Jump to content

Antivirus 2010 issues I'm desperate!


Recommended Posts

Hi

I had/have the antivirus 2010 malware, and I have ran combo fix, on a helpdesks advice, which seems to have stopped the antivirus 2010 screen popping up, but I still have issues in running most programs, system utilities, starting firefox, redirections etc.

Please help as I have been suffering with this for weeks now. I have attached the logs as requested. Everything was run in safe mode under the administrator account.

Thanks in advance.

DDS Log...

DDS (Ver_10-11-03.01) - NTFSx86 NETWORK

Run by Administrator at 12:10:11.40 on 03/11/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2989 [GMT 0:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

E:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe

E:\WINDOWS\system32\NOTEPAD.EXE

E:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - e:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - e:\program files\askbardis\bar\bin\askBar.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - e:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll

BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - e:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - e:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - e:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

{cc59e0f9-7e43-44fa-9faa-8377850bf205}

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - e:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - e:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - e:\program files\askbardis\bar\bin\askBar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - e:\program files\google\google toolbar\GoogleToolbar_32.dll

uRunOnce: [NeroHomeFirstStart] "e:\program files\common files\ahead\lib\NMFirstStart.exe"

mRun: [six Engine] "e:\program files\asus\six engine\SixEngine.exe" -r

mRun: [startCCC] "e:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Name of App] e:\program files\samsung\fw liveupdate\FWManager.exe r

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [CanonSolutionMenu] e:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] e:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [OSSelectorReinstall] e:\program files\common files\acronis\acronis disk director\oss_reinstall.exe

mRun: [HP Software Update] e:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [NPSStartup]

mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [sunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"

mRun: [TkBellExe] "e:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [broadbandadvisor.exe] "e:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN

mRun: [DivXUpdate] "e:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [NUSB3MON] "e:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"

mRun: [avp] "e:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"

dRun: [CTFMON.EXE] e:\windows\system32\ctfmon.exe

StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - e:\program files\logitech\setpoint\SetPoint.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - e:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - e:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - e:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_Win32.cab

DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} - hxxp://www.kaspersky.co.uk/downloads/misc/kasperskylicensefinder.cab

DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect2.buckscc.gov.uk/dana-cached/sc/JuniperSetupClient.cab

Notify: AtiExtEvent - Ati2evxx.dll

Notify: klogon - e:\windows\system32\klogon.dll

Notify: LBTWlgn - e:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "e:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - e:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\fch2670r.default\

FF - component: e:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll

FF - component: e:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - plugin: e:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: e:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: e:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: e:\program files\virgin broadband\advisor\nprpspa.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;e:\windows\system32\drivers\kl1.sys [2010-5-6 132184]

R0 mv61xx;mv61xx;e:\windows\system32\drivers\mv61xx.sys [2008-6-23 150568]

R0 mv91xx;mv91xx;e:\windows\system32\drivers\mv91xx.sys [2009-10-9 253480]

R1 kl2;Kl2;e:\windows\system32\drivers\kl2.sys [2010-5-6 132184]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;e:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;e:\windows\system32\drivers\nusb3xhc.sys [2009-10-26 136704]

S1 KLIF;Kaspersky Lab Driver;e:\windows\system32\drivers\klif.sys [2009-1-31 477784]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;e:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

S2 ASKService;ASKService;e:\program files\askbardis\bar\bin\AskService.exe [2010-1-21 464264]

S2 ASKUpgrade;ASKUpgrade;e:\program files\askbardis\bar\bin\ASKUpgrade.exe [2010-1-21 234888]

S2 AVP;Kaspersky Anti-Virus Service;e:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe -r --> e:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe -r [?]

S2 FsUsbExService;FsUsbExService;e:\windows\system32\FsUsbExService.Exe [2009-4-14 233472]

S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]

S2 XobniService;XobniService;e:\program files\xobni\XobniService.exe [2009-10-12 46824]

S3 epmntdrv;epmntdrv;e:\windows\system32\epmntdrv.sys [2009-7-22 8704]

S3 EuGdiDrv;EuGdiDrv;e:\windows\system32\EuGdiDrv.sys [2009-7-22 3072]

S3 FsUsbExDisk;FsUsbExDisk;e:\windows\system32\FsUsbExDisk.Sys [2009-4-14 36608]

S3 klmouflt;Kaspersky Lab KLMOUFLT;e:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]

S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\e:\progra~1\ple200\plcmpr5.sys --> e:\progra~1\ple200\PLCMPR5.SYS [?]

S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;e:\progra~1\ple200\PLCNDIS5.SYS [2009-2-16 17280]

S3 PS3 Media Server;PS3 Media Server;e:\program files\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]

=============== Created Last 30 ================

2010-11-03 11:44:46 -------- d-----w- e:\docume~1\admini~1\applic~1\ZipGenius

2010-11-03 11:29:15 -------- d-----w- E:\TDSSKiller_Quarantine

2010-10-31 15:31:36 -------- d-----w- E:\ComboFix

2010-10-27 22:11:12 -------- d-----w- e:\docume~1\admini~1\locals~1\applic~1\Mozilla

2010-10-27 22:10:31 -------- d-sh--w- e:\documents and settings\administrator\PrivacIE

2010-10-26 21:07:58 -------- d-----w- e:\docume~1\admini~1\applic~1\Malwarebytes

2010-10-26 20:53:52 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2010-10-26 20:53:51 20952 ----a-w- e:\windows\system32\drivers\mbam.sys

2010-10-22 11:59:41 -------- d-sha-r- E:\cmdcons

2010-10-22 11:56:05 98816 ----a-w- e:\windows\sed.exe

2010-10-22 11:56:05 85504 ----a-w- e:\windows\MBR.exe

2010-10-22 11:56:05 256512 ----a-w- e:\windows\PEV.exe

2010-10-22 11:56:05 161792 ----a-w- e:\windows\SWREG.exe

2010-10-22 11:53:43 -------- d-----w- e:\docume~1\admini~1\locals~1\applic~1\Google

2010-10-22 11:51:05 -------- d-sh--w- e:\documents and settings\administrator\IETldCache

2010-10-21 14:44:45 -------- d-----w- e:\windows\system32\wbem\repository\FS

2010-10-21 14:44:45 -------- d-----w- e:\windows\system32\wbem\Repository

2010-10-21 12:43:43 -------- d-----w- E:\32788R22FWJFW(2)

2010-10-21 09:57:57 -------- d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes

2010-10-21 09:57:56 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2010-10-20 23:29:10 -------- d-----w- e:\program files\Spyware Doctor

2010-10-20 23:29:10 -------- d-----w- e:\program files\common files\PC Tools

2010-10-20 23:04:33 -------- dc----w- e:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-10-20 23:04:22 -------- d-----w- e:\program files\Lavasoft

==================== Find3M ====================

2010-09-10 05:58:08 916480 ----a-w- e:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ----a-w- e:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- e:\windows\system32\inetcpl.cpl

2010-09-08 10:17:46 94208 ----a-w- e:\windows\system32\QuickTimeVR.qtx

2010-09-08 10:17:46 69632 ----a-w- e:\windows\system32\QuickTime.qts

2010-08-31 13:42:52 1852800 ----a-w- e:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- e:\windows\system32\t2embed.dll

2010-08-17 13:17:06 58880 ----a-w- e:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- e:\windows\system32\rpcrt4.dll

2010-08-13 12:53:02 5120 ----a-w- e:\windows\system32\xpsp4res.dll

2010-08-12 04:07:46 133616 -c----w- e:\windows\system32\pxafs.dll

2010-08-12 04:07:46 126448 -c----w- e:\windows\system32\pxinsi64.exe

2010-08-12 04:07:46 123888 -c----w- e:\windows\system32\pxcpyi64.exe

============= FINISH: 12:10:37.59 ===============

Link to post
Share on other sites

mbam log...

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5030

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

03/11/2010 12:27:30

mbam-log-2010-11-03 (12-27-30).txt

Scan type: Quick scan

Objects scanned: 177645

Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Gmer log...

GMER 1.0.15.15477 - http://www.gmer.net

Rootkit scan 2010-11-03 12:20:52

Windows 5.1.2600 Service Pack 3

Running: 1crc1hov.exe; Driver: E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxlyqfoc.sys

---- Kernel code sections - GMER 1.0.15 ----

? E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text E:\Program Files\Mozilla Firefox\firefox.exe[1672] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 E:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 snapman.sys (Acronis Snapshot API/Acronis)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Thanks for taking it on.

I've just re run combo fix....

ComboFix 10-11-02.05 - Administrator 03/11/2010 14:04:52.3.4 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2952 [GMT 0:00]

Running from: e:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

e:\windows\system32\Drivers\jgksnmoa.sys

e:\windows\system32\drivers\nusb3hub.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_nusb3hub

((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 )))))))))))))))))))))))))))))))

.

2010-11-03 11:29 . 2010-11-03 12:04 -------- d-----w- E:\TDSSKiller_Quarantine

2010-10-26 20:53 . 2010-04-29 15:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2010-10-26 20:53 . 2010-04-29 15:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys

2010-10-22 11:50 . 2010-11-03 12:09 -------- d-----w- e:\documents and settings\Administrator

2010-10-21 14:44 . 2010-10-21 14:44 -------- d-----w- e:\windows\system32\wbem\Repository

2010-10-21 12:43 . 2010-10-21 14:43 -------- d-----w- E:\32788R22FWJFW(2)

2010-10-21 10:30 . 2010-10-21 14:43 -------- d-s---w- e:\documents and settings\test

2010-10-21 10:26 . 2010-10-21 10:26 -------- d-----w- e:\documents and settings\Henry Bishop\Local Settings\Application Data\Mozilla

2010-10-21 09:58 . 2010-10-21 09:58 -------- d-----w- e:\documents and settings\Darren Bishop\Application Data\Malwarebytes

2010-10-21 09:57 . 2010-10-21 09:57 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes

2010-10-21 09:57 . 2010-11-03 12:24 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2010-10-20 23:29 . 2010-10-21 14:43 -------- d-----w- e:\program files\Spyware Doctor

2010-10-20 23:29 . 2010-10-21 14:43 -------- d-----w- e:\program files\Common Files\PC Tools

2010-10-20 23:04 . 2010-10-21 14:43 -------- dc----w- e:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-10-20 23:04 . 2010-10-20 23:08 -------- d-----w- e:\documents and settings\All Users\Application Data\Lavasoft

2010-10-20 23:04 . 2010-10-20 23:04 -------- d-----w- e:\program files\Lavasoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-31 15:50 . 2004-08-04 12:00 210688 ----a-w- e:\windows\system32\drivers\mup.sys

2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- e:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- e:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- e:\windows\system32\inetcpl.cpl

2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- e:\windows\system32\QuickTimeVR.qtx

2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- e:\windows\system32\QuickTime.qts

2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- e:\windows\system32\win32k.sys

2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- e:\windows\system32\t2embed.dll

2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- e:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- e:\windows\system32\rpcrt4.dll

2010-08-14 17:17 . 2009-03-03 22:26 47360 -c--a-w- e:\documents and settings\Darren Bishop\Application Data\pcouffin.sys

2010-08-13 12:53 . 2009-04-16 17:59 5120 ----a-w- e:\windows\system32\xpsp4res.dll

2010-08-12 04:07 . 2009-02-01 19:53 45648 ----a-w- e:\windows\system32\drivers\PxHelp20.sys

2010-08-12 04:07 . 2009-02-01 19:53 133616 -c----w- e:\windows\system32\pxafs.dll

2010-08-12 04:07 . 2009-02-01 19:53 126448 -c----w- e:\windows\system32\pxinsi64.exe

2010-08-12 04:07 . 2009-02-01 19:53 123888 -c----w- e:\windows\system32\pxcpyi64.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-10-31_15.53.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 12:00 . 2010-11-03 11:46 652836 e:\windows\system32\perfh009.dat

+ 2004-08-04 12:00 . 2010-11-03 11:46 153896 e:\windows\system32\perfc009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2009-04-02 12:47 333192 ----a-w- e:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "e:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Six Engine"="e:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]

"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]

"Name of App"="e:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2009-07-15 692340]

"RTHDCPL"="RTHDCPL.EXE" [2009-01-31 16876032]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]

"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"CanonSolutionMenu"="e:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"CanonMyPrinter"="e:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]

"OSSelectorReinstall"="e:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-26 2209224]

"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"NPSStartup"="" [bU]

"NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 148888]

"TkBellExe"="e:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 185896]

"Broadbandadvisor.exe"="e:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-01-29 2303216]

"DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

"NUSB3MON"="e:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]

"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]

e:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - e:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-31 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-11-07 16:41 72208 ----a-w- e:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"e:\\Program Files\\uTorrent\\uTorrent.exe"=

"e:\\Program Files\\Free Download Manager\\fdmwi.exe"=

"e:\\Program Files\\SAMSUNG\\Samsung New PC Studio\\npsasvr.exe"=

"e:\\Program Files\\SAMSUNG\\Samsung New PC Studio\\npsvsvr.exe"=

"e:\\Program Files\\Spotify\\spotify.exe"=

"e:\\Program Files\\Vuze\\Azureus.exe"=

"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"e:\\Program Files\\iTunes\\iTunes.exe"=

R0 mv61xx;mv61xx;e:\windows\system32\drivers\mv61xx.sys [23/06/2008 22:21 150568]

R0 mv91xx;mv91xx;e:\windows\system32\drivers\mv91xx.sys [09/10/2009 10:04 253480]

R1 kl2;Kl2;e:\windows\system32\drivers\kl2.sys [06/05/2010 23:19 132184]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;e:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;e:\windows\system32\drivers\nusb3xhc.sys [26/10/2009 22:19 136704]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;e:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 12:03 169312]

S2 ASKService;ASKService;e:\program files\AskBarDis\bar\bin\AskService.exe [21/01/2010 07:45 464264]

S2 ASKUpgrade;ASKUpgrade;e:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [21/01/2010 07:45 234888]

S2 FsUsbExService;FsUsbExService;e:\windows\system32\FsUsbExService.Exe [14/04/2009 17:15 233472]

S2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 10:00 135664]

S2 XobniService;XobniService;e:\program files\Xobni\XobniService.exe [12/10/2009 16:33 46824]

S3 epmntdrv;epmntdrv;e:\windows\system32\epmntdrv.sys [22/07/2009 20:06 8704]

S3 EuGdiDrv;EuGdiDrv;e:\windows\system32\EuGdiDrv.sys [22/07/2009 20:06 3072]

S3 FsUsbExDisk;FsUsbExDisk;e:\windows\system32\FsUsbExDisk.Sys [14/04/2009 17:15 36608]

S3 klmouflt;Kaspersky Lab KLMOUFLT;e:\windows\system32\drivers\klmouflt.sys [02/11/2009 19:27 19472]

S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\e:\progra~1\PLE200\PLCMPR5.SYS --> e:\progra~1\PLE200\PLCMPR5.SYS [?]

S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;e:\progra~1\PLE200\PLCNDIS5.SYS [16/02/2009 22:09 17280]

S3 PS3 Media Server;PS3 Media Server;e:\program files\PS3 Media Server\win32\service\wrapper.exe [17/08/2008 08:40 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-01-24 12:30 451872 ----a-w- e:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]

2008-06-18 15:04 8192 ----a-w- e:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

2010-10-16 e:\windows\Tasks\AppleSoftwareUpdate.job

- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-11-03 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- e:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 10:00]

2010-11-03 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- e:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 10:00]

.

.

------- Supplementary Scan -------

.

LSP: mswsock.dll

DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} - hxxp://www.kaspersky.co.uk/downloads/misc/kasperskylicensefinder.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect2.buckscc.gov.uk/dana-cached/sc/JuniperSetupClient.cab

FF - ProfilePath - e:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fch2670r.default\

FF - component: e:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll

FF - component: e:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - plugin: e:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: e:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: e:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: e:\program files\Virgin Broadband\advisor\nprpspa.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-03 14:09

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1960408961-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,3e,f1,a9,bd,28,40,47,b1,f1,67,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,3e,f1,a9,bd,28,40,47,b1,f1,67,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)

e:\windows\system32\Ati2evxx.dll

e:\program files\common files\logitech\bluetooth\LBTWlgn.dll

e:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1528)

e:\windows\system32\WININET.dll

.

Completion time: 2010-11-03 14:11:36 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-03 14:11

Pre-Run: 31,252,848,640 bytes free

Post-Run: 31,244,447,744 bytes free

- - End Of File - - 4C436722B29484057E447BBE3F44424D

Link to post
Share on other sites

I see you ran TDSSKiller before, please download and run a fresh copy and post the log:

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

MrC

Link to post
Share on other sites

I've downloaded and rerun TDSS...

2010/11/03 15:40:12.0906 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43

2010/11/03 15:40:12.0906 ================================================================================

2010/11/03 15:40:12.0906 SystemInfo:

2010/11/03 15:40:12.0906

2010/11/03 15:40:12.0906 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/03 15:40:12.0906 Product type: Workstation

2010/11/03 15:40:12.0906 ComputerName: DARREN-DESKTOP

2010/11/03 15:40:12.0906 UserName: Administrator

2010/11/03 15:40:12.0906 Windows directory: E:\WINDOWS

2010/11/03 15:40:12.0906 System windows directory: E:\WINDOWS

2010/11/03 15:40:12.0906 Processor architecture: Intel x86

2010/11/03 15:40:12.0906 Number of processors: 4

2010/11/03 15:40:12.0906 Page size: 0x1000

2010/11/03 15:40:12.0906 Boot type: Safe boot with network

2010/11/03 15:40:12.0906 ================================================================================

2010/11/03 15:40:14.0515 Initialize success

2010/11/03 15:40:16.0937 ================================================================================

2010/11/03 15:40:16.0937 Scan started

2010/11/03 15:40:16.0937 Mode: Manual;

2010/11/03 15:40:16.0937 ================================================================================

2010/11/03 15:40:19.0000 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/03 15:40:19.0031 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/11/03 15:40:19.0078 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/11/03 15:40:19.0109 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/11/03 15:40:19.0234 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/11/03 15:40:19.0296 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) E:\WINDOWS\system32\drivers\AsIO.sys

2010/11/03 15:40:19.0359 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/03 15:40:19.0375 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/03 15:40:19.0468 ati2mtag (c06659ff381423d6cb19a91c2a2f80ad) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/11/03 15:40:19.0515 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) E:\WINDOWS\system32\drivers\AtiHdmi.sys

2010/11/03 15:40:19.0546 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/03 15:40:19.0562 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/03 15:40:19.0593 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/11/03 15:40:19.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/03 15:40:19.0687 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/03 15:40:19.0703 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/03 15:40:19.0718 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/03 15:40:19.0859 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/03 15:40:19.0906 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/11/03 15:40:19.0921 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/11/03 15:40:19.0953 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/11/03 15:40:19.0984 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/11/03 15:40:20.0031 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/03 15:40:20.0046 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) E:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys

2010/11/03 15:40:20.0093 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) E:\WINDOWS\system32\epmntdrv.sys

2010/11/03 15:40:20.0109 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) E:\WINDOWS\system32\EuGdiDrv.sys

2010/11/03 15:40:20.0140 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/03 15:40:20.0156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys

2010/11/03 15:40:20.0171 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/11/03 15:40:20.0187 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/11/03 15:40:20.0218 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/03 15:40:20.0250 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) E:\WINDOWS\system32\FsUsbExDisk.SYS

2010/11/03 15:40:20.0281 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/03 15:40:20.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/03 15:40:20.0328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/11/03 15:40:20.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/03 15:40:20.0390 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/11/03 15:40:20.0453 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) E:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/11/03 15:40:20.0484 HPZipr12 (89f41658929393487b6b7d13c8528ce3) E:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/11/03 15:40:20.0500 HPZius12 (abcb05ccdbf03000354b9553820e39f8) E:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/11/03 15:40:20.0531 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/03 15:40:20.0593 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/03 15:40:20.0625 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/03 15:40:20.0734 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/11/03 15:40:20.0812 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/03 15:40:20.0843 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/03 15:40:20.0859 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/03 15:40:20.0875 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/03 15:40:20.0890 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/03 15:40:20.0921 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/03 15:40:20.0953 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/03 15:40:20.0984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/03 15:40:21.0000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/03 15:40:21.0015 kl1 (47f4320cff5bd3de472bb300a32a879e) E:\WINDOWS\system32\drivers\kl1.sys

2010/11/03 15:40:21.0062 kl2 (0e29fe31bd4c72412ad99253e71b25c1) E:\WINDOWS\system32\drivers\kl2.sys

2010/11/03 15:40:21.0093 KLIF (acfa523e62dbd4be52c8b665dd49acf3) E:\WINDOWS\system32\DRIVERS\klif.sys

2010/11/03 15:40:21.0125 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) E:\WINDOWS\system32\DRIVERS\klim5.sys

2010/11/03 15:40:21.0156 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) E:\WINDOWS\system32\DRIVERS\klmouflt.sys

2010/11/03 15:40:21.0171 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/11/03 15:40:21.0203 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/03 15:40:21.0234 L1e (93e64bab9dee162ca0ca5258d132a047) E:\WINDOWS\system32\DRIVERS\l1e51x86.sys

2010/11/03 15:40:21.0250 L8042Kbd (dc61f15187372d164769c841655e58f3) E:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

2010/11/03 15:40:21.0265 L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) E:\WINDOWS\system32\DRIVERS\L8042mou.Sys

2010/11/03 15:40:21.0359 LMouKE (58597a99792461e89bb5c44e17508d70) E:\WINDOWS\system32\DRIVERS\LMouKE.Sys

2010/11/03 15:40:21.0375 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/03 15:40:21.0406 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/11/03 15:40:21.0421 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/03 15:40:21.0437 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/03 15:40:21.0484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/03 15:40:21.0500 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/03 15:40:21.0531 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/11/03 15:40:21.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/03 15:40:21.0578 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/03 15:40:21.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/03 15:40:21.0609 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/03 15:40:21.0640 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) E:\WINDOWS\system32\DRIVERS\ASACPI.sys

2010/11/03 15:40:21.0656 Mup (fb12d27644f5b9fc2e92d2d551929588) E:\WINDOWS\system32\drivers\Mup.sys

2010/11/03 15:40:21.0656 Suspicious file (Forged): E:\WINDOWS\system32\drivers\Mup.sys. Real md5: fb12d27644f5b9fc2e92d2d551929588, Fake md5: b66619e78caad6e374ed628c2fb74f1e

2010/11/03 15:40:21.0656 Mup - detected Forged file (1)

2010/11/03 15:40:21.0671 mv61xx (a95fed4c2fb11c79e7ddbe2eff1919b5) E:\WINDOWS\system32\DRIVERS\mv61xx.sys

2010/11/03 15:40:21.0703 mv91xx (647ee4dc4ca56f4e3f3deec7ecfcbb7a) E:\WINDOWS\system32\DRIVERS\mv91xx.sys

2010/11/03 15:40:21.0734 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/11/03 15:40:21.0750 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/03 15:40:21.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/03 15:40:21.0781 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/03 15:40:21.0796 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/03 15:40:21.0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/03 15:40:21.0843 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/03 15:40:21.0890 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/11/03 15:40:21.0921 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/11/03 15:40:21.0937 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/03 15:40:21.0968 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/11/03 15:40:22.0015 nusb3xhc (456f7262604f85746919823f592b303c) E:\WINDOWS\system32\DRIVERS\nusb3xhc.sys

2010/11/03 15:40:22.0031 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/03 15:40:22.0046 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/03 15:40:22.0062 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/11/03 15:40:22.0109 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\drivers\Parport.sys

2010/11/03 15:40:22.0125 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/03 15:40:22.0140 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/03 15:40:22.0187 pccsmcfd (fd2041e9ba03db7764b2248f02475079) E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

2010/11/03 15:40:22.0203 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/03 15:40:22.0250 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/11/03 15:40:22.0265 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/11/03 15:40:22.0296 pcouffin (5b6c11de7e839c05248ced8825470fef) E:\WINDOWS\system32\Drivers\pcouffin.sys

2010/11/03 15:40:22.0468 PLCNDIS5 (2aba2f545b35f9c6cc2cfc4e1d539a80) E:\PROGRA~1\PLE200\PLCNDIS5.SYS

2010/11/03 15:40:22.0500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/03 15:40:22.0531 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/03 15:40:22.0546 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/03 15:40:22.0562 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) E:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/11/03 15:40:22.0671 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/03 15:40:22.0687 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/03 15:40:22.0718 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/03 15:40:22.0734 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/03 15:40:22.0750 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/03 15:40:22.0765 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/03 15:40:22.0781 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/11/03 15:40:22.0812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/03 15:40:22.0843 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/03 15:40:22.0921 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/03 15:40:22.0953 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/11/03 15:40:22.0968 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/11/03 15:40:23.0015 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/03 15:40:23.0078 snapman (e78c98378a071ce4d48a7c514fa98fa1) E:\WINDOWS\system32\DRIVERS\snapman.sys

2010/11/03 15:40:23.0109 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/11/03 15:40:23.0140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/03 15:40:23.0187 Srv (da852e3e0bf1cea75d756f9866241e57) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/03 15:40:23.0218 sscdbus (92b69020fc480219683d429dca068d71) E:\WINDOWS\system32\DRIVERS\sscdbus.sys

2010/11/03 15:40:23.0250 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) E:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

2010/11/03 15:40:23.0265 sscdmdm (b4255635195a8413fcde7af5b7c4e382) E:\WINDOWS\system32\DRIVERS\sscdmdm.sys

2010/11/03 15:40:23.0296 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/03 15:40:23.0312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/11/03 15:40:23.0406 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/03 15:40:23.0453 tbhsd (c26c6dff638d9e51dc5cc60a7785d057) E:\WINDOWS\system32\drivers\tbhsd.sys

2010/11/03 15:40:23.0468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/03 15:40:23.0500 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/03 15:40:23.0515 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/03 15:40:23.0531 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/03 15:40:23.0593 truecrypt (db0815523ac07445a2f09dcd2acea8c3) E:\WINDOWS\system32\drivers\truecrypt.sys

2010/11/03 15:40:23.0609 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/11/03 15:40:23.0656 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/11/03 15:40:23.0703 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) E:\WINDOWS\system32\Drivers\usbaapl.sys

2010/11/03 15:40:23.0750 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/03 15:40:23.0765 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/03 15:40:23.0781 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/03 15:40:23.0796 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/03 15:40:23.0828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/03 15:40:23.0843 usbstor (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/03 15:40:23.0859 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/11/03 15:40:23.0875 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/11/03 15:40:23.0921 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/03 15:40:23.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/03 15:40:24.0000 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) E:\WINDOWS\system32\Drivers\wdf01000.sys

2010/11/03 15:40:24.0046 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/03 15:40:24.0140 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/11/03 15:40:24.0171 WudfPf (6ff66513d372d479ef1810223c8d20ce) E:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/03 15:40:24.0203 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) E:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/03 15:40:24.0406 ================================================================================

2010/11/03 15:40:24.0406 Scan finished

2010/11/03 15:40:24.0406 ================================================================================

2010/11/03 15:40:24.0421 Detected object count: 1

2010/11/03 15:40:54.0125 Forged file(Mup) - User select action: Skip

Link to post
Share on other sites

Run TDSSKiller gain but this time cure this one and post the log:

2010/11/03 15:40:24.0421 Detected object count: 1

2010/11/03 15:40:54.0125 Forged file(Mup) - User select action: Skip

-------------------------

Then run it again and nothing should be found, post that log also.

MrC

Link to post
Share on other sites

Hi

I ran TDSSkiller, it came up with the issue, but I only had a choice of skip, quarantine or delete, so I went for delete.

I reran TDSSkiller and it didnt find the issue again, log below...

2010/11/03 18:59:19.0937 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43

2010/11/03 18:59:19.0937 ================================================================================

2010/11/03 18:59:19.0937 SystemInfo:

2010/11/03 18:59:19.0937

2010/11/03 18:59:19.0937 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/03 18:59:19.0937 Product type: Workstation

2010/11/03 18:59:19.0937 ComputerName: DARREN-DESKTOP

2010/11/03 18:59:19.0937 UserName: Administrator

2010/11/03 18:59:19.0937 Windows directory: E:\WINDOWS

2010/11/03 18:59:19.0937 System windows directory: E:\WINDOWS

2010/11/03 18:59:19.0937 Processor architecture: Intel x86

2010/11/03 18:59:19.0937 Number of processors: 4

2010/11/03 18:59:19.0937 Page size: 0x1000

2010/11/03 18:59:19.0937 Boot type: Safe boot with network

2010/11/03 18:59:19.0937 ================================================================================

2010/11/03 18:59:23.0890 Initialize success

2010/11/03 18:59:25.0437 ================================================================================

2010/11/03 18:59:25.0437 Scan started

2010/11/03 18:59:25.0437 Mode: Manual;

2010/11/03 18:59:25.0437 ================================================================================

2010/11/03 18:59:27.0062 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/03 18:59:27.0093 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/11/03 18:59:27.0156 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/11/03 18:59:27.0187 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/11/03 18:59:27.0312 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/11/03 18:59:27.0375 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) E:\WINDOWS\system32\drivers\AsIO.sys

2010/11/03 18:59:27.0437 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/03 18:59:27.0453 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/03 18:59:27.0546 ati2mtag (c06659ff381423d6cb19a91c2a2f80ad) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/11/03 18:59:27.0593 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) E:\WINDOWS\system32\drivers\AtiHdmi.sys

2010/11/03 18:59:27.0609 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/03 18:59:27.0640 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/03 18:59:27.0671 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/11/03 18:59:27.0734 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/03 18:59:27.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/03 18:59:27.0781 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/03 18:59:27.0796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/03 18:59:27.0937 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/03 18:59:27.0984 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/11/03 18:59:28.0000 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/11/03 18:59:28.0031 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/11/03 18:59:28.0046 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/11/03 18:59:28.0093 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/03 18:59:28.0125 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) E:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys

2010/11/03 18:59:28.0187 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) E:\WINDOWS\system32\epmntdrv.sys

2010/11/03 18:59:28.0218 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) E:\WINDOWS\system32\EuGdiDrv.sys

2010/11/03 18:59:28.0250 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/03 18:59:28.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys

2010/11/03 18:59:28.0296 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/11/03 18:59:28.0312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/11/03 18:59:28.0343 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/03 18:59:28.0375 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) E:\WINDOWS\system32\FsUsbExDisk.SYS

2010/11/03 18:59:28.0406 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/03 18:59:28.0421 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/03 18:59:28.0453 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/11/03 18:59:28.0484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/03 18:59:28.0515 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/11/03 18:59:28.0578 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) E:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/11/03 18:59:28.0593 HPZipr12 (89f41658929393487b6b7d13c8528ce3) E:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/11/03 18:59:28.0625 HPZius12 (abcb05ccdbf03000354b9553820e39f8) E:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/11/03 18:59:28.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/03 18:59:28.0703 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/03 18:59:28.0734 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/03 18:59:28.0859 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/11/03 18:59:28.0921 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/03 18:59:28.0953 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/03 18:59:28.0984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/03 18:59:29.0015 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/03 18:59:29.0015 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/03 18:59:29.0062 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/03 18:59:29.0078 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/03 18:59:29.0109 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/03 18:59:29.0125 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/03 18:59:29.0140 kl1 (47f4320cff5bd3de472bb300a32a879e) E:\WINDOWS\system32\drivers\kl1.sys

2010/11/03 18:59:29.0203 kl2 (0e29fe31bd4c72412ad99253e71b25c1) E:\WINDOWS\system32\drivers\kl2.sys

2010/11/03 18:59:29.0218 KLIF (acfa523e62dbd4be52c8b665dd49acf3) E:\WINDOWS\system32\DRIVERS\klif.sys

2010/11/03 18:59:29.0265 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) E:\WINDOWS\system32\DRIVERS\klim5.sys

2010/11/03 18:59:29.0296 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) E:\WINDOWS\system32\DRIVERS\klmouflt.sys

2010/11/03 18:59:29.0312 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/11/03 18:59:29.0328 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/03 18:59:29.0343 L1e (93e64bab9dee162ca0ca5258d132a047) E:\WINDOWS\system32\DRIVERS\l1e51x86.sys

2010/11/03 18:59:29.0375 L8042Kbd (dc61f15187372d164769c841655e58f3) E:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

2010/11/03 18:59:29.0390 L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) E:\WINDOWS\system32\DRIVERS\L8042mou.Sys

2010/11/03 18:59:29.0484 LMouKE (58597a99792461e89bb5c44e17508d70) E:\WINDOWS\system32\DRIVERS\LMouKE.Sys

2010/11/03 18:59:29.0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/03 18:59:29.0531 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/11/03 18:59:29.0546 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/03 18:59:29.0562 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/03 18:59:29.0593 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/03 18:59:29.0609 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/03 18:59:29.0640 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/11/03 18:59:29.0687 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/03 18:59:29.0703 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/03 18:59:29.0718 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/03 18:59:29.0734 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/03 18:59:29.0765 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) E:\WINDOWS\system32\DRIVERS\ASACPI.sys

2010/11/03 18:59:29.0781 mv61xx (a95fed4c2fb11c79e7ddbe2eff1919b5) E:\WINDOWS\system32\DRIVERS\mv61xx.sys

2010/11/03 18:59:29.0812 mv91xx (647ee4dc4ca56f4e3f3deec7ecfcbb7a) E:\WINDOWS\system32\DRIVERS\mv91xx.sys

2010/11/03 18:59:29.0843 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/11/03 18:59:29.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/03 18:59:29.0890 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/03 18:59:29.0890 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/03 18:59:29.0906 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/03 18:59:29.0937 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/03 18:59:29.0968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/03 18:59:30.0015 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/11/03 18:59:30.0046 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/11/03 18:59:30.0062 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/03 18:59:30.0093 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/11/03 18:59:30.0125 nusb3xhc (456f7262604f85746919823f592b303c) E:\WINDOWS\system32\DRIVERS\nusb3xhc.sys

2010/11/03 18:59:30.0156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/03 18:59:30.0171 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/03 18:59:30.0203 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/11/03 18:59:30.0234 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\drivers\Parport.sys

2010/11/03 18:59:30.0250 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/03 18:59:30.0281 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/03 18:59:30.0312 pccsmcfd (fd2041e9ba03db7764b2248f02475079) E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

2010/11/03 18:59:30.0328 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/03 18:59:30.0359 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/11/03 18:59:30.0390 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/11/03 18:59:30.0406 pcouffin (5b6c11de7e839c05248ced8825470fef) E:\WINDOWS\system32\Drivers\pcouffin.sys

2010/11/03 18:59:30.0593 PLCNDIS5 (2aba2f545b35f9c6cc2cfc4e1d539a80) E:\PROGRA~1\PLE200\PLCNDIS5.SYS

2010/11/03 18:59:30.0625 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/03 18:59:30.0656 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/03 18:59:30.0671 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/03 18:59:30.0687 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) E:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/11/03 18:59:30.0781 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/03 18:59:30.0812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/03 18:59:30.0828 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/03 18:59:30.0843 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/03 18:59:30.0859 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/03 18:59:30.0875 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/03 18:59:30.0906 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/11/03 18:59:30.0937 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/03 18:59:30.0968 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/03 18:59:31.0046 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/03 18:59:31.0062 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/11/03 18:59:31.0093 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/11/03 18:59:31.0125 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/03 18:59:31.0203 snapman (e78c98378a071ce4d48a7c514fa98fa1) E:\WINDOWS\system32\DRIVERS\snapman.sys

2010/11/03 18:59:31.0218 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/11/03 18:59:31.0265 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/03 18:59:31.0296 Srv (da852e3e0bf1cea75d756f9866241e57) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/03 18:59:31.0328 sscdbus (92b69020fc480219683d429dca068d71) E:\WINDOWS\system32\DRIVERS\sscdbus.sys

2010/11/03 18:59:31.0359 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) E:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

2010/11/03 18:59:31.0390 sscdmdm (b4255635195a8413fcde7af5b7c4e382) E:\WINDOWS\system32\DRIVERS\sscdmdm.sys

2010/11/03 18:59:31.0406 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/03 18:59:31.0437 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/11/03 18:59:31.0531 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/03 18:59:31.0562 tbhsd (c26c6dff638d9e51dc5cc60a7785d057) E:\WINDOWS\system32\drivers\tbhsd.sys

2010/11/03 18:59:31.0578 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/03 18:59:31.0609 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/03 18:59:31.0625 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/03 18:59:31.0640 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/03 18:59:31.0703 truecrypt (db0815523ac07445a2f09dcd2acea8c3) E:\WINDOWS\system32\drivers\truecrypt.sys

2010/11/03 18:59:31.0734 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/11/03 18:59:31.0765 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/11/03 18:59:31.0843 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) E:\WINDOWS\system32\Drivers\usbaapl.sys

2010/11/03 18:59:31.0859 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/03 18:59:31.0875 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/03 18:59:31.0906 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/03 18:59:31.0921 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/03 18:59:31.0953 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/03 18:59:31.0968 usbstor (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/03 18:59:31.0984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/11/03 18:59:32.0015 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/11/03 18:59:32.0046 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/03 18:59:32.0093 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/03 18:59:32.0125 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) E:\WINDOWS\system32\Drivers\wdf01000.sys

2010/11/03 18:59:32.0171 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/03 18:59:32.0265 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/11/03 18:59:32.0296 WudfPf (6ff66513d372d479ef1810223c8d20ce) E:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/03 18:59:32.0328 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) E:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/03 18:59:32.0531 ================================================================================

2010/11/03 18:59:32.0531 Scan finished

2010/11/03 18:59:32.0531 ================================================================================

Link to post
Share on other sites

Combo fix, ran in safe mode, it deleted 2 files and then performed a reboot....

ComboFix 10-11-04.08 - Administrator 05/11/2010 16:18:24.4.4 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2948 [GMT 0:00]

Running from: e:\documents and settings\Administrator\Desktop\iexplorer.exe

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

e:\windows\system32\config\juoaxlnn

e:\windows\system32\config\juoaxlnn.sav

.

((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))

.

2010-11-03 16:10 . 2010-11-03 16:10 -------- d-----w- E:\My Music

2010-11-03 11:29 . 2010-11-03 12:04 -------- d-----w- E:\TDSSKiller_Quarantine

2010-10-26 20:53 . 2010-04-29 15:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2010-10-26 20:53 . 2010-04-29 15:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys

2010-10-22 11:50 . 2010-11-03 12:09 -------- d-----w- e:\documents and settings\Administrator

2010-10-21 14:44 . 2010-10-21 14:44 -------- d-----w- e:\windows\system32\wbem\Repository

2010-10-21 12:43 . 2010-10-21 14:43 -------- d-----w- E:\32788R22FWJFW(2)

2010-10-21 10:30 . 2010-10-21 14:43 -------- d-s---w- e:\documents and settings\test

2010-10-21 10:26 . 2010-10-21 10:26 -------- d-----w- e:\documents and settings\Henry Bishop\Local Settings\Application Data\Mozilla

2010-10-21 09:58 . 2010-10-21 09:58 -------- d-----w- e:\documents and settings\Darren Bishop\Application Data\Malwarebytes

2010-10-21 09:57 . 2010-10-21 09:57 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes

2010-10-21 09:57 . 2010-11-03 12:24 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2010-10-20 23:29 . 2010-10-21 14:43 -------- d-----w- e:\program files\Spyware Doctor

2010-10-20 23:29 . 2010-10-21 14:43 -------- d-----w- e:\program files\Common Files\PC Tools

2010-10-20 23:04 . 2010-10-21 14:43 -------- dc----w- e:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-10-20 23:04 . 2010-10-20 23:08 -------- d-----w- e:\documents and settings\All Users\Application Data\Lavasoft

2010-10-20 23:04 . 2010-10-20 23:04 -------- d-----w- e:\program files\Lavasoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- e:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- e:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- e:\windows\system32\inetcpl.cpl

2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- e:\windows\system32\QuickTimeVR.qtx

2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- e:\windows\system32\QuickTime.qts

2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- e:\windows\system32\win32k.sys

2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- e:\windows\system32\t2embed.dll

2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- e:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- e:\windows\system32\rpcrt4.dll

2010-08-14 17:17 . 2009-03-03 22:26 47360 -c--a-w- e:\documents and settings\Darren Bishop\Application Data\pcouffin.sys

2010-08-13 12:53 . 2009-04-16 17:59 5120 ----a-w- e:\windows\system32\xpsp4res.dll

2010-08-12 04:07 . 2009-02-01 19:53 45648 ----a-w- e:\windows\system32\drivers\PxHelp20.sys

2010-08-12 04:07 . 2009-02-01 19:53 133616 -c----w- e:\windows\system32\pxafs.dll

2010-08-12 04:07 . 2009-02-01 19:53 126448 -c----w- e:\windows\system32\pxinsi64.exe

2010-08-12 04:07 . 2009-02-01 19:53 123888 -c----w- e:\windows\system32\pxcpyi64.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-10-31_15.53.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 12:00 . 2010-11-04 23:25 654684 e:\windows\system32\perfh009.dat

+ 2004-08-04 12:00 . 2010-11-04 23:25 154592 e:\windows\system32\perfc009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2009-04-02 12:47 333192 ----a-w- e:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "e:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Six Engine"="e:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]

"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]

"Name of App"="e:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2009-07-15 692340]

"RTHDCPL"="RTHDCPL.EXE" [2009-01-31 16876032]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]

"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"CanonSolutionMenu"="e:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"CanonMyPrinter"="e:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]

"OSSelectorReinstall"="e:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-26 2209224]

"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"NPSStartup"="" [bU]

"NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 148888]

"TkBellExe"="e:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 185896]

"Broadbandadvisor.exe"="e:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-01-29 2303216]

"DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

"NUSB3MON"="e:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]

"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]

e:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - e:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-31 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-11-07 16:41 72208 ----a-w- e:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"e:\\Program Files\\uTorrent\\uTorrent.exe"=

"e:\\Program Files\\Free Download Manager\\fdmwi.exe"=

"e:\\Program Files\\SAMSUNG\\Samsung New PC Studio\\npsasvr.exe"=

"e:\\Program Files\\SAMSUNG\\Samsung New PC Studio\\npsvsvr.exe"=

"e:\\Program Files\\Spotify\\spotify.exe"=

"e:\\Program Files\\Vuze\\Azureus.exe"=

"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"e:\\Program Files\\iTunes\\iTunes.exe"=

R0 mv61xx;mv61xx;e:\windows\system32\drivers\mv61xx.sys [23/06/2008 22:21 150568]

R0 mv91xx;mv91xx;e:\windows\system32\drivers\mv91xx.sys [09/10/2009 10:04 253480]

R1 kl2;Kl2;e:\windows\system32\drivers\kl2.sys [06/05/2010 23:19 132184]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;e:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;e:\windows\system32\drivers\nusb3xhc.sys [26/10/2009 22:19 136704]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;e:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 12:03 169312]

S2 ASKService;ASKService;e:\program files\AskBarDis\bar\bin\AskService.exe [21/01/2010 07:45 464264]

S2 ASKUpgrade;ASKUpgrade;e:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [21/01/2010 07:45 234888]

S2 FsUsbExService;FsUsbExService;e:\windows\system32\FsUsbExService.Exe [14/04/2009 17:15 233472]

S2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 10:00 135664]

S2 XobniService;XobniService;e:\program files\Xobni\XobniService.exe [12/10/2009 16:33 46824]

S3 epmntdrv;epmntdrv;e:\windows\system32\epmntdrv.sys [22/07/2009 20:06 8704]

S3 EuGdiDrv;EuGdiDrv;e:\windows\system32\EuGdiDrv.sys [22/07/2009 20:06 3072]

S3 FsUsbExDisk;FsUsbExDisk;e:\windows\system32\FsUsbExDisk.Sys [14/04/2009 17:15 36608]

S3 klmouflt;Kaspersky Lab KLMOUFLT;e:\windows\system32\drivers\klmouflt.sys [02/11/2009 19:27 19472]

S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [26/10/2010 20:53 38224]

S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\e:\progra~1\PLE200\PLCMPR5.SYS --> e:\progra~1\PLE200\PLCMPR5.SYS [?]

S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;e:\progra~1\PLE200\PLCNDIS5.SYS [16/02/2009 22:09 17280]

S3 PS3 Media Server;PS3 Media Server;e:\program files\PS3 Media Server\win32\service\wrapper.exe [17/08/2008 08:40 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-01-24 12:30 451872 ----a-w- e:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]

2008-06-18 15:04 8192 ----a-w- e:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

2010-10-16 e:\windows\Tasks\AppleSoftwareUpdate.job

- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-11-04 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- e:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 10:00]

2010-11-04 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- e:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 10:00]

.

.

------- Supplementary Scan -------

.

LSP: mswsock.dll

DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} - hxxp://www.kaspersky.co.uk/downloads/misc/kasperskylicensefinder.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect2.buckscc.gov.uk/dana-cached/sc/JuniperSetupClient.cab

FF - ProfilePath - e:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fch2670r.default\

FF - component: e:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll

FF - component: e:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - plugin: e:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: e:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: e:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: e:\program files\Virgin Broadband\advisor\nprpspa.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-05 16:24

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1960408961-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,3e,f1,a9,bd,28,40,47,b1,f1,67,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,3e,f1,a9,bd,28,40,47,b1,f1,67,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1104)

e:\windows\system32\Ati2evxx.dll

e:\program files\common files\logitech\bluetooth\LBTWlgn.dll

e:\program files\common files\logitech\bluetooth\LBTServ.dll

.

Completion time: 2010-11-05 16:25:59 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-05 16:25

ComboFix2.txt 2010-11-03 14:11

Pre-Run: 31,962,767,360 bytes free

Post-Run: 32,443,318,272 bytes free

- - End Of File - - 8957D01B6F20D284877AFBE5F1433762

Link to post
Share on other sites

TDSSkiller....

2010/11/05 16:29:36.0843 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43

2010/11/05 16:29:36.0843 ================================================================================

2010/11/05 16:29:36.0843 SystemInfo:

2010/11/05 16:29:36.0843

2010/11/05 16:29:36.0843 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/05 16:29:36.0843 Product type: Workstation

2010/11/05 16:29:36.0843 ComputerName: DARREN-DESKTOP

2010/11/05 16:29:36.0843 UserName: Administrator

2010/11/05 16:29:36.0843 Windows directory: E:\WINDOWS

2010/11/05 16:29:36.0843 System windows directory: E:\WINDOWS

2010/11/05 16:29:36.0843 Processor architecture: Intel x86

2010/11/05 16:29:36.0843 Number of processors: 4

2010/11/05 16:29:36.0843 Page size: 0x1000

2010/11/05 16:29:36.0843 Boot type: Safe boot with network

2010/11/05 16:29:36.0843 ================================================================================

2010/11/05 16:29:38.0265 Initialize success

2010/11/05 16:29:40.0015 ================================================================================

2010/11/05 16:29:40.0015 Scan started

2010/11/05 16:29:40.0015 Mode: Manual;

2010/11/05 16:29:40.0015 ================================================================================

2010/11/05 16:29:40.0812 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/05 16:29:40.0828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/11/05 16:29:40.0890 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/11/05 16:29:40.0921 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/11/05 16:29:41.0031 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/11/05 16:29:41.0109 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) E:\WINDOWS\system32\drivers\AsIO.sys

2010/11/05 16:29:41.0156 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/05 16:29:41.0171 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/05 16:29:41.0265 ati2mtag (c06659ff381423d6cb19a91c2a2f80ad) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/11/05 16:29:41.0296 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) E:\WINDOWS\system32\drivers\AtiHdmi.sys

2010/11/05 16:29:41.0328 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/05 16:29:41.0343 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/05 16:29:41.0375 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/11/05 16:29:41.0421 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/05 16:29:41.0453 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/05 16:29:41.0468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/05 16:29:41.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/05 16:29:41.0640 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/05 16:29:41.0671 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/11/05 16:29:41.0703 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/11/05 16:29:41.0718 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/11/05 16:29:41.0734 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/11/05 16:29:41.0781 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/05 16:29:41.0812 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) E:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys

2010/11/05 16:29:41.0843 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) E:\WINDOWS\system32\epmntdrv.sys

2010/11/05 16:29:41.0859 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) E:\WINDOWS\system32\EuGdiDrv.sys

2010/11/05 16:29:41.0890 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/05 16:29:41.0906 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys

2010/11/05 16:29:41.0921 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/11/05 16:29:41.0953 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/11/05 16:29:41.0968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/05 16:29:42.0015 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) E:\WINDOWS\system32\FsUsbExDisk.SYS

2010/11/05 16:29:42.0031 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/05 16:29:42.0046 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/05 16:29:42.0093 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/11/05 16:29:42.0109 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/05 16:29:42.0140 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/11/05 16:29:42.0203 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) E:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/11/05 16:29:42.0234 HPZipr12 (89f41658929393487b6b7d13c8528ce3) E:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/11/05 16:29:42.0265 HPZius12 (abcb05ccdbf03000354b9553820e39f8) E:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/11/05 16:29:42.0296 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/05 16:29:42.0343 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/05 16:29:42.0375 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/05 16:29:42.0500 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/11/05 16:29:42.0546 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/05 16:29:42.0562 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/05 16:29:42.0593 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/05 16:29:42.0609 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/05 16:29:42.0625 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/05 16:29:42.0656 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/05 16:29:42.0671 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/05 16:29:42.0703 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/05 16:29:42.0718 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/05 16:29:42.0734 kl1 (47f4320cff5bd3de472bb300a32a879e) E:\WINDOWS\system32\drivers\kl1.sys

2010/11/05 16:29:42.0781 kl2 (0e29fe31bd4c72412ad99253e71b25c1) E:\WINDOWS\system32\drivers\kl2.sys

2010/11/05 16:29:42.0796 KLIF (acfa523e62dbd4be52c8b665dd49acf3) E:\WINDOWS\system32\DRIVERS\klif.sys

2010/11/05 16:29:42.0843 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) E:\WINDOWS\system32\DRIVERS\klim5.sys

2010/11/05 16:29:42.0875 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) E:\WINDOWS\system32\DRIVERS\klmouflt.sys

2010/11/05 16:29:42.0890 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/11/05 16:29:42.0921 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/05 16:29:42.0937 L1e (93e64bab9dee162ca0ca5258d132a047) E:\WINDOWS\system32\DRIVERS\l1e51x86.sys

2010/11/05 16:29:42.0968 L8042Kbd (dc61f15187372d164769c841655e58f3) E:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

2010/11/05 16:29:42.0984 L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) E:\WINDOWS\system32\DRIVERS\L8042mou.Sys

2010/11/05 16:29:43.0062 LMouKE (58597a99792461e89bb5c44e17508d70) E:\WINDOWS\system32\DRIVERS\LMouKE.Sys

2010/11/05 16:29:43.0109 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) E:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010/11/05 16:29:43.0125 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/05 16:29:43.0156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/11/05 16:29:43.0171 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/05 16:29:43.0187 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/05 16:29:43.0218 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/05 16:29:43.0250 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/05 16:29:43.0265 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/11/05 16:29:43.0296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/05 16:29:43.0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/05 16:29:43.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/05 16:29:43.0359 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/05 16:29:43.0375 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) E:\WINDOWS\system32\DRIVERS\ASACPI.sys

2010/11/05 16:29:43.0390 mv61xx (a95fed4c2fb11c79e7ddbe2eff1919b5) E:\WINDOWS\system32\DRIVERS\mv61xx.sys

2010/11/05 16:29:43.0421 mv91xx (647ee4dc4ca56f4e3f3deec7ecfcbb7a) E:\WINDOWS\system32\DRIVERS\mv91xx.sys

2010/11/05 16:29:43.0437 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/11/05 16:29:43.0453 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/05 16:29:43.0484 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/05 16:29:43.0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/05 16:29:43.0515 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/05 16:29:43.0531 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/05 16:29:43.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/05 16:29:43.0593 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/11/05 16:29:43.0625 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/11/05 16:29:43.0656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/05 16:29:43.0671 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/11/05 16:29:43.0718 nusb3xhc (456f7262604f85746919823f592b303c) E:\WINDOWS\system32\DRIVERS\nusb3xhc.sys

2010/11/05 16:29:43.0750 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/05 16:29:43.0750 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/05 16:29:43.0765 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/11/05 16:29:43.0812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\drivers\Parport.sys

2010/11/05 16:29:43.0828 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/05 16:29:43.0843 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/05 16:29:43.0890 pccsmcfd (fd2041e9ba03db7764b2248f02475079) E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

2010/11/05 16:29:43.0906 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/05 16:29:43.0937 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/11/05 16:29:43.0968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/11/05 16:29:43.0984 pcouffin (5b6c11de7e839c05248ced8825470fef) E:\WINDOWS\system32\Drivers\pcouffin.sys

2010/11/05 16:29:44.0156 PLCNDIS5 (2aba2f545b35f9c6cc2cfc4e1d539a80) E:\PROGRA~1\PLE200\PLCNDIS5.SYS

2010/11/05 16:29:44.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/05 16:29:44.0234 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/05 16:29:44.0250 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/05 16:29:44.0265 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) E:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/11/05 16:29:44.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/05 16:29:44.0390 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/05 16:29:44.0406 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/05 16:29:44.0421 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/05 16:29:44.0437 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/05 16:29:44.0453 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/05 16:29:44.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/11/05 16:29:44.0515 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/05 16:29:44.0531 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/05 16:29:44.0609 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/05 16:29:44.0625 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/11/05 16:29:44.0640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/11/05 16:29:44.0687 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/05 16:29:44.0734 snapman (e78c98378a071ce4d48a7c514fa98fa1) E:\WINDOWS\system32\DRIVERS\snapman.sys

2010/11/05 16:29:44.0765 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/11/05 16:29:44.0796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/05 16:29:44.0843 Srv (da852e3e0bf1cea75d756f9866241e57) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/05 16:29:44.0859 sscdbus (92b69020fc480219683d429dca068d71) E:\WINDOWS\system32\DRIVERS\sscdbus.sys

2010/11/05 16:29:44.0890 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) E:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

2010/11/05 16:29:44.0906 sscdmdm (b4255635195a8413fcde7af5b7c4e382) E:\WINDOWS\system32\DRIVERS\sscdmdm.sys

2010/11/05 16:29:44.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/05 16:29:44.0953 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/11/05 16:29:45.0062 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/05 16:29:45.0093 tbhsd (c26c6dff638d9e51dc5cc60a7785d057) E:\WINDOWS\system32\drivers\tbhsd.sys

2010/11/05 16:29:45.0109 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/05 16:29:45.0140 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/05 16:29:45.0156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/05 16:29:45.0171 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/05 16:29:45.0234 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/11/05 16:29:45.0265 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/11/05 16:29:45.0328 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) E:\WINDOWS\system32\Drivers\usbaapl.sys

2010/11/05 16:29:45.0359 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/05 16:29:45.0359 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/05 16:29:45.0390 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/05 16:29:45.0406 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/05 16:29:45.0437 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/05 16:29:45.0437 usbstor (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/05 16:29:45.0468 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/11/05 16:29:45.0484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/11/05 16:29:45.0515 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/05 16:29:45.0546 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/05 16:29:45.0593 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) E:\WINDOWS\system32\Drivers\wdf01000.sys

2010/11/05 16:29:45.0625 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/05 16:29:45.0718 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/11/05 16:29:45.0750 WudfPf (6ff66513d372d479ef1810223c8d20ce) E:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/05 16:29:45.0781 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) E:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/05 16:29:46.0000 ================================================================================

2010/11/05 16:29:46.0000 Scan finished

2010/11/05 16:29:46.0000 ================================================================================

Link to post
Share on other sites

Looks like ComboFix is still finding the infection, TDSSKiller is clean.

Please do this:

Download mbr.exe to your Desktop.

http://www2.gmer.net/mbr/mbr.exe

Doubleclick mbr.exe and follow prompts.

When mbr.exe is ready, it will create a log.

Copy and paste contents of that file to your next reply.

-----------------------------------

If you're able to, update and run a quick scan with MBAM, post the log back here.

MrC

Link to post
Share on other sites

Ran MBR

but it just flashed up and went again, it created a log below, but no prompts or anything.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: SAMSUNG_HD103UJ rev.1AA01113 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

Link to post
Share on other sites

mbam log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5052

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

05/11/2010 17:18:49

mbam-log-2010-11-05 (17-18-49).txt

Scan type: Quick scan

Objects scanned: 178187

Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Please do this also:

Download and unzip Dial-a-fix to a folder:

http://djlizard.net.nyud.net:8080/software...-v0.60.0.24.zip

Double click on Dial-a-fix.exe

At the bottom of the window you'll see Policies...

Click on it and see if there's any restrictions on the system, if so...please disable them.

Also click on the hammer at the bottom and then on repair permissions and then GO

-------------------------------------

Then download FixPolicies.exe to a folder:

http://downloads.malwareremoval.com/BillCa...FixPolicies.exe

Double-click *FixPolicies*.exe.

Click the "Install" button on the bottom toolbar of the box that will open.

The program will create a new Folder called *FixPolicies*.

Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.

A black box will briefly appear and then close. You can ignore any warnings or error messages. This will enable your Control Panel and stop the Administrative warnings, at least until the malware infection resets the registry policy keys again. You can run this as many times as you like . "

--------------------------------------------------

See if you can open the task manager now, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.