Jump to content
E5SargeUSMC

some kind of rootkit no doubt

Recommended Posts

durn thing is running slow as hell, and something is messing with virtual memory. Here's my stuff:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 10:28:00 on 2012-02-16

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1536.468 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe

C:\Program Files\Java\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe

C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe

C:\Program Files\Security Applications\Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mgabg.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

C:\WINDOWS\system32\NLSSRV32.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Hardware\Mouse\Amoumain.exe

C:\Program Files\Security Applications\Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Microsoft\Office\Taskbar\Office\1033\msoffice.exe

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\msiexec.exe

C:\WINDOWS\System32\MsiExec.exe

C:\WINDOWS\system32\rundll32.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [WheelMouse] c:\hardware\mouse\Amoumain.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\security applications\anti-malware\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\windows\installer\{00030409-78e1-11d2-b60f-006097c998e7}\misc.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://leagueathletics.com/XUpload.ocx

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 24.92.226.11 24.92.226.12

TCP: Interfaces\{5866CAD3-85A2-469E-A9F0-FCCE62AB7711} : DhcpNameServer = 24.92.226.11 24.92.226.12

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - f:\program files\qb enterprise\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\e27eqehy.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - plugin: c:\program files\adobe reader\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe reader\reader\browser\nppdf32.dll

FF - plugin: c:\program files\java\bin\new_plugin\npdeploytk.dll

FF - plugin: c:\program files\java\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsl8ad52afc;MpKsl8ad52afc;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21c0f143-f402-4446-b2b9-9a86d88667fd}\MpKsl8ad52afc.sys [2012-2-15 29904]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 COMMSB96;COMMSB96;c:\windows\system32\drivers\COMMSB96.sys [2009-5-4 24776]

R2 COMMSBEP;COMMSBEP;c:\windows\system32\drivers\COMMSBEP.sys [2009-5-4 44236]

R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-12-15 87368]

R2 Matrox Centering Service;Matrox Centering Service;c:\program files\matrox graphics inc\powerdesk\services\Matrox.PowerDesk.Services.exe [2009-6-11 1263872]

R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\matrox graphics inc\powerdesk se\Matrox.Pdesk.ServicesHost.exe [2009-6-11 344832]

R2 MBAMService;MBAMService;c:\program files\security applications\anti-malware\mbamservice.exe [2009-8-6 652872]

R2 MIP 5000 TFTP Server;MIP 5000 TFTP Server;c:\program files\programming applications\motorola\mip5k\tftp\TFTP Server.exe [2009-2-11 136704]

R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-11-14 218992]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-11-2 68896]

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-8-19 1248256]

R3 Amps2prt;AOpen PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2002-3-9 9216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-6 20464]

S3 fudally;fudally;c:\windows\system32\drivers\fudally.sys [2004-2-9 12928]

S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2011-6-17 47176]

S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2011-6-17 58496]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 xgusb;Unity XG Devices;c:\windows\system32\drivers\xgusb.sys [2010-11-12 30720]

.

=============== Created Last 30 ================

.

2012-02-15 21:32:10 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21c0f143-f402-4446-b2b9-9a86d88667fd}\offreg.dll

2012-02-15 21:32:10 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21c0f143-f402-4446-b2b9-9a86d88667fd}\MpKsl8ad52afc.sys

2012-02-15 17:25:55 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21c0f143-f402-4446-b2b9-9a86d88667fd}\mpengine.dll

2012-01-27 15:28:46 -------- d-----w- c:\program files\Motorola Media Link

2012-01-27 15:23:58 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp

2012-01-24 16:26:07 -------- d-----w- c:\documents and settings\owner\local settings\application data\Solid State Networks

2012-01-24 16:13:07 -------- d-----w- c:\documents and settings\owner\application data\gpdf2swf

2012-01-24 16:11:52 -------- d-----w- c:\program files\SWFTools

2012-01-18 21:02:58 72192 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp43a.dll

2012-01-18 21:02:53 37376 ----a-w- c:\windows\system32\hpz3l43a.dll

2012-01-18 20:25:48 94208 ----a-w- c:\windows\system32\HPZipt12.dll

2012-01-18 20:25:48 69632 ----a-w- c:\windows\system32\HPZipm12.exe

2012-01-18 20:25:48 65536 ----a-w- c:\windows\system32\HPZinw12.exe

2012-01-18 20:25:48 57344 ----a-w- c:\windows\system32\HPZisn12.dll

2012-01-18 20:25:47 278584 ----a-w- c:\windows\system32\HPZidr12.dll

2012-01-18 20:25:47 204800 ----a-w- c:\windows\system32\HPZipr12.dll

2012-01-18 20:24:05 -------- d-----w- c:\program files\HP

2012-01-18 20:21:34 98304 ----a-w- c:\windows\system32\hpzjsn01.dll

2012-01-18 20:21:34 77824 ----a-w- c:\windows\system32\hpzids01.dll

.

==================== Find3M ====================

.

2012-02-01 15:43:27 65536 ----a-w- c:\windows\IFinst27.exe

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-28 13:24:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: HDS728080PLAT20 rev.PF2OA21B -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A0FB49F]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a102738]; MOV EAX, [0x8a1028ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A4BAAB8]

3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000061[0x8A4E19E8]

5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x8A4DE940]

\Driver\atapi[0x8A2F03F0] -> IRP_MJ_CREATE -> 0x8A0FB49F

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A0FB2C6

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 10:32:13.05 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 4/23/2009 3:41:21 PM

System Uptime: 2/16/2012 10:14:11 AM (0 hours ago)

.

Motherboard: ECS | | M825VXX

Processor: AMD Duron | Socket-A | 1300/100mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 39 GiB total, 13.547 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 38 GiB total, 16.651 GiB free.

F: is FIXED (NTFS) - 39 GiB total, 37.59 GiB free.

G: is FIXED (NTFS) - 35 GiB total, 34.714 GiB free.

H: is CDROM ()

K: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP828: 1/11/2012 3:08:51 PM - Installed ASTRO 25 Mobile CPS

RP829: 1/11/2012 3:28:33 PM - Installed ASTRO 25 Portable CPS

RP830: 1/11/2012 3:34:26 PM - Unsigned driver install

RP831: 1/13/2012 8:19:44 AM - Software Distribution Service 3.0

RP832: 1/13/2012 1:40:32 PM - Unsigned driver install

RP833: 1/16/2012 8:03:19 AM - Software Distribution Service 3.0

RP834: 1/17/2012 11:43:23 AM - Unsigned driver install

RP835: 1/18/2012 8:27:20 AM - Software Distribution Service 3.0

RP836: 1/18/2012 3:39:29 PM - Removed Adobe Content Viewer

RP837: 1/18/2012 3:39:52 PM - Removed Adobe Download Assistant

RP838: 1/18/2012 3:42:29 PM - Removed Adobe Community Help

RP839: 1/18/2012 3:44:45 PM - Removed XPS Essentials Pack

RP840: 1/19/2012 9:33:36 AM - Software Distribution Service 3.0

RP841: 1/19/2012 9:41:16 AM - Software Distribution Service 3.0

RP842: 1/20/2012 12:02:15 PM - System Checkpoint

RP843: 1/20/2012 12:53:32 PM - Removed MOTOTRBO Customer Programming Software

RP844: 1/20/2012 12:57:28 PM - Removed MOTOTRBO Tuner

RP845: 1/20/2012 1:04:46 PM - Installed Microsoft Visual C++ 2005 Redistributable

RP846: 1/20/2012 1:05:21 PM - Installed MOTOTRBO Customer Programming Software

RP847: 1/20/2012 1:10:12 PM - Installed MOTOTRBO Tuner

RP848: 1/23/2012 8:02:28 AM - Software Distribution Service 3.0

RP849: 1/24/2012 8:31:03 AM - System Checkpoint

RP850: 1/25/2012 8:02:53 AM - Software Distribution Service 3.0

RP851: 1/26/2012 8:12:56 AM - Software Distribution Service 3.0

RP852: 1/27/2012 8:15:31 AM - Software Distribution Service 3.0

RP853: 1/27/2012 10:18:28 AM - Installed MotoCast

RP854: 1/30/2012 8:04:29 AM - Software Distribution Service 3.0

RP855: 1/31/2012 2:06:01 PM - System Checkpoint

RP856: 2/1/2012 8:03:43 AM - Software Distribution Service 3.0

RP857: 2/2/2012 8:07:26 AM - Software Distribution Service 3.0

RP858: 2/3/2012 11:26:27 AM - System Checkpoint

RP859: 2/6/2012 8:05:43 AM - Software Distribution Service 3.0

RP860: 2/7/2012 2:59:26 PM - System Checkpoint

RP861: 2/7/2012 4:32:26 PM - Software Distribution Service 3.0

RP862: 2/8/2012 8:12:15 AM - Software Distribution Service 3.0

RP863: 2/9/2012 1:32:41 PM - System Checkpoint

RP864: 2/10/2012 8:02:23 AM - Software Distribution Service 3.0

RP865: 2/13/2012 8:08:35 AM - Software Distribution Service 3.0

RP866: 2/14/2012 10:48:58 AM - Software Distribution Service 3.0

RP867: 2/15/2012 12:25:35 PM - Software Distribution Service 3.0

RP868: 2/16/2012 8:04:19 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

1-Wire Drivers Version 4.02 Beta

ACU Controller

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.0

Adobe SVG Viewer 3.0

AOpen iWheelWorks Ver. 3.32

ApxFamilyCPS R05.01.00

ApxFamilyTuner R05.00.00

ASTRO 25 Mobile CPS

ASTRO 25 Portable CPS

ASTRO 25 Tuner

ASTRO Radio Tuner

ASTRO Saber & XTS 3000 CPS

ASTRO Spectra CPS

Avira NTFS4DOS 1.9

Business Portable Two Way Radio

Business Radio - Customer Programming Software

CARD Suite 4.3.0

CE39 for Windows

CE44 for Windows

CE49SetUp

CE59 for Windows(VX-4200_4100_920_820 Series)

CE64

CE82 for Windows

Commercial Series Customer Programming Software

Commercial Series Radios Patch Tool for Codeplug Corruption

Compatibility Pack for the 2007 Office system

CompuPic

CP110 CPS

CPS R02.02

CPS Reports

Crystal Reports Basic Runtime for Visual Studio 2008

CSDM-Lite

Data Doctor Recovery Removable Media (Demo)

Dell Driver Download Manager

DisplayFusion 3.1.6

DTMF Decoder

Entry Level Radio Customer Programming Software

Entry Level Radio Tuner

FTDI USB Serial Converter Drivers

GoToMeeting 4.8.0.723

GT Radio

Harris LMR Communications Planning Application 1.1.1

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB959765)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB971276-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Deskjet 6900 series

Icom CS-F100

Icom CS-F100 ADJ

Icom CS-F100S

Icom CS-F100S ADJ

Icom CS-F11

Icom CS-F11 ADJ

Icom CS-F3020/F5020

Icom CS-F3160/F5060

Icom CS-F3G

Icom CS-F3G ADJ

Icom CS-F43TR

Icom CS-F43TR ADJ

Icom CS-F50 ADJ

Icom CS-F500

Icom CS-F50MDC

Icom CS-F70/F1700

Icom CS-F70/F1700 ADJ

Java 6 Update 14

KeySecure

KL3 Universal Programmer Ver 3.88

KPG-101D

KPG-38D

KPG-44D

KPG-49D

KPG-56D

KPG-59D

KPG-79D

KPG-82D

KPG-88D

KPG-89D

KPG-91D

KPG-99D

Malwarebytes Anti-Malware version 1.60.1.1000

Matrox Graphics Software (remove only)

Matrox PowerDesk-SE

MC Series RSS

MCS2000 CPS

MCS2000 Tuner

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Small Business

Microsoft Office 2003 Primary Interop Assemblies

Microsoft Office Professional Edition 2003

Microsoft Report Viewer Redistributable 2008 (KB971118)

Microsoft Security Client

Microsoft Security Essentials

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft User-Mode Driver Framework Feature Pack 1.7

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft WinUsb 1.0

Microsoft XML Parser and SDK

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Minitor V PPS

Minitor4 PPS

MIP 5000 CSDM

Mobile Firmware Kit R04.00.02 with Codeplug R07.01

Mobile Firmware Kit R04.01.02 with Codeplug R08.00

Mobile Firmware Kit R05.08.05

Mobile Upgrade Kit R05.09.01

Mobile Upgrade Kit R05.10.02

MotoCast

MotoHelper 2.1.32 Driver 5.4.0

MotoHelper MergeModules

Motorola Entry Level Professional Radio CPS-R02.01.03-AA

MOTOROLA MEDIA LINK

Motorola Mobile Drivers Installation 5.4.0

Motorola Professional Radio CPS-R06.12.04

Motorola Radius 1225 Series RSS

Motorola Radius 1225LS Series RSS

Motorola Trunking Professional Radio CPS R02.00.00-AA

Motorola Trunking Professional Radio CPS R02.03.00

MOTOTRBO Customer Programming Software

MOTOTRBO R010810_100001 Repeater Update Packages

MOTOTRBO R010820_100001 Mobile Update Packages

MOTOTRBO R010820_100001 Portable Update Packages

MOTOTRBO RDAC

MOTOTRBO Tuner

MOTOTRBO Wireline_02030122 MTR3000 FPGA Image Upgrade

Mozilla Firefox 4.0 (x86 en-US)

MS Speech

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MTS2000 CPS

MTS2000 Tuner

NVIDIA Drivers

Paint.NET v3.5.10

Pando

PL-2303 USB-to-Serial

Portable Firmware Kit R03.07.01A with Codeplug R10.01

Portable Upgrade Kit R05.16.01 - Non Four Line Display

PR860 Customer Programming Software

Premier MDC - NY ONTARIO COUNTY SHERIFF

Professional Series Customer Programming Software

ProSavageDDR and Utilities

PX-777

QFolder

QuickBooks

QuickBooks Enterprise Solutions 12.0

Radio Service Software

RDX Series CPS

RPV599A & RPU499A Programming Software

RPV599A Programming Software

RPV599A&RPU499A Programming Software V2.3

S3Display

S3Gamma2

S3Info2

S3Overlay

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sentinel System Driver

Sentralok-A

Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7

SVR-250 CPS

Tuner Professional(R02.15.00)

Tuner R02.16.00 for Motorola Professional and Entry Level Radios

Tweak UI

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

UpgradeKit_Conv_Mobile_R05.10.01

UpgradeKit_Portable_R05.17.01_Non_Four_Lines_Display_Radios

UpgradeKit_Portable_R05.17.02_Non_Four_Lines_Display_Radios

VIA Rhine-Family Fast Ethernet Adapter

WebFldrs XP

Windows Backup Utility

Windows Driver Package - Motorola Corporation (USB_RNDIS) Net (05/13/2005 5.2.3790.1454)

Windows Driver Package - Motorola Solutions, Inc. (fudally) MotorolaUSBFlashZap (04/12/2011 03.04.00.00)

Windows Driver Package - Motorola, Inc. (fudally) MotorolaUSBFlashZap (11/26/2007 03.04.00.00)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows XP Service Pack 3

WinRAR archiver

WinRSS

winSJIpp for MOTOTRBO

winSJIpp for MOTOTRBO (c:\Program Files\Programming Applications\Motorola\MotoTrbo\SJ for Turbo\)

WinZip

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

2/9/2012 8:07:27 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Pando\pando.exe. Reference error message: The operation completed successfully. .

2/9/2012 8:07:27 AM, error: DCOM [10000] - Unable to start a DCOM Server: {FA08F856-F05E-499B-9A48-F153A147DF27}. The error: "%14001" Happened while starting this command: "C:\Program Files\Pando\pando.exe" -Embedding

2/16/2012 8:33:55 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2633880).

2/16/2012 7:58:27 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBIDPService service to connect.

2/16/2012 10:18:17 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

2/16/2012 10:18:17 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/16/2012 10:13:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 DS1410D Fips MpFilter

2/16/2012 10:00:35 AM, error: E100B [4] - Adapter IBM 10/100 EtherJet PCI Adapter with Alert on LAN: Adapter Link Down

2/13/2012 7:59:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello E5SargeUSMC! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Your system is infected with TDL3 rootkit. A lot of information you can find here:

http://forum.sysinternals.com/rootkit-tdl-3_topic21266.html

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

In your next post, please include:

  • TDSSKiller log
  • ComboFix log

Share this post


Link to post
Share on other sites

response:

11:32:42.0654 4316 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

11:32:43.0815 4316 ============================================================

11:32:43.0815 4316 Current date / time: 2012/02/16 11:32:43.0815

11:32:43.0815 4316 SystemInfo:

11:32:43.0815 4316

11:32:43.0815 4316 OS Version: 5.1.2600 ServicePack: 3.0

11:32:43.0815 4316 Product type: Workstation

11:32:43.0815 4316 ComputerName: REPAIR-SHOP1

11:32:43.0815 4316 UserName: Owner

11:32:43.0815 4316 Windows directory: C:\WINDOWS

11:32:43.0815 4316 System windows directory: C:\WINDOWS

11:32:43.0815 4316 Processor architecture: Intel x86

11:32:43.0815 4316 Number of processors: 1

11:32:43.0815 4316 Page size: 0x1000

11:32:43.0815 4316 Boot type: Normal boot

11:32:43.0815 4316 ============================================================

11:32:50.0595 4316 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

11:32:50.0615 4316 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

11:32:50.0625 4316 Drive \Device\Harddisk2\DR8 - Size: 0x1DF3FFE00 (7.49 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

11:32:50.0625 4316 \Device\Harddisk0\DR0:

11:32:50.0625 4316 MBR used

11:32:50.0625 4316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC

11:32:50.0645 4316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x4B3D830

11:32:50.0645 4316 \Device\Harddisk1\DR1:

11:32:50.0645 4316 MBR used

11:32:50.0645 4316 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC

11:32:50.0645 4316 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x4E1EE2B, BlocksNum 0x46EF696

11:32:50.0645 4316 \Device\Harddisk2\DR8:

11:32:50.0645 4316 MBR used

11:32:50.0836 4316 Initialize success

11:32:50.0836 4316 ============================================================

11:33:15.0521 4328 ============================================================

11:33:15.0521 4328 Scan started

11:33:15.0521 4328 Mode: Manual; SigCheck; TDLFS;

11:33:15.0521 4328 ============================================================

11:33:16.0623 4328 Abiosdsk - ok

11:33:16.0793 4328 abp480n5 - ok

11:33:17.0063 4328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:33:22.0872 4328 ACPI - ok

11:33:23.0102 4328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

11:33:23.0723 4328 ACPIEC - ok

11:33:23.0913 4328 adpu160m - ok

11:33:24.0143 4328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:33:25.0005 4328 aec - ok

11:33:25.0225 4328 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

11:33:25.0495 4328 AFD - ok

11:33:25.0676 4328 Aha154x - ok

11:33:25.0796 4328 aic78u2 - ok

11:33:25.0956 4328 aic78xx - ok

11:33:26.0166 4328 AliIde - ok

11:33:26.0307 4328 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

11:33:26.0727 4328 AmdK7 - ok

11:33:26.0907 4328 Amps2prt (1eb5ab76ce70e2f640a2c63438477674) C:\WINDOWS\system32\DRIVERS\Amps2prt.sys

11:33:27.0078 4328 Amps2prt ( UnsignedFile.Multi.Generic ) - warning

11:33:27.0078 4328 Amps2prt - detected UnsignedFile.Multi.Generic (1)

11:33:27.0268 4328 amsint - ok

11:33:27.0418 4328 asc - ok

11:33:27.0548 4328 asc3350p - ok

11:33:27.0729 4328 asc3550 - ok

11:33:28.0009 4328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:33:28.0400 4328 AsyncMac - ok

11:33:28.0630 4328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:33:29.0101 4328 atapi - ok

11:33:29.0241 4328 Atdisk - ok

11:33:29.0481 4328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:33:29.0972 4328 Atmarpc - ok

11:33:30.0192 4328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:33:30.0743 4328 audstub - ok

11:33:30.0883 4328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:33:31.0384 4328 Beep - ok

11:33:31.0664 4328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:33:32.0155 4328 cbidf2k - ok

11:33:32.0395 4328 cd20xrnt - ok

11:33:32.0676 4328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:33:33.0206 4328 Cdaudio - ok

11:33:33.0497 4328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:33:34.0258 4328 Cdfs - ok

11:33:34.0488 4328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:33:34.0979 4328 Cdrom - ok

11:33:35.0169 4328 Changer - ok

11:33:35.0460 4328 CmdIde - ok

11:33:35.0690 4328 COMMSB96 (4373058afc130b5ebe021f0a2a12b7ec) C:\WINDOWS\system32\drivers\COMMSB96.sys

11:33:35.0860 4328 COMMSB96 ( UnsignedFile.Multi.Generic ) - warning

11:33:35.0860 4328 COMMSB96 - detected UnsignedFile.Multi.Generic (1)

11:33:36.0101 4328 COMMSBEP (bbe6c601f43c21dee3f454f7a23dd5ef) C:\WINDOWS\system32\drivers\COMMSBEP.sys

11:33:36.0281 4328 COMMSBEP ( UnsignedFile.Multi.Generic ) - warning

11:33:36.0281 4328 COMMSBEP - detected UnsignedFile.Multi.Generic (1)

11:33:36.0571 4328 Cpqarray - ok

11:33:36.0742 4328 dac2w2k - ok

11:33:36.0952 4328 dac960nt - ok

11:33:37.0182 4328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:33:37.0533 4328 Disk - ok

11:33:37.0923 4328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:33:38.0534 4328 dmboot - ok

11:33:38.0744 4328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:33:39.0185 4328 dmio - ok

11:33:39.0375 4328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:33:39.0836 4328 dmload - ok

11:33:40.0126 4328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:33:40.0467 4328 DMusic - ok

11:33:40.0697 4328 dpti2o - ok

11:33:40.0958 4328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:33:41.0288 4328 drmkaud - ok

11:33:41.0559 4328 DS1410D (f3bcfdb8fc089258b5b4eeb0e92b5664) C:\WINDOWS\system32\drivers\DS1410D.SYS

11:33:43.0912 4328 DS1410D - ok

11:33:44.0182 4328 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

11:33:44.0763 4328 E100B - ok

11:33:45.0074 4328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:33:45.0424 4328 Fastfat - ok

11:33:45.0815 4328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

11:33:46.0155 4328 Fdc - ok

11:33:46.0436 4328 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

11:33:46.0626 4328 FETND5BV - ok

11:33:46.0836 4328 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

11:33:47.0257 4328 FETNDIS - ok

11:33:47.0517 4328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:33:47.0858 4328 Fips - ok

11:33:48.0138 4328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

11:33:48.0519 4328 Flpydisk - ok

11:33:48.0789 4328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:33:49.0139 4328 FltMgr - ok

11:33:49.0360 4328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:33:49.0780 4328 Fs_Rec - ok

11:33:50.0031 4328 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys

11:33:50.0291 4328 FTDIBUS - ok

11:33:50.0581 4328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:33:51.0072 4328 Ftdisk - ok

11:33:51.0293 4328 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys

11:33:51.0503 4328 FTSER2K - ok

11:33:51.0823 4328 fudally (d5e7365af6c323aba21f38b0356eba16) C:\WINDOWS\system32\drivers\fudally.sys

11:33:51.0913 4328 fudally ( UnsignedFile.Multi.Generic ) - warning

11:33:51.0913 4328 fudally - detected UnsignedFile.Multi.Generic (1)

11:33:52.0214 4328 G400 (36feb2ddce5f84128c2a8dbc60538dad) C:\WINDOWS\system32\DRIVERS\G400m.sys

11:33:52.0725 4328 G400 - ok

11:33:52.0945 4328 G400DH (2dd3d27e36ebf6804c40b843ff10872f) C:\WINDOWS\system32\DRIVERS\g400dhm.sys

11:33:53.0335 4328 G400DH - ok

11:33:53.0576 4328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:33:53.0916 4328 Gpc - ok

11:33:54.0237 4328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:33:54.0567 4328 HidUsb - ok

11:33:54.0747 4328 hpn - ok

11:33:54.0968 4328 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

11:33:55.0238 4328 HPZius12 - ok

11:33:55.0549 4328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:33:55.0789 4328 HTTP - ok

11:33:55.0999 4328 i2omgmt - ok

11:33:56.0200 4328 i2omp - ok

11:33:56.0440 4328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:33:56.0861 4328 i8042prt - ok

11:33:57.0151 4328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:33:57.0491 4328 Imapi - ok

11:33:57.0692 4328 ini910u - ok

11:33:57.0862 4328 IntelIde - ok

11:33:58.0082 4328 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:33:58.0463 4328 ip6fw - ok

11:33:58.0853 4328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:33:59.0344 4328 IpFilterDriver - ok

11:33:59.0574 4328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:33:59.0975 4328 IpInIp - ok

11:34:00.0235 4328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:34:00.0586 4328 IpNat - ok

11:34:00.0826 4328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:34:01.0197 4328 IPSec - ok

11:34:01.0447 4328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:34:01.0838 4328 IRENUM - ok

11:34:02.0068 4328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:34:02.0388 4328 isapnp - ok

11:34:02.0639 4328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:34:02.0949 4328 Kbdclass - ok

11:34:03.0200 4328 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

11:34:03.0480 4328 kbdhid - ok

11:34:03.0730 4328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:34:04.0011 4328 kmixer - ok

11:34:04.0281 4328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:34:04.0612 4328 KSecDD - ok

11:34:04.0812 4328 lbrtfdc - ok

11:34:05.0052 4328 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

11:34:05.0182 4328 MBAMProtector - ok

11:34:05.0473 4328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:34:05.0914 4328 mnmdd - ok

11:34:06.0134 4328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:34:06.0444 4328 Modem - ok

11:34:06.0715 4328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:34:07.0015 4328 Mouclass - ok

11:34:07.0205 4328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:34:07.0566 4328 MountMgr - ok

11:34:07.0776 4328 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

11:34:07.0936 4328 MpFilter - ok

11:34:08.0157 4328 MpKslcfc75a0b (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21C0F143-F402-4446-B2B9-9A86D88667FD}\MpKslcfc75a0b.sys

11:34:08.0317 4328 MpKslcfc75a0b - ok

11:34:08.0477 4328 mraid35x - ok

11:34:08.0848 4328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:34:09.0158 4328 MRxDAV - ok

11:34:09.0489 4328 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:34:09.0859 4328 MRxSmb - ok

11:34:10.0140 4328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:34:10.0450 4328 Msfs - ok

11:34:10.0801 4328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:34:11.0161 4328 MSKSSRV - ok

11:34:11.0451 4328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:34:11.0732 4328 MSPCLOCK - ok

11:34:11.0882 4328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:34:12.0163 4328 MSPQM - ok

11:34:12.0373 4328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:34:12.0663 4328 mssmbios - ok

11:34:12.0854 4328 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

11:34:13.0034 4328 Mup - ok

11:34:13.0294 4328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:34:13.0635 4328 NDIS - ok

11:34:13.0815 4328 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:34:13.0905 4328 NdisTapi - ok

11:34:14.0085 4328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:34:14.0386 4328 Ndisuio - ok

11:34:14.0616 4328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:34:14.0997 4328 NdisWan - ok

11:34:15.0187 4328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

11:34:15.0417 4328 NDProxy - ok

11:34:15.0648 4328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:34:15.0968 4328 NetBIOS - ok

11:34:16.0168 4328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:34:16.0569 4328 NetBT - ok

11:34:16.0959 4328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:34:17.0320 4328 Npfs - ok

11:34:17.0660 4328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:34:18.0181 4328 Ntfs - ok

11:34:18.0442 4328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:34:18.0852 4328 Null - ok

11:34:19.0123 4328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:34:19.0563 4328 NwlnkFlt - ok

11:34:19.0814 4328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:34:20.0354 4328 NwlnkFwd - ok

11:34:20.0735 4328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

11:34:21.0165 4328 Parport - ok

11:34:21.0406 4328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:34:21.0826 4328 PartMgr - ok

11:34:22.0097 4328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:34:22.0608 4328 ParVdm - ok

11:34:22.0838 4328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:34:23.0218 4328 PCI - ok

11:34:23.0369 4328 PCIDump - ok

11:34:23.0549 4328 PCIIde - ok

11:34:23.0809 4328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:34:24.0150 4328 Pcmcia - ok

11:34:24.0360 4328 PDCOMP - ok

11:34:24.0580 4328 PDFRAME - ok

11:34:24.0791 4328 PDRELI - ok

11:34:25.0001 4328 PDRFRAME - ok

11:34:25.0181 4328 perc2 - ok

11:34:25.0321 4328 perc2hib - ok

11:34:25.0732 4328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:34:26.0063 4328 PptpMiniport - ok

11:34:26.0323 4328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:34:26.0693 4328 PSched - ok

11:34:26.0974 4328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:34:27.0384 4328 Ptilink - ok

11:34:27.0665 4328 ql1080 - ok

11:34:27.0855 4328 Ql10wnt - ok

11:34:28.0055 4328 ql12160 - ok

11:34:28.0246 4328 ql1240 - ok

11:34:28.0386 4328 ql1280 - ok

11:34:28.0596 4328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:34:29.0017 4328 RasAcd - ok

11:34:29.0287 4328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:34:29.0608 4328 Rasl2tp - ok

11:34:29.0888 4328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:34:30.0198 4328 RasPppoe - ok

11:34:30.0439 4328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:34:30.0919 4328 Raspti - ok

11:34:31.0170 4328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:34:31.0530 4328 Rdbss - ok

11:34:31.0801 4328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:34:32.0221 4328 RDPCDD - ok

11:34:32.0512 4328 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

11:34:32.0892 4328 RDPWD - ok

11:34:33.0123 4328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:34:33.0453 4328 redbook - ok

11:34:33.0814 4328 S3Psddr (5cf6ea833ebd3cf79573e6960f4b9e0b) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys

11:34:34.0024 4328 S3Psddr - ok

11:34:34.0094 4328 S3SavageNB (5cf6ea833ebd3cf79573e6960f4b9e0b) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys

11:34:34.0184 4328 S3SavageNB - ok

11:34:34.0525 4328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:34:34.0855 4328 Secdrv - ok

11:34:35.0166 4328 Sentinel (99c81af18c0bf4d3b2ce0b36941e150f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS

11:34:35.0246 4328 Sentinel ( UnsignedFile.Multi.Generic ) - warning

11:34:35.0246 4328 Sentinel - detected UnsignedFile.Multi.Generic (1)

11:34:35.0506 4328 Ser2pl (0027cb14afaa576881fbaa16bb9762e2) C:\WINDOWS\system32\DRIVERS\ser2pl.sys

11:34:35.0766 4328 Ser2pl - ok

11:34:36.0017 4328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

11:34:36.0307 4328 serenum - ok

11:34:36.0538 4328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

11:34:36.0978 4328 Serial - ok

11:34:37.0329 4328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:34:37.0619 4328 Sfloppy - ok

11:34:37.0890 4328 silabenm (3ead8e1668ce42a0afe41d56e7157bcf) C:\WINDOWS\system32\DRIVERS\silabenm.sys

11:34:38.0010 4328 silabenm - ok

11:34:38.0240 4328 silabser (177d3ebf3e236a272d769c14f73ecc3e) C:\WINDOWS\system32\DRIVERS\silabser.sys

11:34:38.0440 4328 silabser - ok

11:34:38.0631 4328 Simbad - ok

11:34:38.0821 4328 slabbus - ok

11:34:39.0021 4328 slabser - ok

11:34:39.0261 4328 Sparrow - ok

11:34:39.0562 4328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:34:39.0942 4328 splitter - ok

11:34:40.0183 4328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:34:40.0553 4328 sr - ok

11:34:40.0954 4328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

11:34:41.0284 4328 Srv - ok

11:34:41.0565 4328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:34:41.0845 4328 swenum - ok

11:34:42.0045 4328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:34:42.0366 4328 swmidi - ok

11:34:42.0626 4328 symc810 - ok

11:34:42.0817 4328 symc8xx - ok

11:34:42.0967 4328 sym_hi - ok

11:34:43.0177 4328 sym_u3 - ok

11:34:43.0377 4328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:34:43.0718 4328 sysaudio - ok

11:34:43.0968 4328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:34:44.0209 4328 Tcpip - ok

11:34:44.0409 4328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:34:44.0709 4328 TDPIPE - ok

11:34:44.0940 4328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:34:45.0270 4328 TDTCP - ok

11:34:45.0450 4328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:34:45.0801 4328 TermDD - ok

11:34:46.0051 4328 TosIde - ok

11:34:46.0262 4328 U2SP (975e28ba5acdd645c3d7a6775a63c8d9) C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys

11:34:46.0412 4328 U2SP - ok

11:34:46.0632 4328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:34:47.0003 4328 Udfs - ok

11:34:47.0163 4328 ultra - ok

11:34:47.0433 4328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:34:47.0894 4328 Update - ok

11:34:48.0114 4328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:34:48.0445 4328 usbccgp - ok

11:34:48.0745 4328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:34:49.0036 4328 usbehci - ok

11:34:49.0266 4328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:34:49.0606 4328 usbhub - ok

11:34:49.0817 4328 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

11:34:50.0097 4328 usbohci - ok

11:34:50.0287 4328 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:34:50.0588 4328 usbprint - ok

11:34:50.0848 4328 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

11:34:51.0139 4328 usbser - ok

11:34:51.0359 4328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:34:51.0649 4328 USBSTOR - ok

11:34:51.0850 4328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:34:52.0330 4328 usbuhci - ok

11:34:52.0601 4328 USB_RNDIS (baca551d105637c488631c8b4766f2fc) C:\WINDOWS\system32\DRIVERS\usb8023y.sys

11:34:52.0751 4328 USB_RNDIS - ok

11:34:52.0961 4328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:34:53.0262 4328 VgaSave - ok

11:34:53.0482 4328 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

11:34:53.0812 4328 viaagp - ok

11:34:54.0023 4328 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

11:34:54.0303 4328 ViaIde - ok

11:34:54.0563 4328 VIAudio (5e02b47671ec147251ab5487d039474d) C:\WINDOWS\system32\drivers\vinyl97.sys

11:34:54.0764 4328 VIAudio - ok

11:34:54.0974 4328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:34:55.0335 4328 VolSnap - ok

11:34:55.0645 4328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:34:55.0955 4328 Wanarp - ok

11:34:56.0216 4328 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

11:34:56.0416 4328 Wdf01000 - ok

11:34:56.0616 4328 WDICA - ok

11:34:56.0857 4328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:34:57.0237 4328 wdmaud - ok

11:34:57.0608 4328 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

11:34:57.0778 4328 WinUSB - ok

11:34:58.0179 4328 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

11:34:58.0389 4328 WudfPf - ok

11:34:58.0790 4328 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

11:34:58.0960 4328 WudfRd - ok

11:34:59.0240 4328 xgusb (cc810d6559da1307b7175dcf2a0f7411) C:\WINDOWS\system32\Drivers\xgusb.sys

11:34:59.0390 4328 xgusb - ok

11:34:59.0781 4328 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0

11:34:59.0801 4328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

11:34:59.0801 4328 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

11:35:00.0402 4328 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:35:00.0402 4328 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:35:00.0442 4328 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

11:35:00.0873 4328 \Device\Harddisk1\DR1 - ok

11:35:00.0913 4328 MBR (0x1B8) (45f1f43ffa09e1f67a5a75b764977af9) \Device\Harddisk2\DR8

11:35:09.0465 4328 \Device\Harddisk2\DR8 - ok

11:35:09.0515 4328 Boot (0x1200) (f5d9c04557273ed9f16ab904c0879bd9) \Device\Harddisk0\DR0\Partition0

11:35:09.0545 4328 \Device\Harddisk0\DR0\Partition0 - ok

11:35:09.0605 4328 Boot (0x1200) (e8a65e34631d63c922c871cbb555b645) \Device\Harddisk0\DR0\Partition1

11:35:09.0625 4328 \Device\Harddisk0\DR0\Partition1 - ok

11:35:09.0645 4328 Boot (0x1200) (084dfc198d2b35a8ab0ac012e5bc335a) \Device\Harddisk1\DR1\Partition0

11:35:09.0645 4328 \Device\Harddisk1\DR1\Partition0 - ok

11:35:09.0685 4328 Boot (0x1200) (cb38548140b40ac5f24c4cd4641b326f) \Device\Harddisk1\DR1\Partition1

11:35:09.0695 4328 \Device\Harddisk1\DR1\Partition1 - ok

11:35:09.0705 4328 ============================================================

11:35:09.0705 4328 Scan finished

11:35:09.0705 4328 ============================================================

11:35:09.0865 4512 Detected object count: 7

11:35:09.0865 4512 Actual detected object count: 7

11:38:17.0585 4512 Amps2prt ( UnsignedFile.Multi.Generic ) - skipped by user

11:38:17.0585 4512 Amps2prt ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:38:17.0585 4512 COMMSB96 ( UnsignedFile.Multi.Generic ) - skipped by user

11:38:17.0585 4512 COMMSB96 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:38:17.0585 4512 COMMSBEP ( UnsignedFile.Multi.Generic ) - skipped by user

11:38:17.0585 4512 COMMSBEP ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:38:17.0585 4512 fudally ( UnsignedFile.Multi.Generic ) - skipped by user

11:38:17.0595 4512 fudally ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:38:17.0605 4512 Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user

11:38:17.0605 4512 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:38:18.0667 4512 \Device\Harddisk0\DR0\# - copied to quarantine

11:38:19.0218 4512 \Device\Harddisk0\DR0 - copied to quarantine

11:38:19.0348 4512 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

11:38:19.0428 4512 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

11:38:19.0879 4512 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

11:38:20.0189 4512 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

11:38:20.0279 4512 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

11:38:20.0510 4512 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

11:38:24.0315 4512 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

11:38:24.0575 4512 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

11:38:24.0636 4512 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

11:38:24.0716 4512 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

11:38:24.0776 4512 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

11:38:24.0996 4512 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

11:38:25.0297 4512 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

11:38:25.0297 4512 \Device\Harddisk0\DR0 - ok

11:38:40.0929 4512 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

11:38:40.0939 4512 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:38:40.0939 4512 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

11:38:47.0328 2096 Deinitialize success

and:

ComboFix 12-02-16.02 - Owner 02/16/2012 12:15:43.1.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1536.1073 [GMT -5:00]

Running from: k:\malware tools\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

ADS - WINDOWS: deleted 192 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Owner\g2mdlhlpx.exe

c:\documents and settings\Owner\Local Settings\Application Data\{362E1EF8-5A5D-4510-9410-01FEAE88CE10}

c:\documents and settings\Owner\Local Settings\Application Data\{362E1EF8-5A5D-4510-9410-01FEAE88CE10}\chrome.manifest

c:\documents and settings\Owner\Local Settings\Application Data\{362E1EF8-5A5D-4510-9410-01FEAE88CE10}\chrome\content\overlay.xul

c:\documents and settings\Owner\Local Settings\Application Data\{362E1EF8-5A5D-4510-9410-01FEAE88CE10}\install.rdf

c:\documents and settings\Owner\Local Settings\Application Data\assembly\tmp

c:\documents and settings\Owner\Local Settings\Application Data\assembly\tmp\KUY27BFJ\FsdDoc2003.DLL

c:\documents and settings\Owner\WINDOWS

c:\windows\dasetup.log

c:\windows\ST6UNST.000

c:\windows\system32\_if8F.tmp

c:\windows\system32\_ifA.tmp

c:\windows\system32\_ifB.tmp

c:\windows\system32\uninstall.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))

.

.

2012-02-16 16:52 . 2012-02-16 16:52 -------- d-----w- c:\windows\LastGood

2012-02-16 16:38 . 2012-02-16 16:38 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-16 15:32 . 2012-02-16 15:32 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21C0F143-F402-4446-B2B9-9A86D88667FD}\MpKslcfc75a0b.sys

2012-02-15 21:32 . 2012-02-16 16:57 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21C0F143-F402-4446-B2B9-9A86D88667FD}\offreg.dll

2012-02-15 17:25 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21C0F143-F402-4446-B2B9-9A86D88667FD}\mpengine.dll

2012-01-27 15:28 . 2012-01-27 15:28 -------- d-----w- c:\program files\Motorola Media Link

2012-01-27 15:23 . 2012-01-27 15:23 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp

2012-01-24 16:26 . 2012-01-24 16:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Solid State Networks

2012-01-24 16:13 . 2012-01-25 21:04 -------- d-----w- c:\documents and settings\Owner\Application Data\gpdf2swf

2012-01-24 16:11 . 2012-01-24 16:12 -------- d-----w- c:\program files\SWFTools

2012-01-18 21:02 . 2005-10-15 03:41 72192 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp43a.dll

2012-01-18 21:02 . 2005-10-15 03:42 37376 ----a-w- c:\windows\system32\hpz3l43a.dll

2012-01-18 20:25 . 2005-03-14 18:39 65536 ----a-w- c:\windows\system32\HPZinw12.exe

2012-01-18 20:25 . 2005-03-14 17:05 69632 ----a-w- c:\windows\system32\HPZipm12.exe

2012-01-18 20:25 . 2005-03-08 16:55 57344 ----a-w- c:\windows\system32\HPZisn12.dll

2012-01-18 20:25 . 2005-03-08 16:55 94208 ----a-w- c:\windows\system32\HPZipt12.dll

2012-01-18 20:25 . 2005-03-14 17:05 204800 ----a-w- c:\windows\system32\HPZipr12.dll

2012-01-18 20:25 . 2005-03-14 17:03 278584 ----a-w- c:\windows\system32\HPZidr12.dll

2012-01-18 20:24 . 2012-01-18 20:25 -------- d-----w- c:\program files\HP

2012-01-18 20:21 . 2005-10-28 00:51 77824 ----a-w- c:\windows\system32\hpzids01.dll

2012-01-18 20:21 . 2005-09-09 23:28 98304 ----a-w- c:\windows\system32\hpzjsn01.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-01 15:43 . 2009-05-11 12:46 65536 ----a-w- c:\windows\IFinst27.exe

2012-01-31 12:44 . 2011-08-29 12:04 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 04:19 . 2011-09-19 12:08 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-10 20:24 . 2009-08-06 12:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-28 13:24 . 2011-06-16 12:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-25 21:57 . 2003-03-31 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2003-03-31 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-03-18 17:53 . 2011-03-30 18:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2009-12-09 645296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WheelMouse"="c:\hardware\Mouse\Amoumain.exe" [2002-03-09 225280]

"Malwarebytes' Anti-Malware"="c:\program files\Security Applications\Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Office Taskbar.lnk - c:\windows\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\misc.exe [2009-5-8 28160]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ApxFamilyCPS Startup.lnk.disabled]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ApxFamilyCPS Startup.lnk.disabled

backup=c:\windows\pss\ApxFamilyCPS Startup.lnk.disabledCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk

backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk.disabled]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk.disabled

backup=c:\windows\pss\QuickBooks Update Agent.lnk.disabledCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk

backup=c:\windows\pss\QuickBooks Web Connector.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-01-04 03:51 37296 ----a-w- c:\program files\Adobe Reader\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayFusion]

2009-12-09 18:31 645296 ----a-w- c:\program files\DisplayFusion\DisplayFusion.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

2007-02-26 05:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2011-12-06 14:40 2215768 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matrox PowerDesk SE]

2009-06-11 21:43 4223232 ----a-w- c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotoCast]

2012-01-27 15:31 1704 ----a-w- c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2011-06-15 19:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]

2009-09-02 14:42 4052152 ----a-w- c:\program files\Pando\pando.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe Reader\Reader\Reader_sl.exe"

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

"SunJavaUpdateSched"="c:\program files\Java\bin\jusched.exe"

"VTPreset"=VTPreset.exe

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Pando\\pando.exe"=

"c:\\Program Files\\Programming Applications\\Motorola\\MotoTrbo\\mototrbocps.exe"=

"f:\\Program Files\\QB Enterprise\\QBDBMgrN.exe"=

"c:\\Program Files\\Motorola Media Link\\Lite\\MML.exe"=

"c:\\Program Files\\Motorola Mobility\\MotoCast\\motocast.exe"=

"c:\\Program Files\\Motorola Mobility\\MotoCast\\bin\\MotoCast-thumbnailer.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56191:TCP"= 56191:TCP:Pando P2P TCP Listening Port

"56191:UDP"= 56191:UDP:Pando P2P UDP Listening Port

"58345:TCP"= 58345:TCP:Pando P2P TCP Listening Port

"58345:UDP"= 58345:UDP:Pando P2P UDP Listening Port

.

R3 Amps2prt;AOpen PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [3/9/2002 4:35 PM 9216]

S1 MpKsl7ba122be;MpKsl7ba122be;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21C0F143-F402-4446-B2B9-9A86D88667FD}\MpKsl7ba122be.sys [2/16/2012 11:52 AM 29904]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 COMMSB96;COMMSB96;c:\windows\system32\drivers\COMMSB96.sys [5/4/2009 3:42 PM 24776]

S2 COMMSBEP;COMMSBEP;c:\windows\system32\drivers\COMMSBEP.sys [5/4/2009 3:42 PM 44236]

S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [12/15/2011 2:18 PM 87368]

S2 Matrox Centering Service;Matrox Centering Service;c:\program files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [6/11/2009 4:44 PM 1263872]

S2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [6/11/2009 4:43 PM 344832]

S2 MBAMService;MBAMService;c:\program files\Security Applications\Anti-Malware\mbamservice.exe [8/6/2009 7:04 AM 652872]

S2 MIP 5000 TFTP Server;MIP 5000 TFTP Server;c:\program files\Programming Applications\Motorola\MIP5K\TFTP\TFTP Server.exe [2/11/2009 7:13 AM 136704]

S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [11/14/2011 2:44 PM 218992]

S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [11/2/2011 8:24 AM 68896]

S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 8:31 PM 1248256]

S3 fudally;fudally;c:\windows\system32\drivers\fudally.sys [2/9/2004 9:39 AM 12928]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/6/2009 7:04 AM 20464]

S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [6/17/2011 7:11 AM 47176]

S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [6/17/2011 7:11 AM 58496]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

S3 xgusb;Unity XG Devices;c:\windows\system32\drivers\xgusb.sys [11/12/2010 12:14 PM 30720]

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-09 c:\windows\Tasks\defrag.job

- c:\windows\system32\defrag.exe [2003-03-31 09:42]

.

2012-02-16 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 24.92.226.11 24.92.226.12

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - f:\program files\QB Enterprise\HelpAsyncPluggableProtocol.dll

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e27eqehy.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-FileZilla Server Interface - c:\program files\FileZilla Server\FileZilla Server Interface.exe

MSConfigStartUp-Lsoquqerofiboqax - c:\windows\dpmshe.dll

MSConfigStartUp-Uwovotohunicap - c:\windows\izucuhuhoneniqe.dll

AddRemove-Avira NTFS4DOS - c:\program files\Avira\NTFS4DOS\uninst.exe

AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-16 12:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-02-16 12:28:01

ComboFix-quarantined-files.txt 2012-02-16 17:27

.

Pre-Run: 14,490,435,584 bytes free

Post-Run: 15,984,713,728 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /maxmem=1536

.

- - End Of File - - 7C8F7EC00CE9F93B7B6828AF28D64C71

Share this post


Link to post
Share on other sites

Step 1

Please re-run TDSSKiller and choose Delete option for those entries:

11:38:40.0939 4512 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:38:40.0939 4512 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next post, please include:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Share this post


Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=e63382177a7ac04cb3021fe419afd2bf

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=false

# utc_time=2012-02-17 01:53:36

# local_time=2012-02-17 08:53:36 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1792 16777215 100 0 0 0 0 0

# compatibility_mode=5891 16776533 42 87 0 25416981 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=19440

# found=0

# cleaned=0

# scan_time=1110

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=e63382177a7ac04cb3021fe419afd2bf

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=false

# utc_time=2012-02-20 05:37:44

# local_time=2012-02-20 12:37:44 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1792 16777215 100 0 0 0 0 0

# compatibility_mode=5891 16776533 42 87 0 25679830 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=98971

# found=7

# cleaned=7

# scan_time=10910

C:\TDSSKiller_Quarantine\16.02.2012_11.32.43\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) F233AEABECAFAB7FB66CF7DEE832A6A1 C

C:\TDSSKiller_Quarantine\16.02.2012_11.32.43\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 68ECB6572A9AF156F996A1735C1933EE C

C:\TDSSKiller_Quarantine\16.02.2012_11.32.43\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AE trojan (cleaned by deleting - quarantined) B997881C1BBBDEFD15C2DAE05D5B4ADE C

C:\TDSSKiller_Quarantine\17.02.2012_08.54.20\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) F233AEABECAFAB7FB66CF7DEE832A6A1 C

C:\TDSSKiller_Quarantine\17.02.2012_08.54.20\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 68ECB6572A9AF156F996A1735C1933EE C

C:\TDSSKiller_Quarantine\17.02.2012_08.54.20\tdlfs0000\tsk0004.dta Win64/Olmarik.AE trojan (cleaned by deleting - quarantined) B997881C1BBBDEFD15C2DAE05D5B4ADE C

E:\Installers\Hardware Applications & Drivers\Micro Innovations USB to serial\setup_643627.exe Win32/Toolbar.Zugo application (deleted - quarantined) 3DD9CF70B23F4A6FEFB79665A07EAF81 C

and...

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.17.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: REPAIR-SHOP1 [administrator]

Protection: Enabled

2/17/2012 8:08:59 AM

mbam-log-2012-02-17 (08-08-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 171523

Time elapsed: 11 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.