Jump to content

Can't get rid of W32/Sality.AT


Recommended Posts

Hi,

A friend came to me with his laptop with no icons apearing on the desktop. I managed to get them back by running explorer.exe via taskmanager, but suspected some malware infections as his anti-virus protection was outdated. I installed the Avira Free scanner, which detected thousands of files infected with W32/Sality.AT. A number of other trojans were also detected. After numerous reboot and re-scan attempts, and also a scan with MBAM, I still get the W32/Sality.AT virus as well as some other trojans like TR/Agent2, TR/Patched, TR/Crypt.XPACK and TR/Crypt.ZPACK.

Futhermore, a small AutoIt Error window pops up every time after a re-start with the message "Unable to open the script file"

Here are the DDS logs as well as the MBAM log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by User at 11:18:26 on 2012-07-31

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2902 [GMT 2:00]

.

AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\audio\r205445\stacsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\WINDOWS\system32\ChgService.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\rpcnet.exe

C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://agriculture.kzntl.gov.za/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = proxy.kzntl.gov.za:3128

uInternet Settings,ProxyOverride = *.KZNTL.GOV.ZA; 10.200.188.*;<local>

mWinlogon: System=ziswin.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [WinApps] c:\documents and settings\user\application data\javainst.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [PMX Daemon] ICO.EXE

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe

mRun: [WinApps] c:\documents and settings\user\application data\javainst.exe

mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mExplorerRun: [WinApps] c:\documents and settings\user\application data\javainst.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

mPolicies-system: EnableLUA = 0 (0x0)

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241690082484

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: Interfaces\{12EEDB33-EBF2-456A-9C3B-36CD89EFE58B} : NameServer = 196.43.1.11,196.25.1.11

TCP: Interfaces\{5B852397-714C-400B-85EC-DEFB87AD21CA} : NameServer = 196.43.1.11,196.25.1.11

Notify: igfxcui - igfxdev.dll

mASetup: {6FF1DCAB-A6BA-468D-A7AC-CFEBDECB9BCA} - c:\documents and settings\user\application data\javainst.exe

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-30 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-7-30 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-7-30 110032]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-7-30 74640]

R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2011-10-14 135168]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840]

R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-9-8 8704]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-2-10 112128]

R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-2-10 12840]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-2-10 32808]

R3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [2009-2-10 300672]

R3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [2009-2-10 378368]

R3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [2009-2-10 76328]

R3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [2009-2-10 14976]

R3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [2009-2-10 14976]

R3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [2009-2-10 387200]

R3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [2009-2-10 431616]

R3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [2009-2-10 25984]

R3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [2009-2-10 402944]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-2-10 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-10 110080]

R3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [2009-2-10 25640]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 136176]

S3 amsint32;amsint32;\??\c:\windows\system32\drivers\gnmoh.sys --> c:\windows\system32\drivers\gnmoh.sys [?]

S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011-10-14 103424]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-8-2 114432]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 136176]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-8-2 100736]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]

.

=============== Created Last 30 ================

.

2012-07-31 05:43:14 -------- d-----w- c:\windows\system32\NtmsData

2012-07-30 11:19:36 -------- d-----w- c:\documents and settings\user\application data\Avira

2012-07-30 11:19:08 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-07-30 11:19:08 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-07-30 11:19:08 -------- d-----w- c:\program files\Avira

2012-07-30 11:19:08 -------- d-----w- c:\documents and settings\all users\application data\Avira

2012-07-30 10:37:13 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes

2012-07-30 10:37:06 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-07-30 10:37:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-30 10:37:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-18 14:10:39 -------- d-----w- c:\documents and settings\user\application data\tazebama

2012-07-01 17:24:08 -------- d-sh--r- c:\documents and settings\user\local settings\application data\Start

.

==================== Find3M ====================

.

2012-07-31 08:51:00 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2012-07-31 08:50:58 58288 ----a-w- c:\windows\system32\rpcnet.dll

2012-07-31 08:09:11 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2012-07-30 15:48:43 143360 ----a-w- c:\windows\system32\igfxtray.exe

2012-07-30 11:21:57 471040 ----a-w- c:\windows\system32\AESTFltr.exe

2012-07-30 11:21:53 178712 ----a-w- c:\windows\system32\hkcmd.exe

2012-07-30 11:21:52 150040 ----a-w- c:\windows\system32\igfxpers.exe

2012-07-30 11:21:48 49152 ----a-w- c:\windows\system32\ico.exe

.

============= FINISH: 11:18:50.71 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 2009/02/27 05:27:27 PM

System Uptime: 2012/07/31 10:50:19 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0GY027

Processor: Intel® Core2 Duo CPU P8400 @ 2.26GHz | Microprocessor | 2260/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 89.22 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9

All Day Battery Life Configuration

Autorun Eater v2.5

Avira Free Antivirus

BioAPI Framework

Broadcom USH Host Components

BRU Report Writer version 9

Computer Basics

Computer Security and Privacy

Conexant HDA D330 MDC V.92 Modem

Dell 5530 Wireless Broadband Package

Dell Resource CD

Dell Security Device Driver Pack

Dell Touchpad

Digital Lifestyles

Digital Line Detect

Ericsson Wireless Manager

ESRI MapObjects 2 Runtime

Google Earth Plug-in

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB945436)

Hotfix for Windows XP (KB949764)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954434)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB958347)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Intel PROSet Wireless

Intel® Graphics Media Accelerator Driver

Intel® Network Connections 13.0.42.0

Intel® PRO Alerting Agent

Intel® PROSet/Wireless WiFi API

Intel® PROSet/Wireless WiFi Driver

Intel® Matrix Storage Manager

Java 6 Update 11

Java 6 Update 7

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Baseline Security Analyzer 2.1

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office Professional Edition 2003

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Modem Diagnostic Tool

Mouse Suite for Laptop Computers

MSXML 4.0 SP2 (KB936181)

MSXML 6.0 Parser (KB933579)

NetWaiting

NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)

PowerDVD

Productivity Programs

Roxio Activation Module

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB952069)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB963027)

Sonic CinePlayer Decoder Pack

The Internet and the World Wide Web

Update for Windows XP (KB898461)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

VKOM 301USB version 5.458

Vodafone Mobile Broadband Lite

WebFldrs XP

WIDCOMM Bluetooth Software

Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows NT Messaging

Windows Presentation Foundation

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

2012/07/30 12:54:02 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AMSINT32\0000 disappeared from the system without first being prepared for removal.

2012/07/30 11:35:56 AM, error: SCardSvr [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed.

2012/07/30 10:10:03 PM, error: Service Control Manager [7024] - The Avira Realtime Protection service terminated with service-specific error 303 (0x12F).

2012/07/30 10:09:43 PM, error: ACPI [43] - The system sleep operation failed

2012/07/30 01:25:51 PM, error: Service Control Manager [7034] - The Avira Realtime Protection service terminated unexpectedly. It has done this 3 time(s).

2012/07/30 01:25:38 PM, error: Service Control Manager [7031] - The Avira Realtime Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

2012/07/30 01:25:28 PM, error: Service Control Manager [7031] - The Avira Realtime Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

2012/07/24 04:34:42 PM, error: Dhcp [1002] - The IP address lease 41.8.139.236 for the Network Card with network address 001E101F0815 has been denied by the DHCP server 41.9.76.109 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

MBAM Log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.31.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

User :: EXTENSIONREC136 [administrator]

2012/07/31 12:27:25 PM

mbam-log-2012-07-31 (12-50-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 218584

Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 8

HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.

HKCR\FunWebProductsInstaller.Start.1 (PUP.MyWebSearch) -> No action taken.

HKCR\FunWebProductsInstaller.Start (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I'm sure some clever person will be able to help me here! Thanks in advance!

Johan

Link to post
Share on other sites

John, I hope you're getting paid for working on these rofl.gif

These show ->No action taken

Are you selecting to remove them?

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken.

Link to post
Share on other sites

John, I hope you're getting paid for working on these rofl.gif

If only I could get paid fro this! :angry: - there's another one waiting for me with some very nasties on it (attacked my flash drive and all the AV software on it!)

Somehow I thought that I was not suppose to remove any malware after submitting the DDS log. I'm currently scanning with MBAM again an will opt to remove them. Should I submit anything(log) after that?

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.31.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

User :: EXTENSIONREC136 [administrator]

2012/07/31 02:27:06 PM

mbam-log-2012-07-31 (14-27-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 218253

Time elapsed: 19 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 8

HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FunWebProductsInstaller.Start.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\FunWebProductsInstaller.Start (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by User at 15:05:28 on 2012-07-31

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2825 [GMT 2:00]

.

AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\audio\r205445\stacsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\WINDOWS\system32\ChgService.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\rpcnet.exe

C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://agriculture.kzntl.gov.za/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = proxy.kzntl.gov.za:3128

uInternet Settings,ProxyOverride = *.KZNTL.GOV.ZA; 10.200.188.*;<local>

mWinlogon: System=ziswin.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [WinApps] c:\documents and settings\user\application data\javainst.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [PMX Daemon] ICO.EXE

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe

mRun: [WinApps] c:\documents and settings\user\application data\javainst.exe

mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mExplorerRun: [WinApps] c:\documents and settings\user\application data\javainst.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

mPolicies-system: EnableLUA = 0 (0x0)

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241690082484

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: Interfaces\{12EEDB33-EBF2-456A-9C3B-36CD89EFE58B} : NameServer = 196.43.1.11,196.25.1.11

TCP: Interfaces\{5B852397-714C-400B-85EC-DEFB87AD21CA} : NameServer = 196.43.1.11,196.25.1.11

Notify: igfxcui - igfxdev.dll

mASetup: {6FF1DCAB-A6BA-468D-A7AC-CFEBDECB9BCA} - c:\documents and settings\user\application data\javainst.exe

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-30 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-7-30 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-7-30 110032]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-7-30 83392]

R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2011-10-14 135168]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840]

R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-9-8 8704]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-2-10 112128]

R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-2-10 12840]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-2-10 32808]

R3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [2009-2-10 300672]

R3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [2009-2-10 378368]

R3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [2009-2-10 76328]

R3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [2009-2-10 14976]

R3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [2009-2-10 14976]

R3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [2009-2-10 387200]

R3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [2009-2-10 431616]

R3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [2009-2-10 25984]

R3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [2009-2-10 402944]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-2-10 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-10 110080]

R3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [2009-2-10 25640]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 136176]

S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011-10-14 103424]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-8-2 114432]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 136176]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-8-2 100736]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]

.

=============== Created Last 30 ================

.

2012-07-31 05:43:14 -------- d-----w- c:\windows\system32\NtmsData

2012-07-30 11:19:36 -------- d-----w- c:\documents and settings\user\application data\Avira

2012-07-30 11:19:08 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-07-30 11:19:08 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-07-30 11:19:08 -------- d-----w- c:\program files\Avira

2012-07-30 11:19:08 -------- d-----w- c:\documents and settings\all users\application data\Avira

2012-07-30 10:37:13 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes

2012-07-30 10:37:06 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-07-30 10:37:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-30 10:37:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-18 14:10:39 -------- d-----w- c:\documents and settings\user\application data\tazebama

2012-07-01 17:24:08 -------- d-sh--r- c:\documents and settings\user\local settings\application data\Start

.

==================== Find3M ====================

.

2012-07-31 12:56:40 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2012-07-31 12:56:38 58288 ----a-w- c:\windows\system32\rpcnet.dll

2012-07-31 08:09:11 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2012-07-30 15:48:43 143360 ----a-w- c:\windows\system32\igfxtray.exe

2012-07-30 11:21:57 471040 ----a-w- c:\windows\system32\AESTFltr.exe

2012-07-30 11:21:53 178712 ----a-w- c:\windows\system32\hkcmd.exe

2012-07-30 11:21:52 150040 ----a-w- c:\windows\system32\igfxpers.exe

2012-07-30 11:21:48 49152 ----a-w- c:\windows\system32\ico.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD12 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xBA0F8000]<< >>UNKNOWN [0xBA0E8000]<< >>UNKNOWN [0xB9E35000]<< >>UNKNOWN [0x806E4000]<<

_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AC2C478]

\Driver\Disk[0x8B26E190] -> IRP_MJ_CREATE -> 0xBA0FEBB0

3 [0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-1[0x8B238028]

\Driver\iaStor[0x8B2BB8A8] -> IRP_MJ_CREATE -> 0xB9E76ED4

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 15:05:56.12 ===============

Link to post
Share on other sites

Yes, those settings are OK. The proxy server is not currently in use, but should remain there when he needs to connect through it. I'm currently online on the machine without any problems.

Link to post
Share on other sites

Sorry I missed that.

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Suspicious objects found...

17:42:59.0828 2388 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

17:42:59.0843 2388 ============================================================

17:42:59.0843 2388 Current date / time: 2012/07/31 17:42:59.0843

17:42:59.0843 2388 SystemInfo:

17:42:59.0843 2388

17:42:59.0843 2388 OS Version: 5.1.2600 ServicePack: 3.0

17:42:59.0843 2388 Product type: Workstation

17:42:59.0843 2388 ComputerName: EXTENSIONREC136

17:42:59.0843 2388 UserName: User

17:42:59.0843 2388 Windows directory: C:\WINDOWS

17:42:59.0843 2388 System windows directory: C:\WINDOWS

17:42:59.0843 2388 Processor architecture: Intel x86

17:42:59.0843 2388 Number of processors: 2

17:42:59.0843 2388 Page size: 0x1000

17:42:59.0843 2388 Boot type: Normal boot

17:42:59.0843 2388 ============================================================

17:43:00.0390 2388 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:43:00.0390 2388 Drive \Device\Harddisk1\DR5 - Size: 0xEEE00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:43:00.0390 2388 ============================================================

17:43:00.0390 2388 \Device\Harddisk0\DR0:

17:43:00.0390 2388 MBR partitions:

17:43:00.0390 2388 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x816E1, BlocksNum 0xDF120E0

17:43:00.0390 2388 \Device\Harddisk1\DR5:

17:43:00.0390 2388 MBR partitions:

17:43:00.0390 2388 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x775080

17:43:00.0390 2388 ============================================================

17:43:00.0437 2388 C: <-> \Device\Harddisk0\DR0\Partition0

17:43:00.0437 2388 ============================================================

17:43:00.0437 2388 Initialize success

17:43:00.0437 2388 ============================================================

17:44:18.0828 1532 ============================================================

17:44:18.0828 1532 Scan started

17:44:18.0828 1532 Mode: Manual; SigCheck; TDLFS;

17:44:18.0828 1532 ============================================================

17:44:19.0406 1532 Abiosdsk - ok

17:44:19.0468 1532 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

17:44:20.0750 1532 abp480n5 - ok

17:44:20.0796 1532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:44:20.0906 1532 ACPI - ok

17:44:20.0906 1532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

17:44:20.0984 1532 ACPIEC - ok

17:44:21.0031 1532 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

17:44:21.0156 1532 adpu160m - ok

17:44:21.0218 1532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:44:21.0343 1532 aec - ok

17:44:21.0375 1532 AESTAud (20f078136f3bdc4c0405c0527b769303) C:\WINDOWS\system32\drivers\AESTAud.sys

17:44:21.0437 1532 AESTAud - ok

17:44:21.0500 1532 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

17:44:21.0562 1532 AFD - ok

17:44:21.0593 1532 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

17:44:21.0734 1532 agp440 - ok

17:44:21.0734 1532 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

17:44:21.0843 1532 agpCPQ - ok

17:44:21.0843 1532 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

17:44:21.0890 1532 Aha154x - ok

17:44:21.0890 1532 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

17:44:21.0984 1532 aic78u2 - ok

17:44:21.0984 1532 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

17:44:22.0062 1532 aic78xx - ok

17:44:22.0093 1532 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

17:44:22.0171 1532 Alerter - ok

17:44:22.0187 1532 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

17:44:22.0250 1532 ALG - ok

17:44:22.0296 1532 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

17:44:22.0375 1532 AliIde - ok

17:44:22.0390 1532 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

17:44:22.0468 1532 alim1541 - ok

17:44:22.0484 1532 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

17:44:22.0578 1532 amdagp - ok

17:44:22.0593 1532 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

17:44:22.0625 1532 amsint - ok

17:44:22.0843 1532 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe

17:44:22.0890 1532 AntiVirSchedulerService - ok

17:44:22.0937 1532 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

17:44:22.0937 1532 AntiVirService - ok

17:44:22.0984 1532 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

17:44:23.0031 1532 ApfiltrService - ok

17:44:23.0078 1532 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

17:44:23.0156 1532 AppMgmt - ok

17:44:23.0187 1532 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

17:44:23.0312 1532 Arp1394 - ok

17:44:23.0390 1532 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

17:44:23.0468 1532 asc - ok

17:44:23.0500 1532 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

17:44:23.0531 1532 asc3350p - ok

17:44:23.0546 1532 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

17:44:23.0625 1532 asc3550 - ok

17:44:23.0718 1532 ASFAgent (9ad6ef4d591211a93848103368125b41) C:\Program Files\Intel\ASF Agent\ASFAgent.exe

17:44:23.0734 1532 ASFAgent - ok

17:44:23.0843 1532 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

17:44:23.0875 1532 aspnet_state - ok

17:44:23.0875 1532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:44:23.0953 1532 AsyncMac - ok

17:44:23.0984 1532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:44:24.0062 1532 atapi - ok

17:44:24.0062 1532 Atdisk - ok

17:44:24.0062 1532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:44:24.0156 1532 Atmarpc - ok

17:44:24.0203 1532 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

17:44:24.0281 1532 AudioSrv - ok

17:44:24.0296 1532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:44:24.0390 1532 audstub - ok

17:44:24.0421 1532 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

17:44:24.0437 1532 avgntflt - ok

17:44:24.0515 1532 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys

17:44:24.0531 1532 avipbb - ok

17:44:24.0546 1532 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

17:44:24.0562 1532 avkmgr - ok

17:44:24.0578 1532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:44:24.0671 1532 Beep - ok

17:44:24.0734 1532 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

17:44:24.0890 1532 BITS - ok

17:44:24.0921 1532 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

17:44:25.0015 1532 Browser - ok

17:44:25.0093 1532 btaudio (f688bbbe8e3e7e03e35caabd66616ddb) C:\WINDOWS\system32\drivers\btaudio.sys

17:44:25.0109 1532 btaudio - ok

17:44:25.0156 1532 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys

17:44:25.0171 1532 BTDriver - ok

17:44:25.0296 1532 BTKRNL (38a3331e2f690d4cdc9de0604b9416e5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

17:44:25.0343 1532 BTKRNL - ok

17:44:25.0484 1532 btwdins (d48148110ae078cb7221d0fcf20adfec) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

17:44:25.0500 1532 btwdins - ok

17:44:25.0562 1532 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

17:44:25.0562 1532 BTWDNDIS - ok

17:44:25.0578 1532 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys

17:44:25.0593 1532 btwmodem - ok

17:44:25.0609 1532 BTWUSB (d5af663711660d32ec230c6aaf7b6b83) C:\WINDOWS\system32\Drivers\btwusb.sys

17:44:25.0625 1532 BTWUSB - ok

17:44:25.0687 1532 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

17:44:25.0906 1532 cbidf - ok

17:44:25.0906 1532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:44:25.0984 1532 cbidf2k - ok

17:44:26.0046 1532 CCIDFILTER (d006b6a67b8daed85e6d91783e9b45d6) C:\WINDOWS\system32\DRIVERS\ccidflt.sys

17:44:26.0046 1532 CCIDFILTER - ok

17:44:26.0062 1532 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

17:44:26.0140 1532 cd20xrnt - ok

17:44:26.0187 1532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:44:26.0265 1532 Cdaudio - ok

17:44:26.0265 1532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:44:26.0343 1532 Cdfs - ok

17:44:26.0359 1532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:44:26.0468 1532 Cdrom - ok

17:44:26.0546 1532 Change Modem Device Service (9b4caefdbe28a24e3218775493784cdf) C:\WINDOWS\system32\ChgService.exe

17:44:26.0562 1532 Change Modem Device Service ( UnsignedFile.Multi.Generic ) - warning

17:44:26.0562 1532 Change Modem Device Service - detected UnsignedFile.Multi.Generic (1)

17:44:26.0562 1532 Changer - ok

17:44:26.0593 1532 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

17:44:26.0703 1532 CiSvc - ok

17:44:26.0703 1532 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

17:44:26.0796 1532 ClipSrv - ok

17:44:26.0875 1532 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:44:26.0921 1532 clr_optimization_v2.0.50727_32 - ok

17:44:26.0953 1532 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

17:44:27.0031 1532 CmBatt - ok

17:44:27.0078 1532 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

17:44:27.0156 1532 CmdIde - ok

17:44:27.0234 1532 cmnsusbser (675d67423980fc1784b93aa47d350a31) C:\WINDOWS\system32\DRIVERS\cmnsusbser.sys

17:44:27.0312 1532 cmnsusbser - ok

17:44:27.0328 1532 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

17:44:27.0453 1532 Compbatt - ok

17:44:27.0453 1532 COMSysApp - ok

17:44:27.0500 1532 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

17:44:27.0625 1532 Cpqarray - ok

17:44:27.0781 1532 Credential Vault Host Control Service (9d57165906778c9e5e0ecb34b311564b) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

17:44:27.0828 1532 Credential Vault Host Control Service - ok

17:44:27.0828 1532 Credential Vault Host Storage (e31e97859deee648d5867eadfbdbf25a) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

17:44:27.0843 1532 Credential Vault Host Storage - ok

17:44:27.0890 1532 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

17:44:28.0000 1532 CryptSvc - ok

17:44:28.0031 1532 cvusbdrv (dc6429fbc73b0b0b38cc5386c8a607ed) C:\WINDOWS\system32\Drivers\cvusbdrv.sys

17:44:28.0046 1532 cvusbdrv - ok

17:44:28.0109 1532 d553bus (1b4957f756bcc7e5b23d2b6e84fc3f0e) C:\WINDOWS\system32\DRIVERS\d553bus.sys

17:44:28.0125 1532 d553bus - ok

17:44:28.0187 1532 d553card (7eaa24353b3c5589fc6648d2cb944731) C:\WINDOWS\system32\DRIVERS\d553card.sys

17:44:28.0203 1532 d553card - ok

17:44:28.0250 1532 d553gps (9d16a5902722aaceca7b25fc38caeeb0) C:\WINDOWS\system32\DRIVERS\d553gps.sys

17:44:28.0265 1532 d553gps - ok

17:44:28.0265 1532 d553mdfl (e276c9ad870ce72c9ec3a6d95786b185) C:\WINDOWS\system32\DRIVERS\d553mdfl.sys

17:44:28.0281 1532 d553mdfl - ok

17:44:28.0281 1532 d553mdfl2 (74cb6903cc8d6fa633840b368387aecc) C:\WINDOWS\system32\DRIVERS\d553mdfl2.sys

17:44:28.0281 1532 d553mdfl2 - ok

17:44:28.0312 1532 d553mdm (b7e23cb22df23065bdfd528ca7676666) C:\WINDOWS\system32\DRIVERS\d553mdm.sys

17:44:28.0343 1532 d553mdm - ok

17:44:28.0406 1532 d553mdm2 (38fe8eb16cfda18fc08b5a7b6ddb30f1) C:\WINDOWS\system32\DRIVERS\d553mdm2.sys

17:44:28.0421 1532 d553mdm2 - ok

17:44:28.0421 1532 d553nd5 (bfa2af917c240c5f97b9a2b39f595ee2) C:\WINDOWS\system32\DRIVERS\d553nd5.sys

17:44:28.0437 1532 d553nd5 - ok

17:44:28.0484 1532 d553unic (57c4fa520411a861db4284ebb7c9b1ef) C:\WINDOWS\system32\DRIVERS\d553unic.sys

17:44:28.0500 1532 d553unic - ok

17:44:28.0593 1532 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

17:44:28.0734 1532 dac2w2k - ok

17:44:28.0750 1532 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

17:44:28.0859 1532 dac960nt - ok

17:44:28.0921 1532 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

17:44:29.0015 1532 DcomLaunch - ok

17:44:29.0078 1532 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

17:44:29.0234 1532 Dhcp - ok

17:44:29.0265 1532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:44:29.0375 1532 Disk - ok

17:44:29.0406 1532 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

17:44:29.0421 1532 DLABMFSM - ok

17:44:29.0421 1532 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

17:44:29.0437 1532 DLABOIOM - ok

17:44:29.0437 1532 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

17:44:29.0453 1532 DLACDBHM - ok

17:44:29.0453 1532 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

17:44:29.0468 1532 DLADResM - ok

17:44:29.0484 1532 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

17:44:29.0500 1532 DLAIFS_M - ok

17:44:29.0500 1532 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

17:44:29.0515 1532 DLAOPIOM - ok

17:44:29.0515 1532 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

17:44:29.0531 1532 DLAPoolM - ok

17:44:29.0531 1532 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

17:44:29.0546 1532 DLARTL_M - ok

17:44:29.0562 1532 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

17:44:29.0578 1532 DLAUDFAM - ok

17:44:29.0578 1532 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

17:44:29.0593 1532 DLAUDF_M - ok

17:44:29.0593 1532 dmadmin - ok

17:44:29.0656 1532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:44:29.0812 1532 dmboot - ok

17:44:29.0843 1532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:44:29.0937 1532 dmio - ok

17:44:29.0953 1532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:44:30.0031 1532 dmload - ok

17:44:30.0062 1532 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

17:44:30.0156 1532 dmserver - ok

17:44:30.0203 1532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:44:30.0328 1532 DMusic - ok

17:44:30.0343 1532 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll

17:44:30.0421 1532 Dnscache - ok

17:44:30.0453 1532 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

17:44:30.0546 1532 Dot3svc - ok

17:44:30.0578 1532 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

17:44:30.0656 1532 dpti2o - ok

17:44:30.0671 1532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:44:30.0734 1532 drmkaud - ok

17:44:30.0750 1532 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

17:44:30.0765 1532 DRVMCDB - ok

17:44:30.0765 1532 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

17:44:30.0781 1532 DRVNDDM - ok

17:44:30.0812 1532 e1yexpress (10cbd2b278ce365b41de378632cb5ddb) C:\WINDOWS\system32\DRIVERS\e1y5132.sys

17:44:30.0828 1532 e1yexpress - ok

17:44:30.0875 1532 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

17:44:30.0953 1532 EapHost - ok

17:44:30.0968 1532 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

17:44:31.0062 1532 ERSvc - ok

17:44:31.0109 1532 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

17:44:31.0140 1532 Eventlog - ok

17:44:31.0218 1532 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

17:44:31.0265 1532 EventSystem - ok

17:44:31.0484 1532 EvtEng (87a32636c84555525700e623662e34d9) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

17:44:31.0578 1532 EvtEng ( UnsignedFile.Multi.Generic ) - warning

17:44:31.0578 1532 EvtEng - detected UnsignedFile.Multi.Generic (1)

17:44:31.0687 1532 ewusbnet (9a8dfbcd14a37d3139aacd671a8444a6) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys

17:44:31.0750 1532 ewusbnet - ok

17:44:31.0828 1532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:44:32.0000 1532 Fastfat - ok

17:44:32.0062 1532 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll

17:44:32.0140 1532 FastUserSwitchingCompatibility - ok

17:44:32.0187 1532 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

17:44:32.0281 1532 Fax - ok

17:44:32.0296 1532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:44:32.0375 1532 Fdc - ok

17:44:32.0375 1532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:44:32.0453 1532 Fips - ok

17:44:32.0453 1532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:44:32.0531 1532 Flpydisk - ok

17:44:32.0546 1532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

17:44:32.0640 1532 FltMgr - ok

17:44:32.0734 1532 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

17:44:32.0750 1532 FontCache3.0.0.0 - ok

17:44:32.0750 1532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:44:32.0828 1532 Fs_Rec - ok

17:44:32.0859 1532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:44:32.0953 1532 Ftdisk - ok

17:44:32.0968 1532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:44:33.0062 1532 Gpc - ok

17:44:33.0218 1532 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

17:44:33.0218 1532 gupdate - ok

17:44:33.0218 1532 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

17:44:33.0234 1532 gupdatem - ok

17:44:33.0281 1532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:44:33.0359 1532 HDAudBus - ok

17:44:33.0437 1532 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:44:33.0515 1532 helpsvc - ok

17:44:33.0562 1532 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

17:44:33.0640 1532 HidServ - ok

17:44:33.0656 1532 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:44:33.0781 1532 hidusb - ok

17:44:33.0828 1532 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

17:44:33.0968 1532 hkmsvc - ok

17:44:34.0031 1532 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

17:44:34.0109 1532 hpn - ok

17:44:34.0171 1532 HSFHWAZL (7290fb97535c317a237d4c73149c7e2c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

17:44:34.0218 1532 HSFHWAZL - ok

17:44:34.0312 1532 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

17:44:34.0406 1532 HSF_DPV - ok

17:44:34.0437 1532 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

17:44:34.0531 1532 HTTP - ok

17:44:34.0562 1532 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

17:44:34.0625 1532 HTTPFilter - ok

17:44:34.0671 1532 hwdatacard (93e5d34d95ff9011beed886e3627f442) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

17:44:34.0750 1532 hwdatacard - ok

17:44:34.0812 1532 hwusbfake (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys

17:44:34.0875 1532 hwusbfake - ok

17:44:34.0906 1532 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

17:44:34.0984 1532 i2omgmt - ok

17:44:35.0046 1532 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

17:44:35.0109 1532 i2omp - ok

17:44:35.0140 1532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:44:35.0234 1532 i8042prt - ok

17:44:35.0406 1532 IAANTMON (f148c2e931bfc20397edc0a7b4f8e22b) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

17:44:35.0421 1532 IAANTMON - ok

17:44:35.0937 1532 ialm (4f3139829f1ac202ff0d29c2fd6c15b6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

17:44:36.0406 1532 ialm - ok

17:44:36.0625 1532 iaStor (692830b048aacd7e0d6ededf098acc01) C:\WINDOWS\system32\drivers\iaStor.sys

17:44:36.0656 1532 iaStor - ok

17:44:36.0843 1532 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:44:37.0000 1532 idsvc - ok

17:44:37.0046 1532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:44:37.0250 1532 Imapi - ok

17:44:37.0328 1532 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

17:44:37.0421 1532 ImapiService - ok

17:44:37.0453 1532 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

17:44:37.0531 1532 ini910u - ok

17:44:37.0578 1532 IntcHdmiAddService (64c301d73db18ebdc8680ca82d82af2d) C:\WINDOWS\system32\drivers\IntcHdmi.sys

17:44:37.0640 1532 IntcHdmiAddService - ok

17:44:37.0640 1532 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

17:44:37.0718 1532 IntelIde - ok

17:44:37.0750 1532 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:44:37.0828 1532 intelppm - ok

17:44:37.0859 1532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

17:44:37.0968 1532 Ip6Fw - ok

17:44:38.0000 1532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:44:38.0093 1532 IpFilterDriver - ok

17:44:38.0125 1532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:44:38.0203 1532 IpInIp - ok

17:44:38.0218 1532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:44:38.0312 1532 IpNat - ok

17:44:38.0312 1532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:44:38.0390 1532 IPSec - ok

17:44:38.0390 1532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:44:38.0421 1532 IRENUM - ok

17:44:38.0453 1532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:44:38.0546 1532 isapnp - ok

17:44:38.0734 1532 JavaQuickStarterService (32192b4ebe8720ed8d49a455c962cb91) C:\Program Files\Java\jre6\bin\jqs.exe

17:44:38.0750 1532 JavaQuickStarterService - ok

17:44:38.0796 1532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:44:38.0875 1532 Kbdclass - ok

17:44:38.0875 1532 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:44:38.0937 1532 kbdhid - ok

17:44:39.0000 1532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:44:39.0125 1532 kmixer - ok

17:44:39.0156 1532 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

17:44:39.0281 1532 KSecDD - ok

17:44:39.0328 1532 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll

17:44:39.0453 1532 LanmanServer - ok

17:44:39.0500 1532 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll

17:44:39.0625 1532 lanmanworkstation - ok

17:44:39.0625 1532 lbrtfdc - ok

17:44:39.0656 1532 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

17:44:39.0781 1532 LmHosts - ok

17:44:39.0812 1532 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

17:44:39.0828 1532 mdmxsdk - ok

17:44:39.0859 1532 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

17:44:39.0953 1532 Messenger - ok

17:44:39.0984 1532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:44:40.0046 1532 mnmdd - ok

17:44:40.0109 1532 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

17:44:40.0171 1532 mnmsrvc - ok

17:44:40.0203 1532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:44:40.0265 1532 Modem - ok

17:44:40.0312 1532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:44:40.0390 1532 Mouclass - ok

17:44:40.0406 1532 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:44:40.0500 1532 mouhid - ok

17:44:40.0515 1532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:44:40.0593 1532 MountMgr - ok

17:44:40.0625 1532 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

17:44:40.0703 1532 mraid35x - ok

17:44:40.0718 1532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:44:40.0812 1532 MRxDAV - ok

17:44:40.0875 1532 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:44:40.0953 1532 MRxSmb - ok

17:44:40.0984 1532 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

17:44:41.0062 1532 MSDTC - ok

17:44:41.0062 1532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:44:41.0156 1532 Msfs - ok

17:44:41.0156 1532 MSIServer - ok

17:44:41.0187 1532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:44:41.0265 1532 MSKSSRV - ok

17:44:41.0281 1532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:44:41.0359 1532 MSPCLOCK - ok

17:44:41.0359 1532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:44:41.0437 1532 MSPQM - ok

17:44:41.0453 1532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:44:41.0515 1532 mssmbios - ok

17:44:41.0531 1532 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

17:44:41.0609 1532 Mup - ok

17:44:41.0656 1532 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

17:44:41.0765 1532 napagent - ok

17:44:41.0765 1532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:44:41.0843 1532 NDIS - ok

17:44:41.0875 1532 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:44:41.0937 1532 NdisTapi - ok

17:44:41.0968 1532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:44:42.0031 1532 Ndisuio - ok

17:44:42.0046 1532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:44:42.0140 1532 NdisWan - ok

17:44:42.0140 1532 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

17:44:42.0218 1532 NDProxy - ok

17:44:42.0218 1532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:44:42.0281 1532 NetBIOS - ok

17:44:42.0312 1532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:44:42.0406 1532 NetBT - ok

17:44:42.0453 1532 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

17:44:42.0546 1532 NetDDE - ok

17:44:42.0546 1532 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

17:44:42.0609 1532 NetDDEdsdm - ok

17:44:42.0656 1532 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:44:42.0718 1532 Netlogon - ok

17:44:42.0750 1532 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

17:44:42.0843 1532 Netman - ok

17:44:42.0921 1532 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:44:42.0953 1532 NetTcpPortSharing - ok

17:44:43.0234 1532 NETw5x32 (a3b69acd14051ae87ab9e1823a508b6d) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

17:44:43.0578 1532 NETw5x32 - ok

17:44:43.0781 1532 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

17:44:43.0953 1532 NIC1394 - ok

17:44:44.0000 1532 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll

17:44:44.0046 1532 Nla - ok

17:44:44.0078 1532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:44:44.0156 1532 Npfs - ok

17:44:44.0250 1532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:44:44.0375 1532 Ntfs - ok

17:44:44.0421 1532 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:44:44.0484 1532 NtLmSsp - ok

17:44:44.0578 1532 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

17:44:44.0703 1532 NtmsSvc - ok

17:44:44.0734 1532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:44:44.0843 1532 Null - ok

17:44:44.0843 1532 NvtSp50 - ok

17:44:44.0859 1532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:44:44.0953 1532 NwlnkFlt - ok

17:44:44.0968 1532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:44:45.0062 1532 NwlnkFwd - ok

17:44:45.0093 1532 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:44:45.0156 1532 ohci1394 - ok

17:44:45.0234 1532 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:44:45.0250 1532 ose - ok

17:44:45.0265 1532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

17:44:45.0343 1532 Parport - ok

17:44:45.0343 1532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:44:45.0421 1532 PartMgr - ok

17:44:45.0421 1532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:44:45.0484 1532 ParVdm - ok

17:44:45.0531 1532 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

17:44:45.0546 1532 PBADRV - ok

17:44:45.0546 1532 PCASp50 - ok

17:44:45.0562 1532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:44:45.0640 1532 PCI - ok

17:44:45.0656 1532 PCIDump - ok

17:44:45.0671 1532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:44:45.0734 1532 PCIIde - ok

17:44:45.0750 1532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

17:44:45.0828 1532 Pcmcia - ok

17:44:45.0828 1532 PDCOMP - ok

17:44:45.0828 1532 PDFRAME - ok

17:44:45.0828 1532 PDRELI - ok

17:44:45.0828 1532 PDRFRAME - ok

17:44:45.0859 1532 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

17:44:45.0921 1532 perc2 - ok

17:44:45.0937 1532 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

17:44:46.0000 1532 perc2hib - ok

17:44:46.0031 1532 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

17:44:46.0031 1532 PlugPlay - ok

17:44:46.0031 1532 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:44:46.0109 1532 PolicyAgent - ok

17:44:46.0125 1532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:44:46.0218 1532 PptpMiniport - ok

17:44:46.0218 1532 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:44:46.0281 1532 ProtectedStorage - ok

17:44:46.0296 1532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:44:46.0359 1532 PSched - ok

17:44:46.0375 1532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:44:46.0437 1532 Ptilink - ok

17:44:46.0453 1532 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:44:46.0468 1532 PxHelp20 - ok

17:44:46.0484 1532 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

17:44:46.0562 1532 ql1080 - ok

17:44:46.0578 1532 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

17:44:46.0671 1532 Ql10wnt - ok

17:44:46.0687 1532 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

17:44:46.0750 1532 ql12160 - ok

17:44:46.0765 1532 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

17:44:46.0843 1532 ql1240 - ok

17:44:46.0859 1532 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

17:44:46.0937 1532 ql1280 - ok

17:44:46.0953 1532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:44:47.0015 1532 RasAcd - ok

17:44:47.0078 1532 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

17:44:47.0156 1532 RasAuto - ok

17:44:47.0187 1532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:44:47.0281 1532 Rasl2tp - ok

17:44:47.0312 1532 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

17:44:47.0390 1532 RasMan - ok

17:44:47.0406 1532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:44:47.0468 1532 RasPppoe - ok

17:44:47.0500 1532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:44:47.0578 1532 Raspti - ok

17:44:47.0609 1532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:44:47.0671 1532 Rdbss - ok

17:44:47.0687 1532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:44:47.0750 1532 RDPCDD - ok

17:44:47.0781 1532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:44:47.0859 1532 rdpdr - ok

17:44:47.0890 1532 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

17:44:47.0984 1532 RDPWD - ok

17:44:48.0015 1532 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

17:44:48.0093 1532 RDSessMgr - ok

17:44:48.0125 1532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:44:48.0187 1532 redbook - ok

17:44:48.0312 1532 RegSrvc (d1875727d04eae948f139022dcad3d47) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

17:44:48.0328 1532 RegSrvc ( UnsignedFile.Multi.Generic ) - warning

17:44:48.0328 1532 RegSrvc - detected UnsignedFile.Multi.Generic (1)

17:44:48.0437 1532 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

17:44:48.0515 1532 RemoteAccess - ok

17:44:48.0531 1532 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

17:44:48.0625 1532 RemoteRegistry - ok

17:44:48.0656 1532 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

17:44:48.0687 1532 rimmptsk - ok

17:44:48.0734 1532 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

17:44:48.0828 1532 RpcLocator - ok

17:44:48.0875 1532 Rpcnet (3297445bb9fd3e8363e7559010ed2ae7) C:\WINDOWS\system32\rpcnet.exe

17:44:48.0890 1532 Rpcnet - ok

17:44:48.0953 1532 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

17:44:48.0968 1532 RpcSs - ok

17:44:49.0015 1532 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

17:44:49.0140 1532 RSVP - ok

17:44:49.0343 1532 S24EventMonitor (8b4459365c254196f498a3cbc2898dbb) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

17:44:49.0421 1532 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning

17:44:49.0421 1532 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)

17:44:49.0515 1532 s24trans (87940243ea2ad3ebe274f5409c5e9072) C:\WINDOWS\system32\DRIVERS\s24trans.sys

17:44:49.0546 1532 s24trans ( UnsignedFile.Multi.Generic ) - warning

17:44:49.0546 1532 s24trans - detected UnsignedFile.Multi.Generic (1)

17:44:49.0578 1532 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:44:49.0640 1532 SamSs - ok

17:44:49.0671 1532 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

17:44:49.0859 1532 SCardSvr - ok

17:44:49.0906 1532 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

17:44:49.0984 1532 Schedule - ok

17:44:50.0031 1532 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

17:44:50.0125 1532 sdbus - ok

17:44:50.0171 1532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:44:50.0203 1532 Secdrv - ok

17:44:50.0218 1532 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

17:44:50.0296 1532 seclogon - ok

17:44:50.0296 1532 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

17:44:50.0375 1532 SENS - ok

17:44:50.0406 1532 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:44:50.0500 1532 Serenum - ok

17:44:50.0515 1532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:44:50.0625 1532 Serial - ok

17:44:50.0640 1532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:44:50.0734 1532 Sfloppy - ok

17:44:50.0796 1532 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

17:44:50.0906 1532 SharedAccess - ok

17:44:50.0968 1532 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll

17:44:51.0062 1532 ShellHWDetection - ok

17:44:51.0062 1532 Simbad - ok

17:44:51.0109 1532 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

17:44:51.0218 1532 sisagp - ok

17:44:51.0265 1532 Sony_EricssonWWSC (9d0e9f3d67d2260d6b146977276068d0) C:\WINDOWS\system32\DRIVERS\d553scard.sys

17:44:51.0265 1532 Sony_EricssonWWSC - ok

17:44:51.0296 1532 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

17:44:51.0359 1532 Sparrow - ok

17:44:51.0406 1532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:44:51.0531 1532 splitter - ok

17:44:51.0546 1532 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe

17:44:51.0671 1532 Spooler - ok

17:44:51.0687 1532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:44:51.0750 1532 sr - ok

17:44:51.0781 1532 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

17:44:51.0859 1532 srservice - ok

17:44:51.0890 1532 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys

17:44:51.0968 1532 Srv - ok

17:44:52.0000 1532 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

17:44:52.0062 1532 SSDPSRV - ok

17:44:52.0140 1532 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

17:44:52.0156 1532 ssmdrv - ok

17:44:52.0218 1532 STacSV (cb2449150a5ea17caa0b94363d9440cc) c:\drivers\audio\r205445\stacsv.exe

17:44:52.0265 1532 STacSV - ok

17:44:52.0468 1532 STHDA (886c708c91db573656d64c626468d707) C:\WINDOWS\system32\drivers\sthda.sys

17:44:52.0546 1532 STHDA - ok

17:44:52.0625 1532 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

17:44:52.0734 1532 stisvc - ok

17:44:52.0812 1532 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

17:44:52.0828 1532 stllssvr ( UnsignedFile.Multi.Generic ) - warning

17:44:52.0828 1532 stllssvr - detected UnsignedFile.Multi.Generic (1)

17:44:52.0921 1532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:44:52.0984 1532 swenum - ok

17:44:53.0031 1532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:44:53.0125 1532 swmidi - ok

17:44:53.0125 1532 SwPrv - ok

17:44:53.0171 1532 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

17:44:53.0234 1532 symc810 - ok

17:44:53.0250 1532 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

17:44:53.0328 1532 symc8xx - ok

17:44:53.0343 1532 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

17:44:53.0421 1532 sym_hi - ok

17:44:53.0421 1532 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

17:44:53.0484 1532 sym_u3 - ok

17:44:53.0531 1532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:44:53.0609 1532 sysaudio - ok

17:44:53.0640 1532 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

17:44:53.0718 1532 SysmonLog - ok

17:44:53.0765 1532 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

17:44:53.0843 1532 TapiSrv - ok

17:44:53.0890 1532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:44:53.0937 1532 Tcpip - ok

17:44:53.0984 1532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:44:54.0046 1532 TDPIPE - ok

17:44:54.0093 1532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:44:54.0156 1532 TDTCP - ok

17:44:54.0187 1532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:44:54.0250 1532 TermDD - ok

17:44:54.0281 1532 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

17:44:54.0375 1532 TermService - ok

17:44:54.0421 1532 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll

17:44:54.0484 1532 Themes - ok

17:44:54.0515 1532 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

17:44:54.0578 1532 TlntSvr - ok

17:44:54.0609 1532 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

17:44:54.0671 1532 TosIde - ok

17:44:54.0703 1532 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

17:44:54.0781 1532 TrkWks - ok

17:44:54.0796 1532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:44:54.0890 1532 Udfs - ok

17:44:54.0921 1532 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

17:44:54.0968 1532 ultra - ok

17:44:55.0031 1532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:44:55.0125 1532 Update - ok

17:44:55.0156 1532 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

17:44:55.0203 1532 upnphost - ok

17:44:55.0203 1532 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

17:44:55.0281 1532 UPS - ok

17:44:55.0343 1532 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:44:55.0359 1532 usbccgp - ok

17:44:55.0421 1532 USBCCID (150442fa5224dc338028543e2fffa7b4) C:\WINDOWS\system32\DRIVERS\usbccid.sys

17:44:55.0421 1532 USBCCID - ok

17:44:55.0437 1532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:44:55.0531 1532 usbehci - ok

17:44:55.0546 1532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:44:55.0609 1532 usbhub - ok

17:44:55.0656 1532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:44:55.0734 1532 usbprint - ok

17:44:55.0781 1532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:44:55.0890 1532 USBSTOR - ok

17:44:55.0921 1532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:44:56.0015 1532 usbuhci - ok

17:44:56.0015 1532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:44:56.0109 1532 VgaSave - ok

17:44:56.0187 1532 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

17:44:56.0281 1532 viaagp - ok

17:44:56.0312 1532 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

17:44:56.0406 1532 ViaIde - ok

17:44:56.0546 1532 VmbService (184f8f8c967a8455b0397944e864bae0) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

17:44:56.0546 1532 VmbService ( UnsignedFile.Multi.Generic ) - warning

17:44:56.0546 1532 VmbService - detected UnsignedFile.Multi.Generic (1)

17:44:56.0562 1532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:44:56.0671 1532 VolSnap - ok

17:44:56.0750 1532 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

17:44:56.0812 1532 VSS - ok

17:44:56.0843 1532 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

17:44:56.0968 1532 w32time - ok

17:44:57.0000 1532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:44:57.0078 1532 Wanarp - ok

17:44:57.0156 1532 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

17:44:57.0187 1532 Wdf01000 - ok

17:44:57.0187 1532 WDICA - ok

17:44:57.0250 1532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:44:57.0343 1532 wdmaud - ok

17:44:57.0390 1532 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

17:44:57.0468 1532 WebClient - ok

17:44:57.0562 1532 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

17:44:57.0609 1532 winachsf - ok

17:44:57.0734 1532 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

17:44:57.0812 1532 winmgmt - ok

17:44:57.0859 1532 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll

17:44:57.0937 1532 WmdmPmSN - ok

17:44:58.0015 1532 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

17:44:58.0031 1532 Wmi - ok

17:44:58.0140 1532 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

17:44:58.0203 1532 WmiAcpi - ok

17:44:58.0265 1532 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:44:58.0343 1532 WmiApSrv - ok

17:44:58.0375 1532 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

17:44:58.0453 1532 wscsvc - ok

17:44:58.0500 1532 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

17:44:58.0562 1532 wuauserv - ok

17:44:58.0593 1532 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

17:44:58.0687 1532 WZCSVC - ok

17:44:58.0703 1532 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

17:44:58.0781 1532 xmlprov - ok

17:44:58.0828 1532 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

17:44:59.0328 1532 \Device\Harddisk0\DR0 - ok

17:44:59.0328 1532 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR5

17:44:59.0906 1532 \Device\Harddisk1\DR5 - ok

17:44:59.0906 1532 Boot (0x1200) (d4aa1427426be4d63e57c9925208e842) \Device\Harddisk0\DR0\Partition0

17:44:59.0906 1532 \Device\Harddisk0\DR0\Partition0 - ok

17:44:59.0906 1532 Boot (0x1200) (57b9302739139f67b6fddb26d00ae863) \Device\Harddisk1\DR5\Partition0

17:44:59.0906 1532 \Device\Harddisk1\DR5\Partition0 - ok

17:44:59.0906 1532 ============================================================

17:44:59.0906 1532 Scan finished

17:44:59.0906 1532 ============================================================

17:45:00.0015 2032 Detected object count: 7

17:45:00.0015 2032 Actual detected object count: 7

17:45:26.0671 2032 Change Modem Device Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:45:26.0671 2032 Change Modem Device Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:45:26.0671 2032 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

17:45:26.0671 2032 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:45:26.0687 2032 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

17:45:26.0687 2032 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:45:26.0687 2032 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user

17:45:26.0687 2032 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:45:26.0687 2032 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

17:45:26.0687 2032 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:45:26.0687 2032 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user

17:45:26.0687 2032 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:45:26.0687 2032 VmbService ( UnsignedFile.Multi.Generic ) - skipped by user

17:45:26.0687 2032 VmbService ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:47:47.0781 2868 Deinitialize success

Link to post
Share on other sites

Just to let you know - I rebooted before running the TDSKiller (moving from work to home) - the AutoIt Error window still pops up and I also got an "Avgnt.exe - Bad Image" error message : The application or DLL C:\Windows\system32\MSCTF.dll is not a valid Windows image. Please check this againstyour installation diskette.

Link to post
Share on other sites

Reboot again to see if those errors go away then do this.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 12-07-30.03 - User 2012/07/31 19:21:19.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2878 [GMT 2:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\3002.abs

c:\documents and settings\User\Application Data\tazebama

c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Desktop_.ini

c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Desktop_1.ini

c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Desktop_2.ini

c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Usb 2.0 Driver\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Desktop_.ini

c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Usb 2.0 Driver\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Desktop_1.ini

c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Usb 2.0 Driver\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Desktop_2.ini

c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Usb 2.0 Driver\S-1-5-31-1286970278978-5713669491-166975984-320\tlsr\Desktop_.ini

c:\documents and settings\User\mail.dat

c:\documents and settings\User\mess.dat

c:\documents and settings\User\My Documents\~WRL0946.tmp

c:\documents and settings\User\My Documents\~WRL1821.tmp

c:\documents and settings\User\My Documents\~WRL2902.tmp

c:\windows\EventSystem.log

c:\windows\system32\test

.

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))

.

.

2012-07-31 16:58 . 2012-07-31 16:58 -------- d-----w- c:\program files\Common Files\Adobe

2012-07-31 16:56 . 2012-07-31 16:56 -------- d-----w- c:\program files\Autorun Eater

2012-07-31 05:43 . 2012-07-31 15:04 -------- d-----w- c:\windows\system32\NtmsData

2012-07-30 11:19 . 2012-07-30 11:19 -------- d-----w- c:\documents and settings\User\Application Data\Avira

2012-07-30 11:19 . 2012-07-31 12:33 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-07-30 11:19 . 2012-07-31 12:33 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-07-30 11:19 . 2012-07-30 11:19 -------- d-----w- c:\program files\Avira

2012-07-30 11:19 . 2012-07-30 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2012-07-30 11:19 . 2011-09-15 21:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-07-30 10:37 . 2012-07-30 10:37 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes

2012-07-30 10:37 . 2012-07-30 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-07-30 10:37 . 2012-07-31 08:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-30 10:37 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-23 08:35 . 2012-07-23 08:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-31 16:44 . 2009-02-10 08:42 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2012-07-31 16:44 . 2009-02-10 08:41 58288 ----a-w- c:\windows\system32\rpcnet.dll

2012-07-31 08:09 . 2009-02-10 08:43 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2012-07-30 20:09 . 2009-02-27 15:27 0 ----a-w- c:\documents and settings\User\Local Settings\Application Data\WavXMapDrive.bat

2012-07-30 15:48 . 2009-02-10 15:56 143360 ----a-w- c:\windows\system32\igfxtray.exe

2012-07-30 13:48 . 2009-03-04 12:45 45056 ----a-w- c:\documents and settings\User\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe

2012-07-30 11:21 . 2009-02-10 20:01 471040 ----a-w- c:\windows\system32\AESTFltr.exe

2012-07-30 11:21 . 2009-02-10 15:56 178712 ----a-w- c:\windows\system32\hkcmd.exe

2012-07-30 11:21 . 2009-02-10 15:56 150040 ----a-w- c:\windows\system32\igfxpers.exe

2012-07-30 11:21 . 2009-02-10 08:27 49152 ----a-w- c:\windows\system32\ico.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2012-07-30 218032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-07-30 200704]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-07-30 483420]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2012-07-30 471040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-30 143360]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-30 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-30 150040]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-07-30 136600]

"PMX Daemon"="ICO.EXE" [2012-07-30 49152]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2012-07-30 178712]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2012-07-30 128296]

"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-09-08 272384]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-31 348624]

"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-2-10 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Office2003 CD-Key.doc.exe"= ipsec

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\Program Files\\IDT\\WDM\\sttray.exe"=

"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=

"c:\\Program Files\\Autorun Eater\\oldmcdonald.exe"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Digital Line Detect\\DLG.exe"=

"c:\\Program Files\\DellTPad\\Apoint.exe"=

"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe"=

"c:\windows\TEMP\fxslt.exe"= ipsec

"c:\\WINDOWS\\system32\\AESTFltr.exe"=

"c:\program files\DellTPad\ApMsgFwd.exe"= ipsec

"c:\\Program Files\\Messenger\\msmsgs.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012/07/30 01:19 PM 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2012/07/30 01:19 PM 86224]

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2007/04/19 07:56 AM 133968]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2008/11/11 06:35 PM 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2008/11/11 06:35 PM 20840]

R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010/09/08 03:44 PM 8704]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009/02/10 05:55 PM 112128]

R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009/02/10 10:25 AM 12840]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009/02/10 05:57 PM 32808]

R3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [2009/02/10 10:35 AM 300672]

R3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [2009/02/10 10:35 AM 378368]

R3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [2009/02/10 10:35 AM 76328]

R3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [2009/02/10 10:35 AM 14976]

R3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [2009/02/10 10:35 AM 14976]

R3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [2009/02/10 10:35 AM 387200]

R3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [2009/02/10 10:35 AM 431616]

R3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [2009/02/10 10:35 AM 25984]

R3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [2009/02/10 10:35 AM 402944]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009/02/10 05:56 PM 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009/02/10 05:56 PM 110080]

R3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [2009/02/10 10:35 AM 25640]

S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2011/10/14 10:22 AM 135168]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012/01/04 04:55 PM 136176]

S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011/10/14 10:22 AM 103424]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011/08/02 02:28 PM 114432]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012/01/04 04:55 PM 136176]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011/08/02 02:41 PM 100736]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-04 11:22]

.

2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-04 11:22]

.

2012-07-31 c:\windows\Tasks\User_Feed_Synchronization-{310B6855-41DA-46A2-9124-C73B1D85E727}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://agriculture.kzntl.gov.za/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = proxy.kzntl.gov.za:3128

uInternet Settings,ProxyOverride = *.KZNTL.GOV.ZA; 10.200.188.*;<local>

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 10.0.0.2

TCP: Interfaces\{12EEDB33-EBF2-456A-9C3B-36CD89EFE58B}: NameServer = 196.43.1.11,196.25.1.11

TCP: Interfaces\{5B852397-714C-400B-85EC-DEFB87AD21CA}: NameServer = 196.43.1.11,196.25.1.11

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-WinApps - c:\documents and settings\User\Application Data\javainst.exe

HKLM-Run-ChangeTPMAuth - c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe

HKLM-Run-WinApps - c:\documents and settings\User\Application Data\javainst.exe

HKLM_ActiveSetup-{6FF1DCAB-A6BA-468D-A7AC-CFEBDECB9BCA} - c:\documents and settings\User\Application Data\javainst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-31 19:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1100)

c:\windows\system32\NetProvCredMan.dll

.

Completion time: 2012-07-31 19:29:03

ComboFix-quarantined-files.txt 2012-07-31 17:29

.

Pre-Run: 95,607,353,344 bytes free

Post-Run: 96,938,545,152 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 277A13F53FBAA259B2F6F47078E74575

Link to post
Share on other sites

There were no error messages during the last reboot! :D The AutoIt Error is also gone (I discovered that AutoRun Eater was not running and re-installed it which seemed to solve the problem)

Link to post
Share on other sites

Good job thumbup.gif

You can delete TDSKiller

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Thanks Mr Tate for you help! I'm giving one of the freeware firewalls as well as one of the spyware blocking applications as listed in your links a try to prevent a repetition. For now I think you can close the thread - this machine is now running like new! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.