Chlebowski Posted December 23, 2011 ID:508454 Share Posted December 23, 2011 I'm hit with a virus or script that keeps running Ping.exe and it eats all my memory. Ran the DDS and I am a registered user of Malwarebytes Anti-malware. What is my next step? Here is the DDS.txt:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26Run by Owner at 6:15:11 on 2011-12-23.============== Running Processes ===============..============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/iemSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dllmURLSearchHooks: H - No FileBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dllTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FilemRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dllLSP: mswsock.dllDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {3D54FEE0-CE46-11D4-8288-0050BA6A5ABF} - file:///C:/Program%20Files/Newsoft/Presto!%20Mr.%20Photo%203/CardExpr/iepiev20.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cabHandler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dllNotify: AtiExtEvent - Ati2evxx.dllNotify: TPSvc - TPSvc.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\w6b3epfq.default\FF - prefs.js: browser.startup.homepage - www.yahoo.comFF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=68107931&tool_id=62781&qkw=FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll.============= SERVICES / DRIVERS ===============..=============== Created Last 30 ================.2011-12-16 18:27:35 1409 ----a-w- c:\windows\QTFont.for2011-12-10 18:09:54 -------- d-----w- c:\documents and settings\owner\application data\Visan2011-12-10 18:09:54 -------- d-----w- c:\documents and settings\all users\application data\Visan2011-12-10 18:08:44 -------- d-----w- c:\program files\HP Photo Creations2011-12-10 18:08:44 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations2011-12-04 11:19:17 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes2011-12-04 11:19:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-12-04 11:18:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-12-04 11:18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-12-02 10:54:57 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys2011-12-02 10:54:43 -------- d-----w- c:\program files\PC Tools2011-12-02 10:52:10 -------- d-----w- c:\documents and settings\owner\application data\TestApp2011-12-02 05:06:29 767952 ----a-w- c:\windows\BDTSupport.dll1241.old2011-12-02 05:06:29 767952 ----a-w- c:\windows\BDTSupport.dll1228.old2011-12-02 05:06:29 767952 ----a-w- c:\windows\BDTSupport.dll1218.old2011-12-02 05:06:28 2246608 ----a-w- c:\windows\PCTBDCore.dll1241.old2011-12-02 05:06:28 2246608 ----a-w- c:\windows\PCTBDCore.dll1228.old2011-12-02 05:06:28 2000848 ----a-w- c:\windows\PCTBDCore.dll1218.old2011-12-02 05:06:28 149456 ----a-w- c:\windows\SGDetectionTool.dll1241.old2011-12-02 05:06:28 149456 ----a-w- c:\windows\SGDetectionTool.dll1228.old2011-12-02 05:06:28 149456 ----a-w- c:\windows\SGDetectionTool.dll1218.old2011-12-02 05:06:28 -------- d-----w- c:\program files\Browser Defender2011-12-02 02:15:51 -------- d-----w- c:\program files\PC Tools Security2011-12-02 02:15:51 -------- d-----w- c:\program files\common files\PC Tools2011-12-02 02:15:51 -------- d-----w- c:\documents and settings\owner\application data\PC Tools2011-12-02 02:11:44 -------- d-----w- c:\documents and settings\all users\application data\PC Tools2011-12-01 22:13:18 116224 ----a-w- c:\windows\system32\OAfNkA.com2011-12-01 21:54:28 116224 ----a-w- c:\windows\system32\OAfNkA.com_2011-11-29 11:38:25 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe.==================== Find3M ====================.2011-11-17 18:38:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-10-31 14:11:02 5359888 ----a-w- c:\windows\uninst.exe2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 15:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll.============= FINISH: 6:15:43.95 =============== Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted December 25, 2011 ID:509292 Share Posted December 25, 2011 Hello Chlebowski and welcome to Malwarebytes! I apologize for the delay.I am D-FRED-BROWN and I will be helping you. Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps. -------------Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet ServicesWindows FirewallSystem Restore[*]Press "Scan".[*]It will create a log (FSS.txt) in the same directory the tool is run.[*]Please copy and paste the log to your reply.-------------Please download to your Desktop:TDSSKiller.zip from here and extract it (right click on it => "Extract here").>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue If a suspicious file is detected, the default action will be Skip, click on Continue If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.In your next reply, please include the following (you may need to use two posts to get it all in):TDSSKiller_log.txthow the PC is running now?-------------Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.Also, please let me know if any problems still remain.-------------Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:http://ad13.geekstogo.com/MBRCheck.exehttp://download.bleepingcomputer.com/rootrepeal/MBRCheck.exehttp://www.kernelmode.info/MBRCheck.exeClose all opened programs/ windows and double-click on MBRCheck.exe.It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".Press the "Enter" key to close the MBRCheck window and post the contents of the log file.-------------In your next reply, please include:FSS.txtTDSSKiller reportC:\ComboFix.txtMBRCheck reportHow is your computer running now? Link to post Share on other sites More sharing options...
Chlebowski Posted December 26, 2011 Author ID:509450 Share Posted December 26, 2011 Thanks D-FRED-BROWN. The computer seems to be running pretty good so far. Should I have that many svchost.exe running? Here are the files you wanted:[*]FSS.txt[*]TDSSKiller report[*]C:\ComboFix.txt[*]MBRCheck reportFarbar Service Scanner Ran by Owner (administrator) on 26-12-2011 at 07:48:43Microsoft Windows XP Service Pack 3 (X86)****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Yahoo IP is accessible.Windows Firewall:=============sharedaccess Service is not running. Checking service configuration:The start type of sharedaccess service is set to Disabled. The default start type is Auto.The ImagePath of sharedaccess service is OK.The ServiceDll of sharedaccess service is OK.winmgmt Service is not running. Checking service configuration:The start type of winmgmt service is set to Disabled. The default start type is Auto.The ImagePath of winmgmt service is OK.The ServiceDll of winmgmt service is OK.Firewall Disabled Policy: ==================System Restore:============System Restore Disabled Policy: ========================File Check:========C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legitC:\WINDOWS\system32\Drivers\afd.sys => MD5 is legitC:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legitC:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legitC:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legitC:\WINDOWS\system32\dnsrslvr.dll => MD5 is legitC:\WINDOWS\system32\ipnathlp.dll => MD5 is legitC:\WINDOWS\system32\netman.dll => MD5 is legitC:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legitC:\WINDOWS\system32\srsvc.dll => MD5 is legitC:\WINDOWS\system32\Drivers\sr.sys => MD5 is legitC:\WINDOWS\system32\svchost.exe => MD5 is legitC:\WINDOWS\system32\rpcss.dll => MD5 is legitC:\WINDOWS\system32\services.exe => MD5 is legitExtra List:=======Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 0x0700000005000000010000000200000003000000040000000600000007000000**** End of log ****07:51:57.0000 3880 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:1607:51:57.0375 3880 ============================================================07:51:57.0375 3880 Current date / time: 2011/12/26 07:51:57.037507:51:57.0375 3880 SystemInfo:07:51:57.0375 3880 07:51:57.0375 3880 OS Version: 5.1.2600 ServicePack: 3.007:51:57.0375 3880 Product type: Workstation07:51:57.0375 3880 ComputerName: VALUED-56A3AD4F07:51:57.0375 3880 UserName: Owner07:51:57.0375 3880 Windows directory: C:\WINDOWS07:51:57.0375 3880 System windows directory: C:\WINDOWS07:51:57.0375 3880 Processor architecture: Intel x8607:51:57.0375 3880 Number of processors: 107:51:57.0375 3880 Page size: 0x100007:51:57.0375 3880 Boot type: Normal boot07:51:57.0375 3880 ============================================================07:52:00.0078 3880 Initialize success07:52:15.0328 1784 ============================================================07:52:15.0328 1784 Scan started07:52:15.0328 1784 Mode: Manual; 07:52:15.0328 1784 ============================================================07:52:21.0875 1784 Abiosdsk - ok07:52:21.0937 1784 abp480n5 - ok07:52:22.0015 1784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys07:52:22.0031 1784 ACPI - ok07:52:22.0109 1784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys07:52:22.0109 1784 ACPIEC - ok07:52:22.0171 1784 adpu160m - ok07:52:22.0281 1784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys07:52:22.0296 1784 aec - ok07:52:22.0390 1784 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys07:52:22.0390 1784 AFD - ok07:52:22.0437 1784 Aha154x - ok07:52:22.0468 1784 aic78u2 - ok07:52:22.0515 1784 aic78xx - ok07:52:22.0750 1784 ALCXWDM (5003d2e3f6b220ed3b0f1ac2816c2a18) C:\WINDOWS\system32\drivers\ALCXWDM.SYS07:52:22.0890 1784 ALCXWDM - ok07:52:22.0968 1784 AliIde - ok07:52:23.0031 1784 amsint - ok07:52:23.0078 1784 asc - ok07:52:23.0125 1784 asc3350p - ok07:52:23.0156 1784 asc3550 - ok07:52:23.0312 1784 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys07:52:23.0312 1784 Aspi32 - ok07:52:23.0406 1784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys07:52:23.0406 1784 AsyncMac - ok07:52:23.0484 1784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys07:52:23.0484 1784 atapi - ok07:52:23.0531 1784 Atdisk - ok07:52:23.0640 1784 ati2mtag (4938ad74de9088f70922fabf86912eee) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys07:52:23.0671 1784 ati2mtag - ok07:52:23.0750 1784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys07:52:23.0750 1784 Atmarpc - ok07:52:23.0843 1784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys07:52:23.0843 1784 audstub - ok07:52:23.0937 1784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys07:52:23.0937 1784 Beep - ok07:52:24.0031 1784 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys07:52:24.0031 1784 BIOS - ok07:52:24.0140 1784 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS07:52:24.0156 1784 BVRPMPR5 - ok07:52:24.0234 1784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys07:52:24.0250 1784 cbidf2k - ok07:52:24.0343 1784 cd20xrnt - ok07:52:24.0453 1784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys07:52:24.0453 1784 Cdaudio - ok07:52:24.0562 1784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys07:52:24.0578 1784 Cdfs - ok07:52:24.0671 1784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys07:52:24.0671 1784 Cdrom - ok07:52:24.0765 1784 Changer - ok07:52:24.0828 1784 CmdIde - ok07:52:24.0890 1784 Cpqarray - ok07:52:24.0953 1784 dac2w2k - ok07:52:24.0984 1784 dac960nt - ok07:52:25.0078 1784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys07:52:25.0078 1784 Disk - ok07:52:25.0171 1784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys07:52:25.0203 1784 dmboot - ok07:52:25.0312 1784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys07:52:25.0312 1784 dmio - ok07:52:25.0390 1784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys07:52:25.0390 1784 dmload - ok07:52:25.0546 1784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys07:52:25.0546 1784 DMusic - ok07:52:25.0625 1784 dpti2o - ok07:52:25.0734 1784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys07:52:25.0734 1784 drmkaud - ok07:52:25.0953 1784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys07:52:25.0953 1784 Fastfat - ok07:52:26.0109 1784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys07:52:26.0109 1784 Fdc - ok07:52:26.0250 1784 FET5X86V (41561219a8c2d5cc17aa463acff0506f) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys07:52:26.0265 1784 FET5X86V - ok07:52:26.0296 1784 FETND5BV (41561219a8c2d5cc17aa463acff0506f) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys07:52:26.0328 1784 FETND5BV - ok07:52:26.0421 1784 FETNDIS - ok07:52:26.0609 1784 FileMonitor (f1fc45d2712d0aafee45a728fbe16062) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys07:52:26.0625 1784 FileMonitor - ok07:52:26.0750 1784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys07:52:26.0765 1784 Fips - ok07:52:26.0875 1784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys07:52:26.0875 1784 Flpydisk - ok07:52:27.0031 1784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys07:52:27.0062 1784 FltMgr - ok07:52:27.0218 1784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys07:52:27.0218 1784 Fs_Rec - ok07:52:27.0328 1784 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\WINDOWS\system32\drivers\ftdibus.sys07:52:27.0328 1784 FTDIBUS - ok07:52:27.0437 1784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys07:52:27.0437 1784 Ftdisk - ok07:52:27.0546 1784 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\WINDOWS\system32\drivers\ftser2k.sys07:52:27.0546 1784 FTSER2K - ok07:52:27.0640 1784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys07:52:27.0640 1784 Gpc - ok07:52:27.0781 1784 ham50 (d42c4846a2f3b29a10f57ff914ae8c13) C:\WINDOWS\system32\DRIVERS\ham50.sys07:52:27.0796 1784 ham50 - ok07:52:27.0953 1784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys07:52:27.0953 1784 HidUsb - ok07:52:28.0015 1784 hpn - ok07:52:28.0125 1784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys07:52:28.0171 1784 HTTP - ok07:52:28.0359 1784 i2omgmt - ok07:52:28.0406 1784 i2omp - ok07:52:28.0562 1784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys07:52:28.0562 1784 i8042prt - ok07:52:28.0625 1784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys07:52:28.0625 1784 Imapi - ok07:52:28.0703 1784 ini910u - ok07:52:28.0781 1784 IntelIde - ok07:52:28.0859 1784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys07:52:28.0859 1784 intelppm - ok07:52:28.0921 1784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys07:52:28.0921 1784 Ip6Fw - ok07:52:29.0015 1784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys07:52:29.0015 1784 IpFilterDriver - ok07:52:29.0093 1784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys07:52:29.0093 1784 IpInIp - ok07:52:29.0156 1784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys07:52:29.0171 1784 IpNat - ok07:52:29.0250 1784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys07:52:29.0250 1784 IPSec - ok07:52:29.0312 1784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys07:52:29.0328 1784 IRENUM - ok07:52:29.0390 1784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys07:52:29.0390 1784 isapnp - ok07:52:29.0453 1784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys07:52:29.0453 1784 Kbdclass - ok07:52:29.0546 1784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys07:52:29.0546 1784 kbdhid - ok07:52:29.0640 1784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys07:52:29.0640 1784 kmixer - ok07:52:29.0734 1784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys07:52:29.0734 1784 KSecDD - ok07:52:29.0812 1784 lbrtfdc - ok07:52:30.0000 1784 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys07:52:30.0000 1784 MBAMProtector - ok07:52:30.0093 1784 MBAMSwissArmy - ok07:52:30.0203 1784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys07:52:30.0203 1784 mnmdd - ok07:52:30.0343 1784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys07:52:30.0343 1784 Modem - ok07:52:30.0437 1784 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys07:52:30.0437 1784 MODEMCSA - ok07:52:30.0546 1784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys07:52:30.0546 1784 Mouclass - ok07:52:30.0640 1784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys07:52:30.0640 1784 mouhid - ok07:52:30.0750 1784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys07:52:30.0765 1784 MountMgr - ok07:52:30.0828 1784 mraid35x - ok07:52:30.0953 1784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys07:52:30.0968 1784 MRxDAV - ok07:52:31.0093 1784 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys07:52:31.0125 1784 MRxSmb - ok07:52:31.0250 1784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys07:52:31.0250 1784 Msfs - ok07:52:31.0375 1784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys07:52:31.0375 1784 MSKSSRV - ok07:52:31.0453 1784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys07:52:31.0453 1784 MSPCLOCK - ok07:52:31.0593 1784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys07:52:31.0593 1784 MSPQM - ok07:52:31.0687 1784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys07:52:31.0687 1784 mssmbios - ok07:52:31.0812 1784 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys07:52:31.0812 1784 Mup - ok07:52:31.0953 1784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys07:52:31.0968 1784 NDIS - ok07:52:32.0031 1784 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys07:52:32.0062 1784 NdisTapi - ok07:52:32.0203 1784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys07:52:32.0203 1784 Ndisuio - ok07:52:32.0328 1784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys07:52:32.0328 1784 NdisWan - ok07:52:32.0406 1784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys07:52:32.0421 1784 NDProxy - ok07:52:32.0500 1784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys07:52:32.0500 1784 NetBIOS - ok07:52:32.0578 1784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys07:52:32.0578 1784 NetBT - ok07:52:32.0687 1784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys07:52:32.0687 1784 Npfs - ok07:52:32.0781 1784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys07:52:32.0796 1784 Ntfs - ok07:52:32.0890 1784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys07:52:32.0890 1784 Null - ok07:52:32.0953 1784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys07:52:32.0953 1784 NwlnkFlt - ok07:52:33.0031 1784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys07:52:33.0046 1784 NwlnkFwd - ok07:52:33.0125 1784 papycpu (8051a829dc5544c55fb647447c4b0286) C:\WINDOWS\system32\drivers\papycpu.sys07:52:33.0140 1784 papycpu - ok07:52:33.0187 1784 papyjoy (a4b3fb04a3f6367bc264e8addcae2a48) C:\WINDOWS\system32\drivers\papyjoy.sys07:52:33.0187 1784 papyjoy - ok07:52:33.0265 1784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys07:52:33.0281 1784 Parport - ok07:52:33.0343 1784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys07:52:33.0343 1784 PartMgr - ok07:52:33.0421 1784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys07:52:33.0421 1784 ParVdm - ok07:52:33.0500 1784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys07:52:33.0515 1784 PCI - ok07:52:33.0546 1784 PCIDump - ok07:52:33.0640 1784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys07:52:33.0640 1784 PCIIde - ok07:52:33.0718 1784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys07:52:33.0718 1784 Pcmcia - ok07:52:33.0765 1784 PDCOMP - ok07:52:33.0828 1784 PDFRAME - ok07:52:33.0890 1784 PDRELI - ok07:52:33.0937 1784 PDRFRAME - ok07:52:33.0984 1784 perc2 - ok07:52:34.0109 1784 perc2hib - ok07:52:34.0234 1784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys07:52:34.0234 1784 PptpMiniport - ok07:52:34.0312 1784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys07:52:34.0312 1784 PSched - ok07:52:34.0375 1784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys07:52:34.0375 1784 Ptilink - ok07:52:34.0453 1784 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys07:52:34.0453 1784 PxHelp20 - ok07:52:34.0515 1784 ql1080 - ok07:52:34.0578 1784 Ql10wnt - ok07:52:34.0640 1784 ql12160 - ok07:52:34.0687 1784 ql1240 - ok07:52:34.0734 1784 ql1280 - ok07:52:34.0796 1784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys07:52:34.0796 1784 RasAcd - ok07:52:34.0859 1784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys07:52:34.0875 1784 Rasl2tp - ok07:52:34.0921 1784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys07:52:34.0921 1784 RasPppoe - ok07:52:34.0968 1784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys07:52:34.0968 1784 Raspti - ok07:52:35.0046 1784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys07:52:35.0062 1784 Rdbss - ok07:52:35.0203 1784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys07:52:35.0203 1784 RDPCDD - ok07:52:35.0375 1784 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys07:52:35.0375 1784 RDPWD - ok07:52:35.0515 1784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys07:52:35.0515 1784 redbook - ok07:52:35.0656 1784 RegFilter (2ca761ce3abb7bbbb9c5519b2fb54f5e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys07:52:35.0656 1784 RegFilter - ok07:52:35.0781 1784 RTL8023xp (223d721e1334425df479b58123c9e886) C:\WINDOWS\system32\DRIVERS\EG1032xp.sys07:52:35.0796 1784 RTL8023xp - ok07:52:35.0906 1784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys07:52:35.0906 1784 Secdrv - ok07:52:35.0984 1784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys07:52:36.0000 1784 serenum - ok07:52:36.0062 1784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys07:52:36.0062 1784 Serial - ok07:52:36.0140 1784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys07:52:36.0156 1784 Sfloppy - ok07:52:36.0375 1784 Simbad - ok07:52:36.0421 1784 Sparrow - ok07:52:36.0500 1784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys07:52:36.0531 1784 splitter - ok07:52:36.0640 1784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys07:52:36.0640 1784 sr - ok07:52:36.0781 1784 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys07:52:36.0812 1784 Srv - ok07:52:36.0906 1784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys07:52:36.0921 1784 swenum - ok07:52:37.0000 1784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys07:52:37.0000 1784 swmidi - ok07:52:37.0109 1784 symc810 - ok07:52:37.0156 1784 symc8xx - ok07:52:37.0218 1784 sym_hi - ok07:52:37.0296 1784 sym_u3 - ok07:52:37.0390 1784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys07:52:37.0390 1784 sysaudio - ok07:52:37.0531 1784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys07:52:37.0531 1784 Tcpip - ok07:52:37.0640 1784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys07:52:37.0656 1784 TDPIPE - ok07:52:37.0734 1784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys07:52:37.0734 1784 TDTCP - ok07:52:37.0812 1784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys07:52:37.0812 1784 TermDD - ok07:52:37.0906 1784 TosIde - ok07:52:38.0031 1784 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys07:52:38.0031 1784 uagp35 - ok07:52:38.0140 1784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys07:52:38.0171 1784 Udfs - ok07:52:38.0296 1784 ultra - ok07:52:38.0390 1784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys07:52:38.0421 1784 Update - ok07:52:38.0593 1784 UrlFilter (62551ba687f1d0f582810cfa37384bb0) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys07:52:38.0593 1784 UrlFilter - ok07:52:38.0687 1784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys07:52:38.0703 1784 usbccgp - ok07:52:38.0781 1784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys07:52:38.0781 1784 usbehci - ok07:52:38.0906 1784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys07:52:38.0921 1784 usbhub - ok07:52:39.0000 1784 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys07:52:39.0015 1784 usbohci - ok07:52:39.0093 1784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys07:52:39.0109 1784 usbprint - ok07:52:39.0156 1784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys07:52:39.0156 1784 usbscan - ok07:52:39.0234 1784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS07:52:39.0234 1784 USBSTOR - ok07:52:39.0312 1784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys07:52:39.0312 1784 usbuhci - ok07:52:39.0421 1784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys07:52:39.0437 1784 VgaSave - ok07:52:39.0531 1784 viagfx (bcb2353661cb74a28c2e3e08ccfdff12) C:\WINDOWS\system32\DRIVERS\vtmini.sys07:52:39.0546 1784 viagfx - ok07:52:39.0687 1784 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\drivers\ViaIde.sys07:52:39.0687 1784 ViaIde - ok07:52:39.0750 1784 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys07:52:39.0765 1784 videX32 - ok07:52:39.0875 1784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys07:52:39.0875 1784 VolSnap - ok07:52:39.0968 1784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys07:52:39.0968 1784 Wanarp - ok07:52:40.0031 1784 WDICA - ok07:52:40.0109 1784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys07:52:40.0109 1784 wdmaud - ok07:52:40.0468 1784 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys07:52:40.0468 1784 WS2IFSL - ok07:52:40.0531 1784 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys07:52:40.0531 1784 WudfPf - ok07:52:40.0593 1784 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys07:52:40.0593 1784 WudfRd - ok07:52:40.0687 1784 xfilt (fcbc27869092850cdb75139f3818653a) C:\WINDOWS\system32\DRIVERS\xfilt.sys07:52:40.0687 1784 xfilt - ok07:52:40.0750 1784 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR007:52:40.0765 1784 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected07:52:40.0765 1784 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)07:52:40.0812 1784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR107:52:41.0046 1784 \Device\Harddisk1\DR1 - ok07:52:41.0062 1784 Boot (0x1200) (c0ea8aa4645a704e487618b16b6a98c8) \Device\Harddisk0\DR0\Partition007:52:41.0062 1784 \Device\Harddisk0\DR0\Partition0 - ok07:52:41.0078 1784 Boot (0x1200) (afe5d15929af794541b00200b42481d5) \Device\Harddisk1\DR1\Partition007:52:41.0078 1784 \Device\Harddisk1\DR1\Partition0 - ok07:52:41.0093 1784 ============================================================07:52:41.0093 1784 Scan finished07:52:41.0093 1784 ============================================================07:52:41.0125 1572 Detected object count: 107:52:41.0125 1572 Actual detected object count: 107:52:50.0593 1572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot07:52:50.0625 1572 \Device\Harddisk0\DR0 - ok07:52:50.0625 1572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 07:53:36.0671 3772 Deinitialize successComboFix 11-12-25.03 - Owner 12/26/2011 8:18.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1205 [GMT -5:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\windows\$NtUninstallKB19027$c:\windows\$NtUninstallKB19027$\1697984358\@c:\windows\$NtUninstallKB19027$\1697984358\bckfg.tmpc:\windows\$NtUninstallKB19027$\1697984358\cfg.inic:\windows\$NtUninstallKB19027$\1697984358\Desktop.inic:\windows\$NtUninstallKB19027$\1697984358\keywordsc:\windows\$NtUninstallKB19027$\1697984358\kwrd.dllc:\windows\$NtUninstallKB19027$\1697984358\L\leaqjkllc:\windows\$NtUninstallKB19027$\1697984358\lsflt7.verc:\windows\$NtUninstallKB19027$\1697984358\U\00000001.@c:\windows\$NtUninstallKB19027$\1697984358\U\00000002.@c:\windows\$NtUninstallKB19027$\1697984358\U\00000004.@c:\windows\$NtUninstallKB19027$\1697984358\U\80000000.@c:\windows\$NtUninstallKB19027$\1697984358\U\80000004.@c:\windows\$NtUninstallKB19027$\1697984358\U\80000032.@c:\windows\$NtUninstallKB19027$\250450256c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf..((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))..2011-12-26 03:21 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll2011-12-26 03:21 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll2011-12-16 18:27 . 2011-12-16 18:27 1409 ----a-w- c:\windows\QTFont.for2011-12-10 18:09 . 2011-12-10 18:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Visan2011-12-10 18:09 . 2011-12-10 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Visan2011-12-10 18:08 . 2011-12-10 18:08 -------- d-----w- c:\program files\HP Photo Creations2011-12-10 18:08 . 2011-12-10 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations2011-12-06 16:19 . 2011-12-06 16:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe2011-12-04 11:19 . 2011-12-04 11:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes2011-12-04 11:19 . 2011-12-04 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-12-04 11:18 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-12-04 11:18 . 2011-12-04 11:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-12-02 10:54 . 2011-11-23 00:42 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys2011-12-02 10:54 . 2011-12-04 17:37 -------- d-----w- c:\program files\PC Tools2011-12-02 10:52 . 2011-12-02 10:52 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp2011-12-02 06:53 . 2011-12-02 06:53 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE2011-12-02 06:52 . 2011-12-02 06:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!2011-12-02 06:46 . 2011-12-02 06:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert2011-12-02 05:06 . 2011-11-14 21:06 767952 ----a-w- c:\windows\BDTSupport.dll1241.old2011-12-02 05:06 . 2011-11-14 21:06 767952 ----a-w- c:\windows\BDTSupport.dll1228.old2011-12-02 05:06 . 2011-01-07 19:54 767952 ----a-w- c:\windows\BDTSupport.dll1218.old2011-12-02 05:06 . 2011-12-04 17:37 -------- d-----w- c:\program files\Browser Defender2011-12-02 05:06 . 2011-11-14 21:07 149456 ----a-w- c:\windows\SGDetectionTool.dll1241.old2011-12-02 05:06 . 2011-11-14 21:07 149456 ----a-w- c:\windows\SGDetectionTool.dll1228.old2011-12-02 05:06 . 2011-11-14 21:07 2246608 ----a-w- c:\windows\PCTBDCore.dll1241.old2011-12-02 05:06 . 2011-11-14 21:07 2246608 ----a-w- c:\windows\PCTBDCore.dll1228.old2011-12-02 05:06 . 2011-01-07 19:54 149456 ----a-w- c:\windows\SGDetectionTool.dll1218.old2011-12-02 05:06 . 2011-01-07 19:54 2000848 ----a-w- c:\windows\PCTBDCore.dll1218.old2011-12-02 02:15 . 2011-12-04 17:37 -------- d-----w- c:\program files\Common Files\PC Tools2011-12-02 02:15 . 2011-12-02 05:54 -------- d-----w- c:\program files\PC Tools Security2011-12-02 02:15 . 2011-12-02 02:15 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools2011-12-02 02:11 . 2011-12-04 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools2011-12-02 00:09 . 2011-12-02 00:09 -------- d-----w- c:\documents and settings\Administrator2011-12-01 22:13 . 2011-12-01 21:58 116224 ----a-w- c:\windows\system32\OAfNkA.com2011-12-01 21:58 . 2011-12-01 21:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2011-11-29 11:38 . 2011-10-20 03:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-12-23 11:58 . 2004-08-04 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys2011-11-17 18:38 . 2011-07-21 22:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-10-31 14:11 . 2011-10-31 14:11 5359888 ----a-w- c:\windows\uninst.exe2011-10-10 14:22 . 2007-01-03 18:12 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll2011-11-09 23:19 . 2011-07-21 19:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]"DLCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2006-10-20 73728].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]c:\windows\system32\dumprep 0 -k [X].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]2011-11-12 15:42 1647448 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]2011-10-08 21:34 4441944 ----a-w- c:\program files\IObit\IObit Malware Fighter\IMF.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]2011-01-13 20:17 1589208 ----a-w- c:\program files\PC Tools Security\pctsGui.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"gupdatem"=3 (0x3)"gupdate"=2 (0x2)"mnmsrvc"=3 (0x3)"ATI Smart"=2 (0x2)"Ati HotKey Poller"=2 (0x2)"aspnet_state"=3 (0x3)"SSDPSRV"=3 (0x3)"ACDaemon"=3 (0x3)"Browser Defender Update Service"=2 (0x2)"MSDTC"=3 (0x3)"hkmsvc"=3 (0x3)"ImapiService"=3 (0x3)"dmadmin"=3 (0x3)"SwPrv"=3 (0x3)"NtLmSsp"=3 (0x3)"ose"=3 (0x3)"sdAuxService"=3 (0x3)"sdCoreService"=3 (0x3)"PCTSFileEnum"=3 (0x3)"WmdmPmSN"=3 (0x3)"seclogon"=3 (0x3)"ThreatFire"=3 (0x3)"VSS"=3 (0x3)"WmiApSrv"=3 (0x3)"WMPNetworkSvc"=3 (0x3)"iPod Service"=3 (0x3)"JavaQuickStarterService"=2 (0x2)"UPS"=3 (0x3)"RemoteAccess"=3 (0x3)"RDSessMgr"=3 (0x3)"RasMan"=3 (0x3)"RasAuto"=3 (0x3)"NtmsSvc"=3 (0x3)"FastUserSwitchingCompatibility"=3 (0x3)"Eventlog"=2 (0x2)"BITS"=2 (0x2)"TapiSrv"=3 (0x3)"IMFservice"=2 (0x2)"HidServ"=2 (0x2)"AdvancedSystemCareService5"=2 (0x2)"COMSysApp"=3 (0x3)"WZCSVC"=2 (0x2)"winmgmt"=2 (0x2)"SENS"=2 (0x2)"SamSs"=2 (0x2)"EventSystem"=3 (0x3)"dlcj_device"=2 (0x2)"WudfSvc"=3 (0x3)"EapHost"=3 (0x3)"TrkWks"=3 (0x3).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\WINDOWS\\system32\\dlcjcoms.exe"="c:\\Program Files\\Dell Photo AIO Printer 964\\dlcjmon.exe"="c:\\Program Files\\Dell Photo AIO Printer 964\\dlcjaiox.exe"=.R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/5/2007 10:17 AM 13696]R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [4/7/2007 4:39 PM 1984]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/4/2011 6:19 AM 366152]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/4/2011 6:18 AM 22216]S3 ham50;Intel HaM Data Fax Voice Modem;c:\windows\system32\drivers\ham50.sys [1/5/2007 3:31 PM 365853]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [10/30/2011 8:44 PM 30368]S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [10/30/2011 8:44 PM 16208]S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/28/2011 12:59 PM 490840]S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [10/30/2011 8:44 PM 239472]S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2011 5:33 PM 136176]S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2011 5:33 PM 136176]S4 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [10/30/2011 8:44 PM 820568].Contents of the 'Scheduled Tasks' folder.2011-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42].2011-12-02 c:\windows\Tasks\At1.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At10.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At11.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At12.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At13.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At14.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At15.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At16.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At17.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At18.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At19.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At2.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At20.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At21.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At22.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-06 c:\windows\Tasks\At23.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-06 c:\windows\Tasks\At24.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-06 c:\windows\Tasks\At25.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-06 c:\windows\Tasks\At26.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At27.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At28.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At29.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At3.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At30.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At31.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At32.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At33.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At34.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At35.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At36.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At37.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At38.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At39.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At4.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At40.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At41.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At42.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At43.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At44.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At45.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At46.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At47.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At48.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At5.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-01 c:\windows\Tasks\At6.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At7.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At8.job- c:\windows\system32\OAfNkA.com_ [2011-12-01 21:58].2011-12-02 c:\windows\Tasks\At9.job- c:\windows\system32\OAfNkA.com [2011-12-01 21:58].2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 22:32].2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 22:32].2011-12-26 c:\windows\Tasks\HP Photo Creations Communicator.job- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-11-16 10:11]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sTCP: DhcpNameServer = 192.168.1.1DPF: {3D54FEE0-CE46-11D4-8288-0050BA6A5ABF} - file:///C:/Program%20Files/Newsoft/Presto!%20Mr.%20Photo%203/CardExpr/iepiev20.cabFF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w6b3epfq.default\FF - prefs.js: browser.startup.homepage - www.yahoo.comFF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=68107931&tool_id=62781&qkw=.- - - - ORPHANS REMOVED - - - -.Notify-TPSvc - TPSvc.dllSafeBoot-61326833.sysMSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exeMSConfigStartUp-PCTools FGuard - c:\program files\Browser Defender\FGuard.exeMSConfigStartUp-Privacy Protection - c:\documents and settings\All Users\Application Data\privacy.exeMSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-12-26 08:37Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,32,48,f2,bc,4d,fc,49,96,3d,ae,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,32,48,f2,bc,4d,fc,49,96,3d,ae,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(732)c:\windows\system32\Ati2evxx.dll.- - - - - - - > 'explorer.exe'(848)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Google\Update\Install\{AB6DD9E5-5DBC-4858-BFDF-F5856CA34C2F}\chrome_updater.exec:\windows\system32\config\SYSTEM~1\LOCALS~1\Temp\CR_DA3E0.tmp\setup.exec:\windows\system32\wscntfy.exec:\windows\SoftwareDistribution\Download\120366dc23638169395185f6bd9f31e4\update\update.exe.**************************************************************************.Completion time: 2011-12-26 08:46:11 - machine was rebootedComboFix-quarantined-files.txt 2011-12-26 13:46.Pre-Run: 12,882,157,568 bytes freePost-Run: 13,287,927,808 bytes free.WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect.- - End Of File - - 8B6BD5ABA90E577FD19AB257C1C1BE40MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows XP Home EditionWindows Information: Service Pack 3 (build 2600)Logical Drives Mask: 0x0000003cKernel Drivers (total 121): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EF000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75A8000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7597000 pci.sys 0xF75F7000 isapnp.sys 0xF7A4F000 PCIIde.sys 0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS 0xF798B000 ViaIde.sys 0xF7607000 MountMgr.sys 0xF74D8000 ftdisk.sys 0xF770F000 videX32.sys 0xF7717000 PartMgr.sys 0xF7617000 VolSnap.sys 0xF74C0000 atapi.sys 0xF7627000 disk.sys 0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF74A0000 fltmgr.sys 0xF748E000 sr.sys 0xF771F000 xfilt.sys 0xF7647000 PxHelp20.sys 0xF7477000 KSecDD.sys 0xF7B52000 Ntfs.sys 0xF744A000 NDIS.sys 0xF7657000 Combo-Fix.sys 0xF7667000 uagp35.sys 0xBA7E6000 Mup.sys 0xBA70E000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB9757000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xB9743000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF77E7000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xB971F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF77EF000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB970D000 \SystemRoot\system32\DRIVERS\EG1032xp.sys 0xBA6FE000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA6EE000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA6DE000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB96EA000 \SystemRoot\system32\DRIVERS\ks.sys 0xF77F7000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB9321000 \SystemRoot\system32\drivers\ALCXWDM.SYS 0xB92FD000 \SystemRoot\system32\drivers\portcls.sys 0xBA6CE000 \SystemRoot\system32\drivers\drmk.sys 0xF77FF000 \SystemRoot\system32\DRIVERS\fdc.sys 0xBA6BE000 \SystemRoot\system32\DRIVERS\serial.sys 0xBA78E000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB92E9000 \SystemRoot\system32\DRIVERS\parport.sys 0xBA6AE000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF7807000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xBA31A000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF7697000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA78A000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB92D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF76A7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF76B7000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF780F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB92C1000 \SystemRoot\system32\DRIVERS\psched.sys 0xF76C7000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7817000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF781F000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF76D7000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF774F000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF799D000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB9213000 \SystemRoot\system32\DRIVERS\update.sys 0xBA77A000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF76F7000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF7567000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF79A1000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF79AB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xA0C1B000 \SystemRoot\System32\Drivers\Null.SYS 0xF79AD000 \SystemRoot\System32\Drivers\Beep.SYS 0xA0C1A000 \SystemRoot\system32\drivers\papycpu.sys 0xA0C19000 \SystemRoot\system32\drivers\papyjoy.sys 0xF775F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7767000 \SystemRoot\System32\drivers\vga.sys 0xF79AF000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79B1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF776F000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7777000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA696000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA0A4E000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA09F5000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xA09CD000 \SystemRoot\system32\DRIVERS\netbt.sys 0xA09AB000 \SystemRoot\System32\drivers\afd.sys 0xB9894000 \SystemRoot\system32\DRIVERS\netbios.sys 0xA0980000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xA0910000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xB9884000 \SystemRoot\System32\Drivers\Fips.SYS 0x9FC02000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xB9864000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xBA7A6000 \??\C:\WINDOWS\system32\drivers\BIOS.sys 0xF779F000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xBA79A000 \SystemRoot\system32\DRIVERS\usbscan.sys 0xF77A7000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xF77AF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xBA796000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xB9834000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xB9203000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xF7547000 \SystemRoot\System32\Drivers\Cdfs.SYS 0x9FBE0000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF79C9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xA0AA7000 \SystemRoot\System32\drivers\Dxapi.sys 0xF77C7000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7A66000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF049000 \SystemRoot\System32\ati2cqag.dll 0xBF083000 \SystemRoot\System32\ati3duag.dll 0xBF257000 \SystemRoot\System32\ativvaxx.dll 0xA0AA3000 \??\C:\WINDOWS\system32\drivers\mbam.sys 0xF79A9000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xB9271000 \SystemRoot\System32\drivers\aspi32.sys 0x9F62B000 \SystemRoot\system32\drivers\wdmaud.sys 0x9F730000 \SystemRoot\system32\drivers\sysaudio.sys 0x9F258000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys 0x9F035000 \SystemRoot\system32\drivers\kmixer.sys 0x9FB80000 \??\C:\ComboFix\catchme.sys 0xF79D7000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0x7C900000 \WINDOWS\system32\ntdll.dllProcesses (total 23): 0 System Idle Process 4 System 660 C:\WINDOWS\system32\smss.exe 708 csrss.exe 732 C:\WINDOWS\system32\winlogon.exe 776 C:\WINDOWS\system32\services.exe 788 C:\WINDOWS\system32\lsass.exe 944 C:\WINDOWS\system32\svchost.exe 1008 svchost.exe 1104 C:\WINDOWS\system32\svchost.exe 1144 svchost.exe 1296 C:\WINDOWS\system32\svchost.exe 1412 C:\WINDOWS\system32\spoolsv.exe 1532 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 1664 C:\WINDOWS\system32\svchost.exe 1900 C:\WINDOWS\system32\wuauclt.exe 768 C:\WINDOWS\system32\wscntfy.exe 2000 alg.exe 1644 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 848 C:\WINDOWS\explorer.exe 1944 C:\Program Files\Mozilla Firefox\firefox.exe 1812 C:\WINDOWS\system32\wuauclt.exe 984 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)PhysicalDrive0 Model Number: ST330620A, Rev: 3.05 PhysicalDrive1 Model Number: IC35L040AVER07-0, Rev: ER4OA46A Size Device Name MBR Status -------------------------------------------- 27 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A 37 GB \\.\PhysicalDrive1 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644ADone! Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted December 26, 2011 ID:509478 Share Posted December 26, 2011 Looking better!Let's run some more scans to determine if there's anything ComboFix & TDSSkiller may have missed:Download Rootkit Unhooker and save it to your Desktop.Close all open programs and browsers, then double-click RKUnhookerLE.exe to run it.Vista/Windows 7 users right-click and select Run As Administrator.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUNcheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait until the scanner has finished then go File > Save ReportSave the report somewhere you can find it. Click CloseCopy the entire contents of the report and paste it in your next reply.Note: You may get the following warning---just ignore it, click OK and continue. Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?----------Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.Please download RootRepeal.zip from here.Extract the program file to your Desktop.Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.Select ALL of the checkboxes and then click OK and it will start scanning your system.If you have multiple drives you only need to check the C: drive or the one Windows is installed on.When done, click on Save ReportSave it to the Desktop.Please copy/paste the contents of the report in your next reply.NOTE! Please remove any e-mail address in the RootRepeal report (if present).----------Please post both the RootkitUnhooker & RootRepeal reports in your next reply. Let me know how things go . Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted January 1, 2012 ID:512195 Share Posted January 1, 2012 (bump)Are you still with me? If your problems still persist, let me know and we'll go about fixing them. If not, please let me know so I can close this topic.-DFB Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 13, 2012 ID:526397 Share Posted February 13, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts