Jump to content

Infected PC, please help.


Recommended Posts

Here are the dds and Attach files

dds.txtAttach.txt

The virus isn't really doing much of anything, except eating up memory and playing random sound files. Every time I do a scan with AVG it turns up a bunch of cookies and deletes them, and Malwarebytes doesn't even find those. The first time I scanned with Malwarebytes though, it did find a Trojan and it said it got rid of it, but I'm still having problems.

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

OK, don't worry about it, please do this......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

14:59:35.0390 6068 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

14:59:35.0656 6068 ============================================================

14:59:35.0656 6068 Current date / time: 2012/07/24 14:59:35.0656

14:59:35.0656 6068 SystemInfo:

14:59:35.0656 6068

14:59:35.0656 6068 OS Version: 5.1.2600 ServicePack: 3.0

14:59:35.0656 6068 Product type: Workstation

14:59:35.0656 6068 ComputerName: HOME

14:59:35.0656 6068 UserName: Kevin

14:59:35.0656 6068 Windows directory: C:\WINDOWS

14:59:35.0656 6068 System windows directory: C:\WINDOWS

14:59:35.0656 6068 Processor architecture: Intel x86

14:59:35.0656 6068 Number of processors: 1

14:59:35.0656 6068 Page size: 0x1000

14:59:35.0656 6068 Boot type: Normal boot

14:59:35.0656 6068 ============================================================

14:59:39.0046 6068 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

14:59:39.0109 6068 ============================================================

14:59:39.0109 6068 \Device\Harddisk0\DR0:

14:59:39.0109 6068 MBR partitions:

14:59:39.0109 6068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41

14:59:39.0109 6068 ============================================================

14:59:39.0171 6068 C: <-> \Device\Harddisk0\DR0\Partition0

14:59:39.0171 6068 ============================================================

14:59:39.0171 6068 Initialize success

14:59:39.0171 6068 ============================================================

15:00:06.0281 4828 ============================================================

15:00:06.0281 4828 Scan started

15:00:06.0281 4828 Mode: Manual; SigCheck; TDLFS;

15:00:06.0281 4828 ============================================================

15:00:06.0656 4828 Abiosdsk - ok

15:00:06.0656 4828 abp480n5 - ok

15:00:06.0703 4828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:00:07.0156 4828 ACPI - ok

15:00:07.0203 4828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:00:07.0390 4828 ACPIEC - ok

15:00:07.0421 4828 ACS (f7f9513070cc9698c02acb747070e04c) C:\WINDOWS\system32\acs.exe

15:00:07.0453 4828 ACS ( UnsignedFile.Multi.Generic ) - warning

15:00:07.0453 4828 ACS - detected UnsignedFile.Multi.Generic (1)

15:00:07.0453 4828 adpu160m - ok

15:00:07.0515 4828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:00:07.0671 4828 aec - ok

15:00:07.0718 4828 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

15:00:07.0765 4828 AegisP ( UnsignedFile.Multi.Generic ) - warning

15:00:07.0765 4828 AegisP - detected UnsignedFile.Multi.Generic (1)

15:00:07.0812 4828 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:00:08.0015 4828 AFD - ok

15:00:08.0031 4828 Aha154x - ok

15:00:08.0031 4828 aic78u2 - ok

15:00:08.0046 4828 aic78xx - ok

15:00:08.0281 4828 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

15:00:08.0593 4828 ALCXWDM - ok

15:00:08.0687 4828 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

15:00:08.0843 4828 Alerter - ok

15:00:08.0875 4828 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

15:00:09.0015 4828 ALG - ok

15:00:09.0031 4828 AliIde - ok

15:00:09.0078 4828 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

15:00:09.0156 4828 AmdK8 - ok

15:00:09.0203 4828 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys

15:00:09.0265 4828 AmdLLD - ok

15:00:09.0265 4828 amsint - ok

15:00:09.0312 4828 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

15:00:09.0468 4828 AppMgmt - ok

15:00:09.0484 4828 asc - ok

15:00:09.0484 4828 asc3350p - ok

15:00:09.0500 4828 asc3550 - ok

15:00:09.0687 4828 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

15:00:09.0781 4828 aspnet_state - ok

15:00:09.0812 4828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:00:09.0953 4828 AsyncMac - ok

15:00:09.0984 4828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:00:10.0125 4828 atapi - ok

15:00:10.0140 4828 Atdisk - ok

15:00:10.0203 4828 Ati HotKey Poller (c434b72352fadd9249d5541274021570) C:\WINDOWS\system32\Ati2evxx.exe

15:00:10.0406 4828 Ati HotKey Poller - ok

15:00:10.0796 4828 ati2mtag (b4368b39a18630c3ec8d7f496f76f19b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

15:00:11.0281 4828 ati2mtag - ok

15:00:11.0421 4828 AtiHDAudioService (bd9ca8136738040d3257363ed12be693) C:\WINDOWS\system32\drivers\AtihdXP3.sys

15:00:11.0484 4828 AtiHDAudioService - ok

15:00:11.0531 4828 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys

15:00:11.0593 4828 AtiHdmiService - ok

15:00:11.0687 4828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:00:11.0812 4828 Atmarpc - ok

15:00:11.0859 4828 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

15:00:12.0000 4828 AudioSrv - ok

15:00:12.0046 4828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:00:12.0187 4828 audstub - ok

15:00:12.0781 4828 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

15:00:13.0390 4828 AVGIDSAgent - ok

15:00:13.0515 4828 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

15:00:13.0546 4828 AVGIDSDriver - ok

15:00:13.0593 4828 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

15:00:13.0625 4828 AVGIDSEH - ok

15:00:13.0640 4828 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

15:00:13.0656 4828 AVGIDSFilter - ok

15:00:13.0765 4828 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

15:00:13.0781 4828 AVGIDSShim - ok

15:00:13.0843 4828 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

15:00:13.0906 4828 Avgldx86 - ok

15:00:13.0921 4828 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

15:00:13.0953 4828 Avgmfx86 - ok

15:00:14.0000 4828 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

15:00:14.0031 4828 Avgrkx86 - ok

15:00:14.0078 4828 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

15:00:14.0109 4828 Avgtdix - ok

15:00:14.0265 4828 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe

15:00:14.0312 4828 avgwd - ok

15:00:14.0359 4828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:00:14.0578 4828 Beep - ok

15:00:14.0640 4828 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

15:00:14.0953 4828 BITS - ok

15:00:15.0015 4828 BLKWGD (c2e8c62ed66ec1a9d4b03d6ab0fc851c) C:\WINDOWS\system32\DRIVERS\BLKWGD.sys

15:00:15.0140 4828 BLKWGD - ok

15:00:15.0234 4828 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

15:00:15.0281 4828 Bonjour Service - ok

15:00:15.0343 4828 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

15:00:15.0515 4828 Browser - ok

15:00:15.0546 4828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:00:15.0718 4828 cbidf2k - ok

15:00:15.0734 4828 cd20xrnt - ok

15:00:15.0828 4828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:00:16.0000 4828 Cdaudio - ok

15:00:16.0031 4828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:00:16.0187 4828 Cdfs - ok

15:00:16.0218 4828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:00:16.0359 4828 Cdrom - ok

15:00:16.0375 4828 Changer - ok

15:00:16.0421 4828 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

15:00:16.0546 4828 CiSvc - ok

15:00:16.0578 4828 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

15:00:16.0734 4828 ClipSrv - ok

15:00:16.0843 4828 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:00:16.0984 4828 clr_optimization_v2.0.50727_32 - ok

15:00:17.0093 4828 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:00:17.0171 4828 clr_optimization_v4.0.30319_32 - ok

15:00:17.0187 4828 CmdIde - ok

15:00:17.0187 4828 COMSysApp - ok

15:00:17.0203 4828 Cpqarray - ok

15:00:17.0250 4828 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

15:00:17.0468 4828 CryptSvc - ok

15:00:17.0468 4828 dac2w2k - ok

15:00:17.0484 4828 dac960nt - ok

15:00:17.0546 4828 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

15:00:17.0750 4828 DcomLaunch - ok

15:00:17.0796 4828 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

15:00:17.0937 4828 Dhcp - ok

15:00:17.0968 4828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:00:18.0109 4828 Disk - ok

15:00:18.0109 4828 dmadmin - ok

15:00:18.0171 4828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:00:18.0375 4828 dmboot - ok

15:00:18.0421 4828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:00:18.0578 4828 dmio - ok

15:00:18.0625 4828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:00:18.0781 4828 dmload - ok

15:00:18.0828 4828 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

15:00:18.0984 4828 dmserver - ok

15:00:19.0015 4828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:00:19.0156 4828 DMusic - ok

15:00:19.0203 4828 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

15:00:19.0359 4828 Dnscache - ok

15:00:19.0390 4828 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

15:00:19.0578 4828 Dot3svc - ok

15:00:19.0578 4828 dpti2o - ok

15:00:19.0609 4828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:00:19.0734 4828 drmkaud - ok

15:00:19.0750 4828 EagleXNt - ok

15:00:19.0796 4828 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

15:00:20.0000 4828 EapHost - ok

15:00:20.0046 4828 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

15:00:20.0187 4828 ERSvc - ok

15:00:20.0250 4828 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:00:20.0312 4828 Eventlog - ok

15:00:20.0375 4828 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

15:00:20.0468 4828 EventSystem - ok

15:00:20.0515 4828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:00:20.0671 4828 Fastfat - ok

15:00:20.0718 4828 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:00:20.0812 4828 FastUserSwitchingCompatibility - ok

15:00:20.0843 4828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

15:00:20.0968 4828 Fdc - ok

15:00:21.0000 4828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:00:21.0156 4828 Fips - ok

15:00:21.0218 4828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

15:00:21.0406 4828 Flpydisk - ok

15:00:21.0453 4828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:00:21.0609 4828 FltMgr - ok

15:00:21.0765 4828 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:00:21.0796 4828 FontCache3.0.0.0 - ok

15:00:21.0875 4828 ForcewareWebInterface (b81f8778f5bb485f3b75114f0c99a49f) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

15:00:21.0921 4828 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - warning

15:00:21.0921 4828 ForcewareWebInterface - detected UnsignedFile.Multi.Generic (1)

15:00:21.0984 4828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:00:22.0171 4828 Fs_Rec - ok

15:00:22.0218 4828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:00:22.0437 4828 Ftdisk - ok

15:00:22.0468 4828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:00:22.0609 4828 Gpc - ok

15:00:22.0625 4828 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:00:22.0781 4828 HDAudBus - ok

15:00:22.0875 4828 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:00:23.0046 4828 helpsvc - ok

15:00:23.0093 4828 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

15:00:23.0234 4828 HidServ - ok

15:00:23.0281 4828 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:00:23.0406 4828 HidUsb - ok

15:00:23.0468 4828 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

15:00:23.0625 4828 hkmsvc - ok

15:00:23.0640 4828 hpn - ok

15:00:23.0703 4828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:00:23.0781 4828 HTTP - ok

15:00:23.0812 4828 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

15:00:24.0000 4828 HTTPFilter - ok

15:00:24.0000 4828 i2omgmt - ok

15:00:24.0015 4828 i2omp - ok

15:00:24.0046 4828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:00:24.0187 4828 i8042prt - ok

15:00:24.0296 4828 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:00:24.0390 4828 idsvc - ok

15:00:24.0437 4828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:00:24.0593 4828 Imapi - ok

15:00:24.0656 4828 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

15:00:24.0812 4828 ImapiService - ok

15:00:24.0812 4828 ini910u - ok

15:00:24.0828 4828 IntelIde - ok

15:00:24.0859 4828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:00:25.0000 4828 Ip6Fw - ok

15:00:25.0031 4828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:00:25.0218 4828 IpFilterDriver - ok

15:00:25.0250 4828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:00:25.0406 4828 IpInIp - ok

15:00:25.0437 4828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:00:25.0578 4828 IpNat - ok

15:00:25.0593 4828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:00:25.0734 4828 IPSec - ok

15:00:25.0781 4828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:00:25.0953 4828 IRENUM - ok

15:00:25.0968 4828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:00:26.0125 4828 isapnp - ok

15:00:26.0296 4828 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

15:00:26.0343 4828 JavaQuickStarterService - ok

15:00:26.0359 4828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:00:26.0500 4828 Kbdclass - ok

15:00:26.0531 4828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:00:26.0656 4828 kmixer - ok

15:00:26.0703 4828 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys

15:00:26.0796 4828 KMWDFILTER - ok

15:00:26.0843 4828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:00:26.0984 4828 KSecDD - ok

15:00:27.0015 4828 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

15:00:27.0125 4828 lanmanserver - ok

15:00:27.0187 4828 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

15:00:27.0281 4828 lanmanworkstation - ok

15:00:27.0296 4828 lbrtfdc - ok

15:00:27.0359 4828 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

15:00:27.0531 4828 LmHosts - ok

15:00:27.0562 4828 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys

15:00:27.0593 4828 MBAMProtector - ok

15:00:27.0718 4828 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

15:00:27.0796 4828 MBAMService - ok

15:00:27.0843 4828 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

15:00:27.0984 4828 Messenger - ok

15:00:28.0046 4828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:00:28.0218 4828 mnmdd - ok

15:00:28.0265 4828 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

15:00:28.0406 4828 mnmsrvc - ok

15:00:28.0453 4828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:00:28.0609 4828 Modem - ok

15:00:28.0625 4828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:00:28.0765 4828 Mouclass - ok

15:00:28.0812 4828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:00:28.0984 4828 mouhid - ok

15:00:29.0015 4828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:00:29.0156 4828 MountMgr - ok

15:00:29.0203 4828 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

15:00:29.0234 4828 MozillaMaintenance - ok

15:00:29.0250 4828 mraid35x - ok

15:00:29.0265 4828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:00:29.0453 4828 MRxDAV - ok

15:00:29.0531 4828 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:00:29.0640 4828 MRxSmb - ok

15:00:29.0687 4828 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

15:00:29.0828 4828 MSDTC - ok

15:00:29.0921 4828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:00:30.0062 4828 Msfs - ok

15:00:30.0078 4828 MSIServer - ok

15:00:30.0125 4828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:00:30.0265 4828 MSKSSRV - ok

15:00:30.0281 4828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:00:30.0453 4828 MSPCLOCK - ok

15:00:30.0500 4828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:00:30.0640 4828 MSPQM - ok

15:00:30.0671 4828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:00:30.0812 4828 mssmbios - ok

15:00:30.0875 4828 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:00:30.0984 4828 Mup - ok

15:00:31.0046 4828 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

15:00:31.0203 4828 napagent - ok

15:00:31.0250 4828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:00:31.0406 4828 NDIS - ok

15:00:31.0500 4828 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:00:31.0656 4828 NdisTapi - ok

15:00:31.0718 4828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:00:31.0859 4828 Ndisuio - ok

15:00:31.0890 4828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:00:32.0031 4828 NdisWan - ok

15:00:32.0093 4828 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:00:32.0218 4828 NDProxy - ok

15:00:32.0234 4828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:00:32.0437 4828 NetBIOS - ok

15:00:32.0500 4828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:00:32.0687 4828 NetBT - ok

15:00:32.0734 4828 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:00:32.0921 4828 NetDDE - ok

15:00:32.0921 4828 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:00:33.0062 4828 NetDDEdsdm - ok

15:00:33.0109 4828 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:00:33.0265 4828 Netlogon - ok

15:00:33.0328 4828 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

15:00:33.0484 4828 Netman - ok

15:00:33.0609 4828 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:00:33.0656 4828 NetTcpPortSharing - ok

15:00:33.0718 4828 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

15:00:33.0796 4828 Nla - ok

15:00:33.0828 4828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:00:33.0953 4828 Npfs - ok

15:00:34.0093 4828 nSvcIp (63c7ceeec6271171bc2a723d694eda66) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

15:00:34.0125 4828 nSvcIp ( UnsignedFile.Multi.Generic ) - warning

15:00:34.0125 4828 nSvcIp - detected UnsignedFile.Multi.Generic (1)

15:00:34.0203 4828 nSvcLog (820b9afba044a8a43afdd9ba3d5e4b7b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

15:00:34.0234 4828 nSvcLog ( UnsignedFile.Multi.Generic ) - warning

15:00:34.0234 4828 nSvcLog - detected UnsignedFile.Multi.Generic (1)

15:00:34.0312 4828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:00:34.0515 4828 Ntfs - ok

15:00:34.0578 4828 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:00:34.0703 4828 NtLmSsp - ok

15:00:34.0781 4828 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

15:00:35.0000 4828 NtmsSvc - ok

15:00:35.0046 4828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:00:35.0234 4828 Null - ok

15:00:35.0718 4828 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

15:00:36.0468 4828 nv - ok

15:00:36.0593 4828 nvata (11d1ad7e946538e02f9ef6a6e1792061) C:\WINDOWS\system32\DRIVERS\nvata.sys

15:00:36.0656 4828 nvata - ok

15:00:36.0687 4828 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

15:00:36.0750 4828 NVENETFD - ok

15:00:36.0781 4828 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

15:00:36.0875 4828 nvnetbus - ok

15:00:36.0906 4828 NVSvc (cc4f8220ead1f6a38d51679708f435b9) C:\WINDOWS\system32\nvsvc32.exe

15:00:36.0953 4828 NVSvc - ok

15:00:37.0000 4828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:00:37.0171 4828 NwlnkFlt - ok

15:00:37.0187 4828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:00:37.0359 4828 NwlnkFwd - ok

15:00:37.0406 4828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

15:00:37.0562 4828 Parport - ok

15:00:37.0578 4828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:00:37.0734 4828 PartMgr - ok

15:00:37.0781 4828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:00:37.0984 4828 ParVdm - ok

15:00:38.0015 4828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:00:38.0140 4828 PCI - ok

15:00:38.0156 4828 PCIDump - ok

15:00:38.0203 4828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:00:38.0375 4828 PCIIde - ok

15:00:38.0406 4828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:00:38.0562 4828 Pcmcia - ok

15:00:38.0578 4828 PDCOMP - ok

15:00:38.0578 4828 PDFRAME - ok

15:00:38.0593 4828 PDRELI - ok

15:00:38.0609 4828 PDRFRAME - ok

15:00:38.0609 4828 perc2 - ok

15:00:38.0625 4828 perc2hib - ok

15:00:38.0703 4828 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:00:38.0781 4828 PlugPlay - ok

15:00:38.0843 4828 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:00:38.0968 4828 PolicyAgent - ok

15:00:39.0000 4828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:00:39.0140 4828 PptpMiniport - ok

15:00:39.0171 4828 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

15:00:39.0296 4828 Processor - ok

15:00:39.0312 4828 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:00:39.0437 4828 ProtectedStorage - ok

15:00:39.0468 4828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:00:39.0625 4828 PSched - ok

15:00:39.0671 4828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:00:39.0843 4828 Ptilink - ok

15:00:39.0890 4828 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:00:39.0921 4828 PxHelp20 - ok

15:00:39.0921 4828 ql1080 - ok

15:00:39.0937 4828 Ql10wnt - ok

15:00:39.0937 4828 ql12160 - ok

15:00:39.0953 4828 ql1240 - ok

15:00:39.0953 4828 ql1280 - ok

15:00:40.0000 4828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:00:40.0171 4828 RasAcd - ok

15:00:40.0203 4828 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

15:00:40.0359 4828 RasAuto - ok

15:00:40.0390 4828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:00:40.0531 4828 Rasl2tp - ok

15:00:40.0578 4828 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

15:00:40.0734 4828 RasMan - ok

15:00:40.0765 4828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:00:40.0921 4828 RasPppoe - ok

15:00:40.0937 4828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:00:41.0125 4828 Raspti - ok

15:00:41.0140 4828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:00:41.0296 4828 Rdbss - ok

15:00:41.0359 4828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:00:41.0546 4828 RDPCDD - ok

15:00:41.0578 4828 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:00:41.0734 4828 rdpdr - ok

15:00:41.0781 4828 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

15:00:41.0906 4828 RDPWD - ok

15:00:41.0953 4828 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

15:00:42.0109 4828 RDSessMgr - ok

15:00:42.0171 4828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:00:42.0312 4828 redbook - ok

15:00:42.0328 4828 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

15:00:42.0515 4828 RemoteAccess - ok

15:00:42.0546 4828 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

15:00:42.0687 4828 RemoteRegistry - ok

15:00:42.0750 4828 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

15:00:42.0906 4828 RpcLocator - ok

15:00:42.0968 4828 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

15:00:43.0093 4828 RpcSs - ok

15:00:43.0140 4828 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

15:00:43.0375 4828 RSVP - ok

15:00:43.0421 4828 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:00:43.0546 4828 SamSs - ok

15:00:43.0609 4828 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

15:00:43.0781 4828 SCardSvr - ok

15:00:43.0828 4828 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

15:00:44.0015 4828 Schedule - ok

15:00:44.0062 4828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:00:44.0234 4828 Secdrv - ok

15:00:44.0281 4828 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

15:00:44.0421 4828 seclogon - ok

15:00:44.0484 4828 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

15:00:44.0640 4828 SENS - ok

15:00:44.0687 4828 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:00:44.0843 4828 serenum - ok

15:00:44.0890 4828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

15:00:45.0046 4828 Serial - ok

15:00:45.0093 4828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:00:45.0234 4828 Sfloppy - ok

15:00:45.0312 4828 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

15:00:45.0515 4828 SharedAccess - ok

15:00:45.0562 4828 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:00:45.0609 4828 ShellHWDetection - ok

15:00:45.0625 4828 Simbad - ok

15:00:45.0640 4828 Sparrow - ok

15:00:45.0687 4828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:00:45.0828 4828 splitter - ok

15:00:45.0875 4828 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

15:00:45.0984 4828 Spooler - ok

15:00:46.0062 4828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:00:46.0218 4828 sr - ok

15:00:46.0296 4828 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

15:00:46.0437 4828 srservice - ok

15:00:46.0515 4828 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:00:46.0656 4828 Srv - ok

15:00:46.0703 4828 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

15:00:46.0859 4828 SSDPSRV - ok

15:00:46.0906 4828 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

15:00:47.0078 4828 stisvc - ok

15:00:47.0125 4828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:00:47.0265 4828 swenum - ok

15:00:47.0296 4828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:00:47.0453 4828 swmidi - ok

15:00:47.0468 4828 SwPrv - ok

15:00:47.0468 4828 symc810 - ok

15:00:47.0484 4828 symc8xx - ok

15:00:47.0500 4828 sym_hi - ok

15:00:47.0500 4828 sym_u3 - ok

15:00:47.0531 4828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:00:47.0703 4828 sysaudio - ok

15:00:47.0750 4828 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

15:00:47.0937 4828 SysmonLog - ok

15:00:47.0968 4828 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

15:00:48.0140 4828 TapiSrv - ok

15:00:48.0203 4828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:00:48.0359 4828 Tcpip - ok

15:00:48.0390 4828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:00:48.0546 4828 TDPIPE - ok

15:00:48.0562 4828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:00:48.0718 4828 TDTCP - ok

15:00:48.0750 4828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:00:48.0906 4828 TermDD - ok

15:00:48.0968 4828 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

15:00:49.0109 4828 TermService - ok

15:00:49.0171 4828 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:00:49.0218 4828 Themes - ok

15:00:49.0250 4828 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

15:00:49.0406 4828 TlntSvr - ok

15:00:49.0421 4828 TosIde - ok

15:00:49.0484 4828 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

15:00:49.0640 4828 TrkWks - ok

15:00:49.0687 4828 TrueSight (b3c9c35dc93563b8d19ad414edf2fc82) c:\windows\system32\drivers\TrueSight.sys

15:00:49.0734 4828 TrueSight ( UnsignedFile.Multi.Generic ) - warning

15:00:49.0734 4828 TrueSight - detected UnsignedFile.Multi.Generic (1)

15:00:49.0765 4828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:00:49.0921 4828 Udfs - ok

15:00:49.0937 4828 ultra - ok

15:00:50.0000 4828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:00:50.0218 4828 Update - ok

15:00:50.0265 4828 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

15:00:50.0453 4828 upnphost - ok

15:00:50.0546 4828 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

15:00:50.0687 4828 UPS - ok

15:00:50.0734 4828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:00:50.0890 4828 usbccgp - ok

15:00:50.0921 4828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:00:51.0062 4828 usbehci - ok

15:00:51.0125 4828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:00:51.0265 4828 usbhub - ok

15:00:51.0281 4828 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

15:00:51.0453 4828 usbohci - ok

15:00:51.0500 4828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:00:51.0656 4828 usbscan - ok

15:00:51.0703 4828 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:00:51.0843 4828 usbstor - ok

15:00:51.0875 4828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:00:52.0031 4828 VgaSave - ok

15:00:52.0031 4828 ViaIde - ok

15:00:52.0062 4828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:00:52.0203 4828 VolSnap - ok

15:00:52.0265 4828 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

15:00:52.0453 4828 VSS - ok

15:00:52.0500 4828 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

15:00:52.0656 4828 W32Time - ok

15:00:52.0687 4828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:00:52.0843 4828 Wanarp - ok

15:00:52.0843 4828 WDICA - ok

15:00:52.0890 4828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:00:53.0046 4828 wdmaud - ok

15:00:53.0093 4828 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

15:00:53.0281 4828 WebClient - ok

15:00:53.0421 4828 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

15:00:53.0593 4828 winmgmt - ok

15:00:53.0625 4828 wlanndi5 (224d5a22893cee9dca7b984433549735) C:\WINDOWS\system32\wlanndi5.SYS

15:00:53.0765 4828 wlanndi5 ( UnsignedFile.Multi.Generic ) - warning

15:00:53.0765 4828 wlanndi5 - detected UnsignedFile.Multi.Generic (1)

15:00:54.0000 4828 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:00:54.0234 4828 wlidsvc - ok

15:00:54.0375 4828 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

15:00:54.0546 4828 WmdmPmSN - ok

15:00:54.0640 4828 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

15:00:54.0781 4828 Wmi - ok

15:00:54.0890 4828 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

15:00:55.0078 4828 WmiApSrv - ok

15:00:55.0234 4828 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

15:00:55.0406 4828 WMPNetworkSvc - ok

15:00:55.0453 4828 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

15:00:55.0515 4828 WpdUsb - ok

15:00:55.0750 4828 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

15:00:55.0875 4828 WPFFontCache_v0400 - ok

15:00:55.0921 4828 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

15:00:56.0078 4828 wscsvc - ok

15:00:56.0109 4828 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

15:00:56.0421 4828 wuauserv - ok

15:00:56.0468 4828 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:00:56.0546 4828 WudfPf - ok

15:00:56.0562 4828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:00:56.0625 4828 WudfRd - ok

15:00:56.0640 4828 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

15:00:56.0734 4828 WudfSvc - ok

15:00:56.0812 4828 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

15:00:57.0000 4828 WZCSVC - ok

15:00:57.0015 4828 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

15:00:57.0218 4828 xmlprov - ok

15:00:57.0265 4828 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:00:57.0281 4828 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

15:00:57.0281 4828 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

15:00:57.0343 4828 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

15:00:57.0343 4828 \Device\Harddisk0\DR0 - detected TDSS File System (1)

15:00:57.0359 4828 Boot (0x1200) (a9198ed5917f1fb39840c404f489815b) \Device\Harddisk0\DR0\Partition0

15:00:57.0359 4828 \Device\Harddisk0\DR0\Partition0 - ok

15:00:57.0359 4828 ============================================================

15:00:57.0359 4828 Scan finished

15:00:57.0359 4828 ============================================================

15:00:57.0515 4832 Detected object count: 9

15:00:57.0515 4832 Actual detected object count: 9

15:04:22.0718 4832 ACS ( UnsignedFile.Multi.Generic ) - skipped by user

15:04:22.0718 4832 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:04:22.0718 4832 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

15:04:22.0718 4832 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:04:22.0718 4832 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - skipped by user

15:04:22.0718 4832 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:04:22.0734 4832 nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user

15:04:22.0734 4832 nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:04:22.0734 4832 nSvcLog ( UnsignedFile.Multi.Generic ) - skipped by user

15:04:22.0734 4832 nSvcLog ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:04:22.0734 4832 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

15:04:22.0734 4832 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:04:22.0734 4832 wlanndi5 ( UnsignedFile.Multi.Generic ) - skipped by user

15:04:22.0734 4832 wlanndi5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:04:23.0578 4832 \Device\Harddisk0\DR0\# - copied to quarantine

15:04:23.0593 4832 \Device\Harddisk0\DR0 - copied to quarantine

15:04:23.0734 4832 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

15:04:23.0765 4832 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

15:04:23.0796 4832 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

15:04:23.0812 4832 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

15:04:23.0828 4832 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

15:04:23.0890 4832 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

15:04:23.0921 4832 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

15:04:24.0046 4832 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

15:04:24.0046 4832 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

15:04:24.0046 4832 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

15:04:24.0078 4832 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

15:04:24.0156 4832 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

15:04:24.0156 4832 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

15:04:24.0156 4832 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

15:04:24.0203 4832 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

15:04:24.0218 4832 \Device\Harddisk0\DR0 - ok

15:04:24.0406 4832 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

15:04:24.0406 4832 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:04:24.0406 4832 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

15:04:46.0218 2200 Deinitialize success

Link to post
Share on other sites

Just run it again and just delete this one only!!

15:04:24.0406 4832 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:04:24.0406 4832 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

15:04:46.0218 2200 Deinitialize success

-------------------------

Then............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-07-25.04 - Kevin 07/24/2012 15:34:11.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1319 [GMT -4:00]

Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: NVIDIA Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Kevin\Application Data\6526.DB5

c:\documents and settings\Kevin\WINDOWS

C:\Install.exe

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\drivers\etc\lmhosts

c:\windows\system32\SET167.tmp

c:\windows\system32\SET169.tmp

c:\windows\system32\SET16C.tmp

c:\windows\system32\SET170.tmp

c:\windows\system32\SET171.tmp

c:\windows\system32\SET178.tmp

c:\windows\system32\SET17A.tmp

c:\windows\system32\SET1BF.tmp

c:\windows\system32\SET1C0.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))

.

.

2012-07-24 19:04 . 2012-07-24 19:23 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-24 18:58 . 2012-07-24 18:58 -------- d-----w- C:\7-24-2012

2012-07-24 18:57 . 2012-07-24 18:57 -------- d-----w- c:\program files\ERUNT

2012-07-24 18:22 . 2012-07-24 18:26 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-07-23 20:16 . 2012-07-23 20:16 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2012-07-23 17:45 . 2012-07-23 17:45 -------- d-----w- c:\documents and settings\Kevin\Application Data\Malwarebytes

2012-07-23 17:45 . 2012-07-23 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-07-23 17:45 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-23 17:45 . 2012-07-23 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-23 16:18 . 2012-07-23 16:18 -------- d-s---w- c:\documents and settings\LocalService\UserData

2012-07-20 19:35 . 2012-07-20 19:35 -------- d-----w- c:\documents and settings\Kevin\Application Data\FVD Suite

2012-07-18 11:50 . 2012-07-18 11:50 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM

2012-07-18 11:44 . 2012-07-18 11:50 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Rockstar Games

2012-07-12 14:36 . 2012-07-12 14:36 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-07-06 13:30 . 2012-07-06 13:46 -------- d-----w- c:\documents and settings\Kevin\Application Data\Tibia

2012-07-06 13:12 . 2012-07-11 13:58 -------- d-----w- c:\program files\Tibia

2012-07-05 15:32 . 2012-07-05 15:32 -------- d-----w- c:\windows\system32\xlive

2012-07-05 15:32 . 2012-07-05 15:32 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-20 19:31 . 2012-04-06 22:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-20 19:31 . 2011-06-26 00:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-18 11:57 . 2009-08-18 15:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll

2012-07-18 11:57 . 2009-08-18 15:24 19736 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-14 11:56 . 2012-06-14 11:56 40960 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2012-06-14 11:56 . 2012-06-14 11:56 40960 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2012-06-13 13:19 . 2004-08-04 01:07 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2009-08-19 21:07 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2004-08-04 01:07 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-08-04 01:07 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19 . 2009-08-06 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19 . 2010-08-07 21:15 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 19:19 . 2010-08-07 21:15 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 19:19 . 2010-08-07 21:15 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19 . 2010-08-07 21:15 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 19:19 . 2010-08-07 21:15 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 19:19 . 2009-08-06 23:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19 . 2004-08-04 01:07 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 19:19 . 2009-08-06 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:19 . 2010-08-07 21:15 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 19:19 . 2010-08-07 21:15 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 19:18 . 2010-08-26 10:19 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 19:18 . 2010-08-26 10:19 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18 . 2010-08-26 10:19 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2004-08-04 01:07 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 07:58 . 2004-08-04 01:07 667136 ----a-w- c:\windows\system32\wininet.dll

2012-05-04 13:12 . 2004-08-04 01:07 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2010-08-07 21:13 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-17 23:33 . 2011-05-07 14:39 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\steam.exe" [2011-08-13 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 98304]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk

backup=c:\windows\pss\Belkin Wireless Utility.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-04-08 21:20 116648 ----atw- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]

2005-07-29 21:25 270336 ----a-w- c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2010-08-26 05:12 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Steam\\steamapps\\raginrhino\\source sdk base\\hl2.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\Steam\\steamapps\\raginrhino\\team fortress 2\\hl2.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.515\\Agent.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.868\\Agent.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\deus ex - human revolution\\dxhr.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\Fallout 3 goty\\FalloutLauncher.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\Thief Deadly Shadows\\System\\runme.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\Grand Theft Auto IV\\GTAIV\\LaunchGTAIV.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\Grand Theft Auto IV\\GTAIV\\GTAIV.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 297168]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/23/2012 1:45 PM 655944]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/26/2012 10:07 AM 100368]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 27216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/23/2012 1:45 PM 22344]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 4:02 PM 7391072]

S3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [8/12/2010 12:50 PM 463872]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 1:24 PM 113120]

S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 5:51 PM 16384]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 00083549

*NewlyCreated* - 24430737

*NewlyCreated* - 93641881

*Deregistered* - 00083549

*Deregistered* - 24430737

*Deregistered* - 93641881

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-287218729-725345543-1003Core.job

- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-08 21:20]

.

2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-287218729-725345543-1003UA.job

- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-08 21:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com?o=14196&l=dis

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\awru2q4x.default\

FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe

MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-24 15:41

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-220523388-287218729-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-220523388-287218729-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"??"=hex:95,46,be,aa,47,30,2a,a5,4a,b6,4b,a7,f9,41,9f,2e,20,29,ae,1b,63,18,23,

7f,8b,4f,89,40,a3,78,e3,45,b0,6d,0b,0d,f4,34,a2,61,ea,09,4a,5e,97,5c,64,c0,\

"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

.

[HKEY_USERS\S-1-5-21-220523388-287218729-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:0c,78,3f,82,c4,4c,83,47,e5,3d,21,7d,9e,2f,b1,73,8c,f9,5c,d2,c1,

26,77,e1,c4,a4,b5,4f,79,56,d7,58,de,03,28,44,89,a3,33,de,f4,be,58,cd,cc,73,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(932)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

Completion time: 2012-07-24 15:43:41

ComboFix-quarantined-files.txt 2012-07-24 19:43

.

Pre-Run: 24,502,775,808 bytes free

Post-Run: 25,213,984,768 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - 2D37625B92BD92ABA85A54FDCF52C3AE

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.24.12

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Kevin :: HOME [administrator]

Protection: Disabled

7/24/2012 3:51:02 PM

mbam-log-2012-07-24 (15-51-02).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 173503

Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.