697984358\U\80000004.@

c:\windows\$NtUninstallKB19027$\1697984358\U\80000032.@

c:\windows\$NtUninstallKB19027$\250450256

c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))

.

.

2011-12-26 03:21 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2011-12-26 03:21 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

2011-12-16 18:27 . 2011-12-16 18:27 1409 ----a-w- c:\windows\QTFont.for

2011-12-10 18:09 . 2011-12-10 18:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Visan

2011-12-10 18:09 . 2011-12-10 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Visan

2011-12-10 18:08 . 2011-12-10 18:08 -------- d-----w- c:\program files\HP Photo Creations

2011-12-10 18:08 . 2011-12-10 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations

2011-12-06 16:19 . 2011-12-06 16:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-12-04 11:19 . 2011-12-04 11:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2011-12-04 11:19 . 2011-12-04 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-04 11:18 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-04 11:18 . 2011-12-04 11:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-02 10:54 . 2011-11-23 00:42 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-12-02 10:54 . 2011-12-04 17:37 -------- d-----w- c:\program files\PC Tools

2011-12-02 10:52 . 2011-12-02 10:52 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp

2011-12-02 06:53 . 2011-12-02 06:53 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-12-02 06:52 . 2011-12-02 06:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!

2011-12-02 06:46 . 2011-12-02 06:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert

2011-12-02 05:06 . 2011-11-14 21:06 767952 ----a-w- c:\windows\BDTSupport.dll1241.old

2011-12-02 05:06 . 2011-11-14 21:06 767952 ----a-w- c:\windows\BDTSupport.dll1228.old

2011-12-02 05:06 . 2011-01-07 19:54 767952 ----a-w- c:\windows\BDTSupport.dll1218.old

2011-12-02 05:06 . 2011-12-04 17:37 -------- d-----w- c:\program files\Browser Defender

2011-12-02 05:06 . 2011-11-14 21:07 149456 ----a-w- c:\windows\SGDetectionTool.dll1241.old

2011-12-02 05:06 . 2011-11-14 21:07 149456 ----a-w- c:\windows\SGDetectionTool.dll1228.old

2011-12-02 05:06 . 2011-11-14 21:07 2246608 ----a-w- c:\windows\PCTBDCore.dll1241.old

2011-12-02 05:06 . 2011-11-14 21:07 2246608 ----a-w- c:\windows\PCTBDCore.dll1228.old

2011-12-02 05:06 . 2011-01-07 19:54 149456 ----a-w- c:\windows\SGDetectionTool.dll1218.old

2011-12-02 05:06 . 2011-01-07 19:54 2000848 ----a-w- c:\windows\PCTBDCore.dll1218.old

2011-12-02 02:15 . 2011-12-04 17:37 -------- d-----w- c:\program files\Common Files\PC Tools

2011-12-02 02:15 . 2011-12-02 05:54 -------- d-----w- c:\program files\PC Tools Security

2011-12-02 02:15 . 2011-12-02 02:15 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools

2011-12-02 02:11 . 2011-12-04 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-12-02 00:09 . 2011-12-02 00:09 -------- d-----w- c:\documents and settings\Administrator

2011-12-01 22:13 . 2011-12-01 21:58 116224 ----a-w- c:\windows\system32\OAfNkA.com

2011-12-01 21:58 . 2011-12-01 21:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-11-29 11:38 . 2011-10-20 03:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-23 11:58 . 2004-08-04 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2011-11-17 18:38 . 2011-07-21 22:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-31 14:11 . 2011-10-31 14:11 5359888 ----a-w- c:\windows\uninst.exe

2011-10-10 14:22 . 2007-01-03 18:12 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-11-09 23:19 . 2011-07-21 19:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"DLCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2006-10-20 73728]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]

2011-11-12 15:42 1647448 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]

2011-10-08 21:34 4441944 ----a-w- c:\program files\IObit\IObit Malware Fighter\IMF.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

2011-01-13 20:17 1589208 ----a-w- c:\program files\PC Tools Security\pctsGui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]

2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gupdatem"=3 (0x3)

"gupdate"=2 (0x2)

"mnmsrvc"=3 (0x3)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"aspnet_state"=3 (0x3)

"SSDPSRV"=3 (0x3)

"ACDaemon"=3 (0x3)

"Browser Defender Update Service"=2 (0x2)

"MSDTC"=3 (0x3)

"hkmsvc"=3 (0x3)

"ImapiService"=3 (0x3)

"dmadmin"=3 (0x3)

"SwPrv"=3 (0x3)

"NtLmSsp"=3 (0x3)

"ose"=3 (0x3)

"sdAuxService"=3 (0x3)

"sdCoreService"=3 (0x3)

"PCTSFileEnum"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"seclogon"=3 (0x3)

"ThreatFire"=3 (0x3)

"VSS"=3 (0x3)

"WmiApSrv"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"iPod Service"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"UPS"=3 (0x3)

"RemoteAccess"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"NtmsSvc"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"Eventlog"=2 (0x2)

"BITS"=2 (0x2)

"TapiSrv"=3 (0x3)

"IMFservice"=2 (0x2)

"HidServ"=2 (0x2)

"AdvancedSystemCareService5"=2 (0x2)

"COMSysApp"=3 (0x3)

"WZCSVC"=2 (0x2)

"winmgmt"=2 (0x2)

"SENS"=2 (0x2)

"SamSs"=2 (0x2)

"EventSystem"=3 (0x3)

"dlcj_device"=2 (0x2)

"WudfSvc"=3 (0x3)

"EapHost"=3 (0x3)

"TrkWks"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\WINDOWS\\system32\\dlcjcoms.exe"=

"c:\\Program Files\\Dell Photo AIO Printer 964\\dlcjmon.exe"=

"c:\\Program Files\\Dell Photo AIO Printer 964\\dlcjaiox.exe"=

.

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/5/2007 10:17 AM 13696]

R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [4/7/2007 4:39 PM 1984]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/4/2011 6:19 AM 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/4/2011 6:18 AM 22216]

S3 ham50;Intel HaM Data Fax Voice Modem;c:\windows\system32\drivers\ham50.sys [1/5/2007 3:31 PM 365853]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [10/30/2011 8:44 PM 30368]

S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [10/30/2011 8:44 PM 16208]

S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/28/2011 12:59 PM 490840]

S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [10/30/2011 8:44 PM 239472]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2011 5:33 PM 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2011 5:33 PM 136176]

S4 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [10/30/2011 8:44 PM 820568]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42]

.

2011-12-02 c:\windows\Tasks\At1.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At10.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At11.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At12.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At13.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At14.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At15.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At16.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At17.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At18.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At19.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At2.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At20.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At21.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At22.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-06 c:\windows\Tasks\At23.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-06 c:\windows\Tasks\At24.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-06 c:\windows\Tasks\At25.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-06 c:\windows\Tasks\At26.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At27.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At28.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At29.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At3.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At30.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At31.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At32.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At33.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At34.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At35.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At36.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At37.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At38.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At39.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At4.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At40.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At41.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At42.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At43.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At44.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At45.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At46.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At47.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At48.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At5.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-01 c:\windows\Tasks\At6.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At7.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At8.job

- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58]

.

2011-12-02 c:\windows\Tasks\At9.job

- c:\windows\system32\OAfNkA.com [2011-12-01 21:58]

.

2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 22:32]

.

2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 22:32]

.

2011-12-26 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-11-16 10:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.1.1

DPF: {3D54FEE0-CE46-11D4-8288-0050BA6A5ABF} - file:///C:/Program%20Files/Newsoft/Presto!%20Mr.%20Photo%203/CardExpr/iepiev20.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w6b3epfq.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=68107931&tool_id=62781&qkw=

.

- - - - ORPHANS REMOVED - - - -

.

Notify-TPSvc - TPSvc.dll

SafeBoot-61326833.sys

MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe

MSConfigStartUp-PCTools FGuard - c:\program files\Browser Defender\FGuard.exe

MSConfigStartUp-Privacy Protection - c:\documents and settings\All Users\Application Data\privacy.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-26 08:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,32,48,f2,bc,4d,fc,49,96,3d,ae,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,32,48,f2,bc,4d,fc,49,96,3d,ae,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(732)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(848)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Google\Update\Install\{AB6DD9E5-5DBC-4858-BFDF-F5856CA34C2F}\chrome_updater.exe

c:\windows\system32\config\SYSTEM~1\LOCALS~1\Temp\CR_DA3E0.tmp\setup.exe

c:\windows\system32\wscntfy.exe

c:\windows\SoftwareDistribution\Download\120366dc23638169395185f6bd9f31e4\update\update.exe

.

**************************************************************************

.

Completion time: 2011-12-26 08:46:11 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-26 13:46

.

Pre-Run: 12,882,157,568 bytes free

Post-Run: 13,287,927,808 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 8B6BD5ABA90E577FD19AB257C1C1BE40

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000003c

Kernel Drivers (total 121):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806EF000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF75A8000 ACPI.sys

0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7597000 pci.sys

0xF75F7000 isapnp.sys

0xF7A4F000 PCIIde.sys

0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS

0xF798B000 ViaIde.sys

0xF7607000 MountMgr.sys

0xF74D8000 ftdisk.sys

0xF770F000 videX32.sys

0xF7717000 PartMgr.sys

0xF7617000 VolSnap.sys

0xF74C0000 atapi.sys

0xF7627000 disk.sys

0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF74A0000 fltmgr.sys

0xF748E000 sr.sys

0xF771F000 xfilt.sys

0xF7647000 PxHelp20.sys

0xF7477000 KSecDD.sys

0xF7B52000 Ntfs.sys

0xF744A000 NDIS.sys

0xF7657000 Combo-Fix.sys

0xF7667000 uagp35.sys

0xBA7E6000 Mup.sys

0xBA70E000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB9757000 \SystemRoot\system32\DRIVERS\ati2mtag.sys

0xB9743000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF77E7000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xB971F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF77EF000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB970D000 \SystemRoot\system32\DRIVERS\EG1032xp.sys

0xBA6FE000 \SystemRoot\system32\DRIVERS\imapi.sys

0xBA6EE000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xBA6DE000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB96EA000 \SystemRoot\system32\DRIVERS\ks.sys

0xF77F7000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB9321000 \SystemRoot\system32\drivers\ALCXWDM.SYS

0xB92FD000 \SystemRoot\system32\drivers\portcls.sys

0xBA6CE000 \SystemRoot\system32\drivers\drmk.sys

0xF77FF000 \SystemRoot\system32\DRIVERS\fdc.sys

0xBA6BE000 \SystemRoot\system32\DRIVERS\serial.sys

0xBA78E000 \SystemRoot\system32\DRIVERS\serenum.sys

0xB92E9000 \SystemRoot\system32\DRIVERS\parport.sys

0xBA6AE000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF7807000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xBA31A000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF7697000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xBA78A000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB92D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF76A7000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF76B7000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF780F000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB92C1000 \SystemRoot\system32\DRIVERS\psched.sys

0xF76C7000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7817000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF781F000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF76D7000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF774F000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF799D000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB9213000 \SystemRoot\system32\DRIVERS\update.sys

0xBA77A000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF76F7000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7567000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF79A1000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF79AB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xA0C1B000 \SystemRoot\System32\Drivers\Null.SYS

0xF79AD000 \SystemRoot\System32\Drivers\Beep.SYS

0xA0C1A000 \SystemRoot\system32\drivers\papycpu.sys

0xA0C19000 \SystemRoot\system32\drivers\papyjoy.sys

0xF775F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF7767000 \SystemRoot\System32\drivers\vga.sys

0xF79AF000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79B1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF776F000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF7777000 \SystemRoot\System32\Drivers\Npfs.SYS

0xBA696000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xA0A4E000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xA09F5000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xA09CD000 \SystemRoot\system32\DRIVERS\netbt.sys

0xA09AB000 \SystemRoot\System32\drivers\afd.sys

0xB9894000 \SystemRoot\system32\DRIVERS\netbios.sys

0xA0980000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xA0910000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xB9884000 \SystemRoot\System32\Drivers\Fips.SYS

0x9FC02000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xB9864000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xBA7A6000 \??\C:\WINDOWS\system32\drivers\BIOS.sys

0xF779F000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xBA79A000 \SystemRoot\system32\DRIVERS\usbscan.sys

0xF77A7000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xF77AF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xBA796000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xB9834000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xB9203000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xF7547000 \SystemRoot\System32\Drivers\Cdfs.SYS

0x9FBE0000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF79C9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xA0AA7000 \SystemRoot\System32\drivers\Dxapi.sys

0xF77C7000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7A66000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\ati2dvag.dll

0xBF049000 \SystemRoot\System32\ati2cqag.dll

0xBF083000 \SystemRoot\System32\ati3duag.dll

0xBF257000 \SystemRoot\System32\ativvaxx.dll

0xA0AA3000 \??\C:\WINDOWS\system32\drivers\mbam.sys

0xF79A9000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xB9271000 \SystemRoot\System32\drivers\aspi32.sys

0x9F62B000 \SystemRoot\system32\drivers\wdmaud.sys

0x9F730000 \SystemRoot\system32\drivers\sysaudio.sys

0x9F258000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys

0x9F035000 \SystemRoot\system32\drivers\kmixer.sys

0x9FB80000 \??\C:\ComboFix\catchme.sys

0xF79D7000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 23):

0 System Idle Process

4 System

660 C:\WINDOWS\system32\smss.exe

708 csrss.exe

732 C:\WINDOWS\system32\winlogon.exe

776 C:\WINDOWS\system32\services.exe

788 C:\WINDOWS\system32\lsass.exe

944 C:\WINDOWS\system32\svchost.exe

1008 svchost.exe

1104 C:\WINDOWS\system32\svchost.exe

1144 svchost.exe

1296 C:\WINDOWS\system32\svchost.exe

1412 C:\WINDOWS\system32\spoolsv.exe

1532 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

1664 C:\WINDOWS\system32\svchost.exe

1900 C:\WINDOWS\system32\wuauclt.exe

768 C:\WINDOWS\system32\wscntfy.exe

2000 alg.exe

1644 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

848 C:\WINDOWS\explorer.exe

1944 C:\Program Files\Mozilla Firefox\firefox.exe

1812 C:\WINDOWS\system32\wuauclt.exe

984 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST330620A, Rev: 3.05

PhysicalDrive1 Model Number: IC35L040AVER07-0, Rev: ER4OA46A

Size Device Name MBR Status

--------------------------------------------

27 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

37 GB \\.\PhysicalDrive1 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Looking better!

Let's run some more scans to determine if there's anything ComboFix & TDSSkiller may have missed:

Download Rootkit Unhooker and save it to your Desktop.

Close all open programs and browsers, then double-click RKUnhookerLE.exe to run it.

Vista/Windows 7 users right-click and select Run As Administrator.

  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • UNcheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait until the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
    Note: You may get the following warning---just ignore it, click OK and continue. Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?

----------

icon13.gifPlease close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

  • Please download RootRepeal.zip from here.
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
    nclahc.gif
  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
    2j5lb6.gif
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

icon13.gifNOTE! Please remove any e-mail address in the RootRepeal report (if present).

----------

Please post both the RootkitUnhooker & RootRepeal reports in your next reply. Let me know how things go ;).

Link to post
Share on other sites
  • 1 month later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.