Help! Rootkit Google Redirect bug!

TateEvan · March 11, 2012

I have been infected by some sort of rootkit bug that redirects google to ads. I have ran Malwarebytes scan, Sophos, Superantispyware and they all seem to find a trojan of some sort. I have not been able to isolate it to get rid of it. Any help would be appreciated.

dds.txt

attach.txt

TateEvan · March 12, 2012

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26

Run by vimsuser at 0:21:09 on 2012-03-11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.959 [GMT -5:00]

.

AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

svchost.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\Program Files\Sophos\Remote Management System\RouterNT.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Sophos\AutoUpdate\almon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\MI3AA1~1\wcescomm.exe

C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\isuspm.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Apoint\Apntex.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.vims.edu

uDefault_Page_URL = hxxp://www.vims.edu

mDefault_Page_URL = hxxp://www.vims.edu

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [H/PC Connection Agent] "c:\progra~1\mi3aa1~1\wcescomm.exe"

uRun: [iSUSPM] "c:\documents and settings\all users\application data\macrovision\flexnet connect\6\isuspm.exe" -scheduler

uRun: [Google Update] "c:\documents and settings\vimsuser\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [irfs] c:\documents and settings\all users\irfs.exe

mRun: [configremote] %APPDATA%\configremote.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [dplaysvr] %APPDATA%\dplaysvr.exe

dRun: [configremote] %APPDATA%\configremote.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico

uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)

uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)

mPolicies-system: LogonType = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247010641734

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247010617578

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} - hxxps://banweb.wm.edu:4443/forms/jinitiator/jinit13125.exe

DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{155462B2-CD39-4082-AE7E-865FEE458F66} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{88ABA5E6-0696-48D1-9193-209F72485E5D} : NameServer = 139.70.2.126,139.70.2.129

TCP: Interfaces\{D5A1126C-B768-43F6-B282-3D933DCBAF44} : NameServer = 139.70.2.126,139.70.2.129

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxdev.dll

Notify: TPSvc - TPSvc.dll

AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 94.63.147.17 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\vimsuser\application data\mozilla\firefox\profiles\o66hvl8a.default\

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B206f60f2-6d25-4cdb-b711-54946a4e9148%7D&mid=825e30825eef47d18a14d15f89fea9cd-22c140919ed174b0b033d83a1bd6825ad3cfe7ea&ds=AVG&v=10.0.0.7〈=en&pr=fr&d=2012-03-07%2023%3A08%3A36&sap=ku&q=

FF - plugin: c:\documents and settings\vimsuser\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-9-16 14776]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-7-8 153344]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-7-8 24064]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2005-10-18 61440]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-23 652360]

R2 MSSQL$CITADEL;SQL Server (CITADEL);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2011-2-22 163056]

R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2011-2-22 97520]

R2 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2011-9-14 282624]

R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-30 230640]

R2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2011-9-14 806912]

R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2011-2-22 1541360]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-23 20464]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-11 135664]

S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-11 135664]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2011-9-14 23928]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-7-8 14976]

.

=============== Created Last 30 ================

.

2012-03-11 05:03:21 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{4b5c2e4e-686a-46d7-bb9e-353ac8184547}\offreg.dll

2012-03-10 04:11:19 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{4b5c2e4e-686a-46d7-bb9e-353ac8184547}\mpengine.dll

2012-03-09 08:00:37 -------- d-----w- C:\8da08ea2859ec4ae01fa7c5ede6d

2012-03-09 02:36:38 -------- d-----w- c:\program files\ESET

2012-03-09 02:25:53 -------- d-----w- c:\documents and settings\vimsuser\application data\SUPERAntiSpyware.com

2012-03-09 02:25:11 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-03-09 02:25:11 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2012-03-09 02:20:07 388096 ----a-r- c:\documents and settings\vimsuser\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-03-09 02:20:04 -------- d-----w- c:\program files\Trend Micro

2012-03-09 00:23:12 -------- d-----w- c:\documents and settings\vimsuser\application data\Curiolab

2012-03-08 04:08:18 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2012-03-08 04:06:29 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2012-03-08 04:04:47 -------- d-----w- c:\program files\AVG

2012-03-08 03:54:09 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2012-03-01 15:13:56 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

2012-03-01 15:13:56 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2012-03-01 15:13:56 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2012-03-01 15:13:56 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll

2012-02-15 14:34:49 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-15 14:34:49 3072 ------w- c:\windows\system32\iacenc.dll

.

==================== Find3M ====================

.

2012-02-25 00:09:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-19 08:13:37 832512 ----a-w- c:\windows\system32\wininet.dll

2011-12-19 08:13:37 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-12-19 08:13:36 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-12-19 08:13:36 17408 ----a-w- c:\windows\system32\corpol.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Hitachi_HTS721010G9SA00 rev.MCZOC10H -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B07849F]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b07f740]; MOV EAX, [0x8b07f8b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B665AB8]

3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008b[0x8B656F18]

5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B652D98]

\Driver\atapi[0x8B284B18] -> IRP_MJ_CREATE -> 0x8B07849F

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8B0782C6

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 0:23:22.34 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 9/9/2009 5:11:20 PM

System Uptime: 3/11/2012 12:55:56 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0JK187

Processor: Genuine Intel® CPU T2500 @ 2.00GHz | Microprocessor | 1997/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 93 GiB total, 50.877 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Broadcom NetXtreme 57xx Gigabit Controller

Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2

Manufacturer: Broadcom

Name: Broadcom NetXtreme 57xx Gigabit Controller

PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2

Service: b57w2k

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Bluetooth Personal Area Network from TOSHIBA

Device ID: BLUETOOTH\0004&0007\0000

Manufacturer: Toshiba

Name: Bluetooth Personal Area Network from TOSHIBA

PNP Device ID: BLUETOOTH\0004&0007\0000

Service: tosrfnds

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP266: 1/7/2012 7:24:11 PM - Software Distribution Service 3.0

RP267: 1/12/2012 3:11:01 PM - Software Distribution Service 3.0

RP268: 1/14/2012 8:46:17 PM - Software Distribution Service 3.0

RP269: 1/16/2012 10:38:17 PM - Software Distribution Service 3.0

RP270: 1/17/2012 8:06:36 PM - Software Distribution Service 3.0

RP271: 1/24/2012 9:23:12 PM - Software Distribution Service 3.0

RP272: 1/24/2012 9:27:37 PM - Software Distribution Service 3.0

RP273: 1/27/2012 12:18:05 PM - Software Distribution Service 3.0

RP274: 2/1/2012 1:55:37 PM - Software Distribution Service 3.0

RP275: 2/3/2012 7:12:32 PM - Software Distribution Service 3.0

RP276: 2/5/2012 6:28:41 PM - System Checkpoint

RP277: 2/8/2012 11:11:15 AM - Software Distribution Service 3.0

RP278: 2/11/2012 8:26:57 PM - Software Distribution Service 3.0

RP279: 2/14/2012 1:30:50 AM - Software Distribution Service 3.0

RP280: 2/16/2012 12:31:16 AM - Software Distribution Service 3.0

RP281: 2/18/2012 12:04:28 PM - Software Distribution Service 3.0

RP282: 2/19/2012 1:13:36 PM - System Checkpoint

RP283: 2/21/2012 6:40:03 PM - Software Distribution Service 3.0

RP284: 2/23/2012 12:08:56 AM - System Checkpoint

RP285: 2/24/2012 7:27:46 PM - Software Distribution Service 3.0

RP286: 2/28/2012 12:46:10 AM - System Checkpoint

RP287: 2/28/2012 5:28:32 PM - Software Distribution Service 3.0

RP288: 3/1/2012 10:40:03 AM - System Checkpoint

RP289: 3/2/2012 5:15:08 PM - Software Distribution Service 3.0

RP290: 3/4/2012 7:20:21 PM - System Checkpoint

RP291: 3/7/2012 10:47:34 AM - Software Distribution Service 3.0

RP292: 3/7/2012 11:04:41 PM - Installed AVG 2012

RP293: 3/8/2012 9:20:02 PM - Installed HiJackThis

RP294: 3/9/2012 3:00:33 AM - Software Distribution Service 3.0

RP295: 3/9/2012 9:09:58 PM - Software Distribution Service 3.0

RP296: 3/9/2012 11:11:09 PM - Software Distribution Service 3.0

RP297: 3/11/2012 12:27:05 AM - System Checkpoint

RP298: 3/11/2012 1:03:51 AM - Windows Defender Checkpoint

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.0

AiO_Scan

ALPS Touch Pad Driver

Amos 18

ArcGIS Desktop

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

BioDiversity Pro

BioDiversity Pro (C:\Program Files\BioDiversity Pro\)

Bluetooth Stack for Windows by Toshiba

Bootstrapper

Broadcom Advanced Control Suite

Broadcom ASF Management Applications

Broadcom Gigabit Integrated Controller

Chesapeake Interactive Model Project (CHIMP)

Cisco Systems VPN Client 5.0.03.0560

Conexant D110 MDC V.92 Modem

Conexant HDA D110 MDC V.92 Modem

Core FTP LE 2.0

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Wireless WLAN Card

ESET Online Scanner v3

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GradeQuick Web Plugin

HI-TECH C51-lite V9.60PL0

HI-TECH PICC lite V9.60PL0

High Definition Audio Driver Package - KB835221

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP PSC & OfficeJet 5.3.B

Intel® Graphics Media Accelerator Driver for Mobile

Ipswitch WS_FTP LE

IVI Shared Component

IVI Shared Components

J2SE Runtime Environment 5.0 Update 12

Java Auto Updater

Java 6 Update 26

LEGO MINDSTORMS NXT Driver

Logitech Webcam Software

Logitech Webcam Software Driver Package

Malwarebytes Anti-Malware version 1.60.1.1000

MATLAB R2011a

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 ??? Language Pack

Microsoft .NET Framework 2.0 Language Pack - DEU

Microsoft .NET Framework 2.0 Language Pack - FRA

Microsoft .NET Framework 2.0 Language Pack - JPN

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Device Emulator version 2.0 - ENU

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (CITADEL)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Windows Journal Viewer

Microsoft XML Parser and SDK

Minitab 16

Minitab16

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA

Mozilla Firefox 10.0.2 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

NVIDIA Drivers

OGA Notifier 2.0.0048.0

Oracle JInitiator 1.3.1.25

OZ776 SCR CardBus Windows Driver

PASW Statistics 18

PopTools

PowerDVD 5.1

Python 2.4.1

Python 2.5 numpy-1.0.3

Python 2.5.1

QFolder

QuickTime

R for Windows 2.9.1

RealPlayer

SAS 9.2

SAS Drivers for ODBC

SAS Formats Library for Teradata 9.2

SAS OnlineDoc 9.2 for Windows

SAS Power and Sample Size 3.1

SAS Simulation Studio 1.2

SAS SQL Library for C 9.2

SAS Stat Studio 3.1

SAS Universal Viewer 1.0

SAS VJR

SAS XML Mapper 9.2

SAS/GRAPH NV Workshop 2.1

SAS/GRAPH ODS Graphics Editor 9.2

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SigmaPlot 9.0

SigmaTel Audio

Smart Defrag 2

Sonic DLA

Sonic RecordNow! Plus

Sonic Update Manager

Sophos Anti-Virus

Sophos AutoUpdate

Sophos Remote Management System

SUPERAntiSpyware

Texas Instruments PCIxx21/x515 drivers.

TI_Inst

Tinn-R 2.3.2.3

UnCensor® 5.1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VISA Shared Components

Visual Sample Plan

WebFldrs XP

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 10 Hotfix - KB894476

Windows XP Service Pack 3

Xvid Video Codec

.

==== Event Viewer Messages From Past Week ========

.

3/9/2012 9:16:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL SAVOnAccessControl SAVOnAccessFilter Tosrfcom

3/9/2012 11:10:45 PM, error: Service Control Manager [7023] - The Sophos Anti-Virus service terminated with the following error: Unspecified error

3/8/2012 8:51:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

3/8/2012 8:28:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SAVOnAccessControl SAVOnAccessFilter Tosrfcom

3/8/2012 8:27:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/8/2012 7:53:33 PM, error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 1 time(s).

3/8/2012 7:53:33 PM, error: SAVOnAccessControl [37] - Driver threads still active when driver is being shutdown.

3/7/2012 7:34:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

3/7/2012 7:34:13 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/7/2012 11:38:01 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).

3/7/2012 11:38:01 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

3/7/2012 11:38:01 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

3/7/2012 11:38:01 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

3/7/2012 11:08:09 PM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: Access is denied.

3/7/2012 11:05:36 PM, error: Rasman [20035] - Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.

3/7/2012 10:44:01 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0016CF1A403E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/4/2012 7:05:04 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

3/4/2012 7:03:40 PM, error: SCardSvr [602] - WDM Reader driver initialization cannot open reader device: The system cannot find the path specified.

3/4/2012 7:03:40 PM, error: NETLOGON [5719] - No Domain Controller is available for domain VIMS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

.

==== End Of File ===========================

Maniac · March 12, 2012

Hello TateEvan and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

There are some remnants from AVG, so let's clean them. Please download and run their uninstaller:

http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_1796.exe

Follow the instructions and next, reboot your system.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

TDSSKiller log
Malwarebytes' Anti-Malware log
a new fresh DDS log file

TateEvan · March 15, 2012

Should this be done in safe mode?

TateEvan · March 15, 2012

21:00:26.0203 3776 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

21:00:26.0843 3776 ============================================================

21:00:26.0843 3776 Current date / time: 2012/03/14 21:00:26.0843

21:00:26.0843 3776 SystemInfo:

21:00:26.0843 3776

21:00:26.0843 3776 OS Version: 5.1.2600 ServicePack: 3.0

21:00:26.0843 3776 Product type: Workstation

21:00:26.0843 3776 ComputerName: WLAP26

21:00:26.0843 3776 UserName: vimsuser

21:00:26.0843 3776 Windows directory: C:\WINDOWS

21:00:26.0843 3776 System windows directory: C:\WINDOWS

21:00:26.0843 3776 Processor architecture: Intel x86

21:00:26.0843 3776 Number of processors: 2

21:00:26.0843 3776 Page size: 0x1000

21:00:26.0843 3776 Boot type: Normal boot

21:00:26.0843 3776 ============================================================

21:00:32.0890 3776 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

21:00:32.0906 3776 \Device\Harddisk0\DR0:

21:00:32.0906 3776 MBR used

21:00:32.0906 3776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA50E02

21:00:33.0453 3776 Initialize success

21:00:33.0453 3776 ============================================================

21:01:13.0859 4112 ============================================================

21:01:13.0859 4112 Scan started

21:01:13.0859 4112 Mode: Manual; SigCheck; TDLFS;

21:01:13.0859 4112 ============================================================

21:01:17.0125 4112 Abiosdsk - ok

21:01:17.0562 4112 abp480n5 - ok

21:01:17.0953 4112 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:01:23.0515 4112 ACPI - ok

21:01:23.0875 4112 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

21:01:24.0015 4112 ACPIEC - ok

21:01:24.0500 4112 adpu160m - ok

21:01:24.0937 4112 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:01:25.0171 4112 aec - ok

21:01:25.0578 4112 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

21:01:25.0703 4112 AFD - ok

21:01:26.0296 4112 Aha154x - ok

21:01:26.0703 4112 aic78u2 - ok

21:01:26.0968 4112 aic78xx - ok

21:01:27.0453 4112 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

21:01:27.0593 4112 AliIde - ok

21:01:27.0875 4112 amsint - ok

21:01:28.0500 4112 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

21:01:28.0593 4112 ApfiltrService - ok

21:01:28.0906 4112 asc - ok

21:01:29.0390 4112 asc3350p - ok

21:01:29.0687 4112 asc3550 - ok

21:01:30.0046 4112 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:01:30.0359 4112 AsyncMac - ok

21:01:30.0703 4112 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:01:30.0875 4112 atapi - ok

21:01:31.0359 4112 Atdisk - ok

21:01:31.0984 4112 ati2mtag (8eb17cf829df300cc885651cfeaf931c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

21:01:32.0750 4112 ati2mtag - ok

21:01:33.0328 4112 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:01:33.0484 4112 Atmarpc - ok

21:01:33.0828 4112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:01:33.0984 4112 audstub - ok

21:01:34.0703 4112 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

21:01:34.0812 4112 b57w2k - ok

21:01:34.0890 4112 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

21:01:34.0921 4112 BASFND ( UnsignedFile.Multi.Generic ) - warning

21:01:34.0921 4112 BASFND - detected UnsignedFile.Multi.Generic (1)

21:01:35.0765 4112 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

21:01:36.0062 4112 BCM43XX - ok

21:01:36.0625 4112 BCOREUSB (40f8c4c10ed67b1de44abf82582bac37) C:\WINDOWS\system32\Drivers\BCOREUSB.sys

21:01:36.0703 4112 BCOREUSB ( UnsignedFile.Multi.Generic ) - warning

21:01:36.0703 4112 BCOREUSB - detected UnsignedFile.Multi.Generic (1)

21:01:37.0046 4112 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:01:37.0375 4112 Beep - ok

21:01:37.0734 4112 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

21:01:37.0906 4112 BthEnum - ok

21:01:38.0406 4112 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

21:01:38.0578 4112 BthPan - ok

21:01:39.0015 4112 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

21:01:39.0406 4112 BTHPORT - ok

21:01:39.0796 4112 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

21:01:39.0937 4112 BTHUSB - ok

21:01:40.0437 4112 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:01:40.0593 4112 cbidf2k - ok

21:01:40.0968 4112 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

21:01:41.0093 4112 CCDECODE - ok

21:01:41.0625 4112 cd20xrnt - ok

21:01:41.0937 4112 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:01:42.0078 4112 Cdaudio - ok

21:01:42.0593 4112 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:01:42.0734 4112 Cdfs - ok

21:01:43.0062 4112 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:01:43.0343 4112 Cdrom - ok

21:01:43.0671 4112 Changer - ok

21:01:43.0968 4112 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

21:01:44.0109 4112 CmBatt - ok

21:01:44.0562 4112 CmdIde - ok

21:01:44.0843 4112 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

21:01:44.0968 4112 Compbatt - ok

21:01:45.0468 4112 Cpqarray - ok

21:01:45.0765 4112 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

21:01:45.0843 4112 CVirtA - ok

21:01:46.0671 4112 CVPNDRVA (465ced77e7c4f9d71b81ba600edafac1) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

21:01:46.0781 4112 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

21:01:46.0781 4112 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

21:01:47.0093 4112 dac2w2k - ok

21:01:47.0515 4112 dac960nt - ok

21:01:47.0937 4112 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:01:48.0062 4112 Disk - ok

21:01:48.0765 4112 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

21:01:49.0421 4112 dmboot - ok

21:01:49.0828 4112 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

21:01:50.0015 4112 dmio - ok

21:01:50.0640 4112 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:01:50.0812 4112 dmload - ok

21:01:51.0093 4112 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:01:51.0281 4112 DMusic - ok

21:01:51.0656 4112 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys

21:01:51.0687 4112 DNE - ok

21:01:52.0000 4112 dpti2o - ok

21:01:52.0437 4112 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:01:52.0562 4112 drmkaud - ok

21:01:52.0906 4112 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys

21:01:52.0968 4112 drvmcdb ( UnsignedFile.Multi.Generic ) - warning

21:01:52.0968 4112 drvmcdb - detected UnsignedFile.Multi.Generic (1)

21:01:53.0453 4112 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys

21:01:53.0500 4112 drvnddm ( UnsignedFile.Multi.Generic ) - warning

21:01:53.0500 4112 drvnddm - detected UnsignedFile.Multi.Generic (1)

21:01:53.0890 4112 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:01:54.0093 4112 Fastfat - ok

21:01:54.0562 4112 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

21:01:54.0703 4112 Fdc - ok

21:01:55.0046 4112 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

21:01:55.0109 4112 FilterService - ok

21:01:55.0609 4112 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

21:01:55.0750 4112 Fips - ok

21:01:56.0062 4112 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

21:01:56.0203 4112 Flpydisk - ok

21:01:56.0687 4112 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

21:01:56.0859 4112 FltMgr - ok

21:01:57.0312 4112 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:01:57.0453 4112 Fs_Rec - ok

21:01:57.0781 4112 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:01:57.0984 4112 Ftdisk - ok

21:01:58.0453 4112 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:01:58.0609 4112 Gpc - ok

21:01:58.0968 4112 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys

21:01:59.0046 4112 GTIPCI21 - ok

21:01:59.0640 4112 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

21:01:59.0765 4112 HDAudBus - ok

21:02:00.0046 4112 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:02:00.0265 4112 HidUsb - ok

21:02:00.0593 4112 hpn - ok

21:02:00.0859 4112 hpt3xx - ok

21:02:01.0156 4112 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

21:02:01.0437 4112 HPZid412 - ok

21:02:01.0765 4112 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

21:02:01.0906 4112 HPZipr12 - ok

21:02:02.0359 4112 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

21:02:02.0562 4112 HPZius12 - ok

21:02:02.0953 4112 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

21:02:03.0109 4112 HSFHWAZL - ok

21:02:03.0593 4112 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

21:02:03.0687 4112 HSFHWICH - ok

21:02:04.0406 4112 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS

21:02:05.0046 4112 HSF_DPV - ok

21:02:05.0718 4112 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:02:05.0921 4112 HTTP - ok

21:02:06.0359 4112 i2omgmt - ok

21:02:06.0625 4112 i2omp - ok

21:02:06.0984 4112 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:02:07.0125 4112 i8042prt - ok

21:02:08.0125 4112 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

21:02:09.0234 4112 ialm - ok

21:02:09.0656 4112 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:02:09.0796 4112 Imapi - ok

21:02:10.0078 4112 ini910u - ok

21:02:10.0546 4112 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

21:02:10.0687 4112 IntelIde - ok

21:02:11.0062 4112 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:02:11.0234 4112 intelppm - ok

21:02:11.0765 4112 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

21:02:11.0937 4112 ip6fw - ok

21:02:12.0406 4112 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:02:12.0562 4112 IpFilterDriver - ok

21:02:12.0937 4112 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:02:13.0062 4112 IpInIp - ok

21:02:13.0609 4112 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:02:13.0812 4112 IpNat - ok

21:02:14.0109 4112 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:02:14.0312 4112 IPSec - ok

21:02:14.0687 4112 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:02:14.0828 4112 IRENUM - ok

21:02:15.0109 4112 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:02:15.0265 4112 isapnp - ok

21:02:15.0609 4112 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:02:15.0765 4112 Kbdclass - ok

21:02:16.0093 4112 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:02:16.0265 4112 kbdhid - ok

21:02:16.0843 4112 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:02:17.0078 4112 kmixer - ok

21:02:17.0593 4112 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

21:02:17.0781 4112 KSecDD - ok

21:02:18.0062 4112 lbrtfdc - ok

21:02:18.0625 4112 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

21:02:18.0656 4112 LVPr2Mon - ok

21:02:19.0062 4112 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys

21:02:19.0484 4112 LVRS - ok

21:02:19.0859 4112 lvselsus (e6ba3db1e07745a79e67fa5afe34bdfb) C:\WINDOWS\system32\DRIVERS\lvselsus.sys

21:02:19.0921 4112 lvselsus - ok

21:02:23.0000 4112 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

21:02:29.0578 4112 LVUVC - ok

21:02:29.0953 4112 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

21:02:30.0000 4112 MBAMProtector - ok

21:02:30.0484 4112 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

21:02:30.0515 4112 mdmxsdk - ok

21:02:30.0875 4112 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:02:31.0015 4112 mnmdd - ok

21:02:31.0531 4112 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

21:02:31.0656 4112 Modem - ok

21:02:31.0953 4112 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:02:32.0140 4112 Mouclass - ok

21:02:32.0671 4112 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:02:32.0843 4112 mouhid - ok

21:02:33.0312 4112 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:02:33.0468 4112 MountMgr - ok

21:02:33.0765 4112 mraid35x - ok

21:02:34.0093 4112 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:02:34.0312 4112 MRxDAV - ok

21:02:34.0906 4112 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:02:35.0453 4112 MRxSmb - ok

21:02:35.0843 4112 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:02:35.0984 4112 Msfs - ok

21:02:36.0515 4112 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:02:36.0640 4112 MSKSSRV - ok

21:02:36.0953 4112 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:02:37.0125 4112 MSPCLOCK - ok

21:02:37.0562 4112 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:02:37.0703 4112 MSPQM - ok

21:02:37.0968 4112 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:02:38.0093 4112 mssmbios - ok

21:02:38.0593 4112 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

21:02:38.0734 4112 MSTEE - ok

21:02:39.0093 4112 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

21:02:39.0328 4112 Mup - ok

21:02:39.0796 4112 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

21:02:39.0953 4112 NABTSFEC - ok

21:02:40.0500 4112 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:02:40.0687 4112 NDIS - ok

21:02:41.0031 4112 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

21:02:41.0171 4112 NdisIP - ok

21:02:41.0625 4112 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:02:41.0671 4112 NdisTapi - ok

21:02:42.0000 4112 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:02:42.0234 4112 Ndisuio - ok

21:02:42.0671 4112 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:02:42.0828 4112 NdisWan - ok

21:02:43.0171 4112 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:02:43.0390 4112 NDProxy - ok

21:02:43.0812 4112 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:02:43.0984 4112 NetBIOS - ok

21:02:44.0625 4112 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:02:44.0812 4112 NetBT - ok

21:02:45.0312 4112 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:02:45.0468 4112 Npfs - ok

21:02:45.0953 4112 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:02:46.0578 4112 Ntfs - ok

21:02:46.0906 4112 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:02:47.0046 4112 Null - ok

21:02:48.0937 4112 nv (7f4551a2a1e96b4a6c29ef19dacce18c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

21:02:52.0109 4112 nv - ok

21:02:52.0640 4112 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:02:52.0796 4112 NwlnkFlt - ok

21:02:53.0093 4112 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:02:53.0312 4112 NwlnkFwd - ok

21:02:53.0718 4112 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

21:02:53.0890 4112 Parport - ok

21:02:54.0375 4112 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:02:54.0609 4112 PartMgr - ok

21:02:54.0906 4112 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:02:55.0062 4112 ParVdm - ok

21:02:55.0500 4112 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

21:02:55.0671 4112 PCI - ok

21:02:55.0937 4112 PCIDump - ok

21:02:56.0312 4112 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

21:02:56.0515 4112 PCIIde - ok

21:02:57.0062 4112 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

21:02:57.0468 4112 Pcmcia - ok

21:02:58.0015 4112 PDCOMP - ok

21:02:58.0593 4112 PDFRAME - ok

21:02:58.0843 4112 PDRELI - ok

21:02:59.0640 4112 PDRFRAME - ok

21:03:00.0031 4112 perc2 - ok

21:03:00.0359 4112 perc2hib - ok

21:03:00.0734 4112 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:03:00.0875 4112 PptpMiniport - ok

21:03:01.0453 4112 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

21:03:01.0609 4112 Processor - ok

21:03:01.0921 4112 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:03:02.0218 4112 PSched - ok

21:03:02.0609 4112 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:03:02.0750 4112 Ptilink - ok

21:03:03.0125 4112 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:03:03.0171 4112 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

21:03:03.0171 4112 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

21:03:03.0578 4112 ql1080 - ok

21:03:03.0828 4112 Ql10wnt - ok

21:03:04.0125 4112 ql12160 - ok

21:03:04.0484 4112 ql1240 - ok

21:03:04.0734 4112 ql1280 - ok

21:03:05.0093 4112 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:03:05.0265 4112 RasAcd - ok

21:03:05.0625 4112 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:03:05.0765 4112 Rasl2tp - ok

21:03:06.0328 4112 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:03:06.0484 4112 RasPppoe - ok

21:03:06.0812 4112 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:03:06.0953 4112 Raspti - ok

21:03:07.0562 4112 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:03:07.0750 4112 Rdbss - ok

21:03:08.0062 4112 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:03:08.0250 4112 RDPCDD - ok

21:03:08.0750 4112 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

21:03:09.0000 4112 rdpdr - ok

21:03:09.0656 4112 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

21:03:09.0765 4112 RDPWD - ok

21:03:10.0171 4112 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:03:10.0375 4112 redbook - ok

21:03:10.0796 4112 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

21:03:10.0937 4112 RFCOMM - ok

21:03:11.0390 4112 s24trans - ok

21:03:11.0500 4112 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

21:03:11.0546 4112 SASDIFSV - ok

21:03:11.0609 4112 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

21:03:11.0671 4112 SASKUTIL - ok

21:03:12.0171 4112 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys

21:03:12.0468 4112 SAVOnAccessControl - ok

21:03:12.0812 4112 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys

21:03:12.0875 4112 SAVOnAccessFilter - ok

21:03:13.0437 4112 sdcfilter (a957fd57a6ae1597943e4590de10669b) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys

21:03:13.0484 4112 sdcfilter - ok

21:03:13.0781 4112 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:03:13.0906 4112 Secdrv - ok

21:03:14.0640 4112 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

21:03:14.0781 4112 serenum - ok

21:03:15.0406 4112 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

21:03:15.0578 4112 Serial - ok

21:03:15.0921 4112 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

21:03:16.0093 4112 Sfloppy - ok

21:03:16.0546 4112 Simbad - ok

21:03:16.0890 4112 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

21:03:17.0031 4112 SLIP - ok

21:03:17.0546 4112 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

21:03:17.0578 4112 SmartDefragDriver - ok

21:03:17.0906 4112 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys

21:03:17.0984 4112 SophosBootDriver - ok

21:03:18.0468 4112 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

21:03:18.0546 4112 Sparrow - ok

21:03:18.0875 4112 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:03:18.0984 4112 splitter - ok

21:03:19.0484 4112 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

21:03:19.0656 4112 sr - ok

21:03:20.0062 4112 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

21:03:20.0546 4112 Srv - ok

21:03:20.0890 4112 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

21:03:20.0984 4112 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning

21:03:20.0984 4112 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)

21:03:21.0468 4112 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

21:03:21.0515 4112 ssrtln ( UnsignedFile.Multi.Generic ) - warning

21:03:21.0515 4112 ssrtln - detected UnsignedFile.Multi.Generic (1)

21:03:21.0906 4112 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys

21:03:22.0078 4112 STAC97 - ok

21:03:23.0406 4112 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys

21:03:23.0828 4112 STHDA - ok

21:03:24.0343 4112 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

21:03:24.0531 4112 streamip - ok

21:03:24.0796 4112 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:03:24.0921 4112 swenum - ok

21:03:25.0750 4112 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:03:25.0953 4112 swmidi - ok

21:03:26.0718 4112 symc810 - ok

21:03:27.0109 4112 symc8xx - ok

21:03:27.0718 4112 sym_hi - ok

21:03:28.0031 4112 sym_u3 - ok

21:03:28.0500 4112 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:03:28.0656 4112 sysaudio - ok

21:03:29.0078 4112 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:03:29.0593 4112 Tcpip - ok

21:03:29.0953 4112 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:03:30.0093 4112 TDPIPE - ok

21:03:30.0656 4112 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:03:30.0796 4112 TDTCP - ok

21:03:31.0437 4112 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:03:31.0593 4112 TermDD - ok

21:03:32.0046 4112 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys

21:03:32.0078 4112 tfsnboio ( UnsignedFile.Multi.Generic ) - warning

21:03:32.0078 4112 tfsnboio - detected UnsignedFile.Multi.Generic (1)

21:03:32.0546 4112 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys

21:03:32.0640 4112 tfsncofs ( UnsignedFile.Multi.Generic ) - warning

21:03:32.0640 4112 tfsncofs - detected UnsignedFile.Multi.Generic (1)

21:03:33.0000 4112 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys

21:03:33.0046 4112 tfsndrct ( UnsignedFile.Multi.Generic ) - warning

21:03:33.0046 4112 tfsndrct - detected UnsignedFile.Multi.Generic (1)

21:03:33.0453 4112 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys

21:03:33.0468 4112 tfsndres ( UnsignedFile.Multi.Generic ) - warning

21:03:33.0484 4112 tfsndres - detected UnsignedFile.Multi.Generic (1)

21:03:33.0765 4112 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys

21:03:33.0843 4112 tfsnifs ( UnsignedFile.Multi.Generic ) - warning

21:03:33.0843 4112 tfsnifs - detected UnsignedFile.Multi.Generic (1)

21:03:34.0468 4112 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys

21:03:34.0531 4112 tfsnopio ( UnsignedFile.Multi.Generic ) - warning

21:03:34.0531 4112 tfsnopio - detected UnsignedFile.Multi.Generic (1)

21:03:34.0875 4112 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys

21:03:34.0906 4112 tfsnpool ( UnsignedFile.Multi.Generic ) - warning

21:03:34.0906 4112 tfsnpool - detected UnsignedFile.Multi.Generic (1)

21:03:35.0250 4112 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys

21:03:35.0453 4112 tfsnudf ( UnsignedFile.Multi.Generic ) - warning

21:03:35.0453 4112 tfsnudf - detected UnsignedFile.Multi.Generic (1)

21:03:35.0765 4112 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys

21:03:35.0843 4112 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning

21:03:35.0843 4112 tfsnudfa - detected UnsignedFile.Multi.Generic (1)

21:03:36.0234 4112 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys

21:03:36.0390 4112 toshidpt ( UnsignedFile.Multi.Generic ) - warning

21:03:36.0390 4112 toshidpt - detected UnsignedFile.Multi.Generic (1)

21:03:36.0640 4112 TosIde - ok

21:03:36.0953 4112 tosporte (aeb0a824ddb4f3cc7b476174c8692d47) C:\WINDOWS\system32\DRIVERS\tosporte.sys

21:03:37.0062 4112 tosporte ( UnsignedFile.Multi.Generic ) - warning

21:03:37.0062 4112 tosporte - detected UnsignedFile.Multi.Generic (1)

21:03:37.0718 4112 Tosrfbd (c1e77b1033969ea316c76f61adff2ad1) C:\WINDOWS\system32\Drivers\tosrfbd.sys

21:03:37.0921 4112 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning

21:03:37.0921 4112 Tosrfbd - detected UnsignedFile.Multi.Generic (1)

21:03:38.0593 4112 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

21:03:38.0687 4112 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning

21:03:38.0687 4112 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)

21:03:39.0062 4112 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

21:03:39.0140 4112 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning

21:03:39.0140 4112 Tosrfcom - detected UnsignedFile.Multi.Generic (1)

21:03:39.0859 4112 Tosrfhid (7dfd6b1077b3ff19877fd67a04fed2a2) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

21:03:39.0921 4112 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning

21:03:39.0921 4112 Tosrfhid - detected UnsignedFile.Multi.Generic (1)

21:03:40.0375 4112 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

21:03:40.0437 4112 tosrfnds ( UnsignedFile.Multi.Generic ) - warning

21:03:40.0437 4112 tosrfnds - detected UnsignedFile.Multi.Generic (1)

21:03:40.0828 4112 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys

21:03:40.0875 4112 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning

21:03:40.0875 4112 TosRfSnd - detected UnsignedFile.Multi.Generic (1)

21:03:41.0234 4112 Tosrfusb (730a65f13398a1737f1a78a7b1620ec6) C:\WINDOWS\system32\Drivers\tosrfusb.sys

21:03:41.0437 4112 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning

21:03:41.0437 4112 Tosrfusb - detected UnsignedFile.Multi.Generic (1)

21:03:41.0875 4112 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:03:42.0046 4112 Udfs - ok

21:03:42.0468 4112 UIUSys - ok

21:03:42.0812 4112 ultra - ok

21:03:43.0375 4112 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:03:43.0750 4112 Update - ok

21:03:44.0171 4112 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

21:03:44.0390 4112 usbaudio - ok

21:03:44.0734 4112 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:03:44.0875 4112 usbccgp - ok

21:03:45.0390 4112 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys

21:03:45.0453 4112 USBCCID - ok

21:03:45.0828 4112 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:03:45.0984 4112 usbehci - ok

21:03:46.0593 4112 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:03:46.0781 4112 usbhub - ok

21:03:47.0140 4112 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:03:47.0375 4112 usbprint - ok

21:03:47.0703 4112 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:03:47.0843 4112 usbscan - ok

21:03:48.0187 4112 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:03:48.0343 4112 USBSTOR - ok

21:03:48.0671 4112 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:03:48.0796 4112 usbuhci - ok

21:03:49.0140 4112 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

21:03:49.0312 4112 usbvideo - ok

21:03:49.0593 4112 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:03:49.0718 4112 VgaSave - ok

21:03:50.0031 4112 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

21:03:50.0156 4112 ViaIde - ok

21:03:50.0609 4112 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

21:03:50.0734 4112 VolSnap - ok

21:03:51.0093 4112 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

21:03:51.0656 4112 vsdatant - ok

21:03:53.0093 4112 w29n51 (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys

21:03:55.0453 4112 w29n51 - ok

21:03:55.0781 4112 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:03:55.0906 4112 Wanarp - ok

21:03:56.0187 4112 WDICA - ok

21:03:56.0625 4112 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:03:56.0765 4112 wdmaud - ok

21:03:57.0406 4112 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

21:03:57.0890 4112 winachsf - ok

21:03:58.0375 4112 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

21:03:58.0500 4112 WmiAcpi - ok

21:03:58.0781 4112 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

21:03:58.0906 4112 WSTCODEC - ok

21:03:59.0203 4112 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:03:59.0453 4112 WudfPf - ok

21:03:59.0781 4112 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:03:59.0843 4112 WudfRd - ok

21:03:59.0890 4112 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0

21:03:59.0921 4112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

21:03:59.0921 4112 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

21:04:00.0000 4112 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

21:04:00.0000 4112 \Device\Harddisk0\DR0 - detected TDSS File System (1)

21:04:00.0000 4112 Boot (0x1200) (2735f3bcb27011248469164362059a22) \Device\Harddisk0\DR0\Partition0

21:04:00.0000 4112 \Device\Harddisk0\DR0\Partition0 - ok

21:04:00.0000 4112 ============================================================

21:04:00.0000 4112 Scan finished

21:04:00.0000 4112 ============================================================

21:04:00.0109 5264 Detected object count: 28

21:04:00.0109 5264 Actual detected object count: 28

21:04:19.0921 5264 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:19.0921 5264 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:19.0921 5264 BCOREUSB ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:19.0921 5264 BCOREUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:19.0921 5264 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:19.0921 5264 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:19.0921 5264 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:19.0921 5264 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:19.0937 5264 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:19.0937 5264 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:19.0937 5264 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:19.0937 5264 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:19.0968 5264 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:19.0968 5264 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:19.0984 5264 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:19.0984 5264 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:19.0984 5264 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:19.0984 5264 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:19.0984 5264 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:19.0984 5264 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:19.0984 5264 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:19.0984 5264 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0031 5264 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0031 5264 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0031 5264 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0031 5264 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0062 5264 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0062 5264 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0062 5264 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0062 5264 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0062 5264 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0062 5264 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0078 5264 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0078 5264 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0078 5264 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0078 5264 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0078 5264 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0078 5264 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0078 5264 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0078 5264 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0078 5264 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0078 5264 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0078 5264 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0078 5264 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0078 5264 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0078 5264 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0078 5264 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0078 5264 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0078 5264 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0078 5264 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:20.0109 5264 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user

21:04:20.0109 5264 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:04:35.0093 5264 \Device\Harddisk0\DR0\# - copied to quarantine

21:04:35.0109 5264 \Device\Harddisk0\DR0 - copied to quarantine

21:04:37.0187 5264 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

21:04:38.0500 5264 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

21:04:39.0640 5264 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

21:04:39.0968 5264 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

21:04:40.0968 5264 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

21:04:41.0734 5264 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

21:04:42.0218 5264 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

21:04:42.0296 5264 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

21:04:42.0343 5264 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

21:04:42.0359 5264 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

21:04:42.0359 5264 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

21:04:42.0406 5264 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

21:04:42.0453 5264 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

21:04:42.0453 5264 \Device\Harddisk0\DR0 - ok

21:04:42.0531 5264 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

21:04:42.0531 5264 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

21:04:42.0531 5264 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

21:04:54.0453 4148 Deinitialize success

TateEvan · March 15, 2012

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.14.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

vimsuser :: WLAP26 [administrator]

Protection: Enabled

3/14/2012 9:17:22 PM

mbam-log-2012-03-14 (21-17-22).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 514327

Time elapsed: 45 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

TateEvan · March 15, 2012

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26

Run by vimsuser at 22:06:24 on 2012-03-14

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1822 [GMT -4:00]

.

AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

svchost.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\Program Files\Sophos\Remote Management System\RouterNT.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Sophos\AutoUpdate\almon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\MI3AA1~1\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\isuspm.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Mozilla Firefox\firefox.exe