Jump to content

Recommended Posts

Hello, I believe my problem could be similar to this...

http://forums.malwarebytes.org/index.php?showtopic=74170&st=20

I saw that the first step in that previous post was to run OTL and post my results...here goes....

OTL logfile created on: 5/19/2011 7:37:52 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Home\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.00 Mb Total Physical Memory | 108.00 Mb Available Physical Memory | 21.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 50.88 Gb Total Space | 25.72 Gb Free Space | 50.55% Space Free | Partition Type: NTFS

Computer Name: JERRY | User Name: Home | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 19:37:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe

PRC - [2011/05/07 13:23:40 | 000,399,736 | -H-- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2010/12/22 18:13:10 | 003,165,208 | -H-- | M] (Ant.com) -- C:\Program Files\Ant.com\IE add-on\AntMaintainer.exe

PRC - [2010/11/17 20:59:04 | 000,421,160 | -H-- | M] (Apple Inc.) -- C:\Documents and Settings\Administrator\My Documents\iTunesHelper.exe

PRC - [2010/09/16 16:04:06 | 001,164,584 | -H-- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/03/04 23:38:00 | 000,071,096 | -H-- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2009/06/07 08:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\nlssrv32.exe

PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/01/31 15:55:42 | 000,096,370 | -H-- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2006/05/17 00:15:10 | 000,071,288 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2004/11/04 16:40:26 | 000,073,728 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DNTUS26.EXE

PRC - [2003/09/24 22:01:00 | 000,135,251 | -H-- | M] (Network Associates, Inc.) -- C:\ePOAgent\UpdaterUI.exe

PRC - [2003/09/24 22:01:00 | 000,127,058 | -H-- | M] (Network Associates, Inc.) -- C:\ePOAgent\naPrdMgr.exe

PRC - [2003/09/24 22:01:00 | 000,106,586 | -H-- | M] (Network Associates, Inc.) -- C:\ePOAgent\FrameworkService.exe

PRC - [2003/08/22 03:24:08 | 000,426,098 | -H-- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe

PRC - [2003/06/13 18:52:14 | 000,114,688 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe

PRC - [2003/04/04 07:56:50 | 000,053,248 | -H-- | M] (International Business Machines Corp.) -- C:\Program Files\IBM\Director\cimom\bin\umsmppf.exe

PRC - [2003/04/04 07:56:48 | 000,114,688 | -H-- | M] () -- C:\Program Files\IBM\Director\cimom\bin\umsdisk.exe

PRC - [2003/04/04 07:56:48 | 000,110,592 | -H-- | M] (International Business Machines Corp.) -- C:\Program Files\IBM\Director\cimom\bin\umslmsensor.exe

PRC - [2003/04/04 07:56:48 | 000,073,728 | -H-- | M] () -- C:\Program Files\IBM\Director\cimom\bin\umssmart.exe

PRC - [2003/04/04 07:56:42 | 000,180,224 | -H-- | M] () -- C:\Program Files\IBM\Director\cimom\bin\PegasusProviderAdapter.exe

PRC - [2003/04/03 13:41:50 | 000,024,651 | -H-- | M] () -- C:\Program Files\IBM\Director\bin\twgperf.exe

PRC - [2003/04/03 13:39:36 | 000,192,588 | -H-- | M] () -- C:\Program Files\IBM\Director\bin\twgmonit.exe

PRC - [2003/04/03 13:38:58 | 000,159,818 | -H-- | M] (IBM Corporation) -- C:\Program Files\IBM\Director\bin\twgescli.exe

PRC - [2003/04/03 13:38:44 | 000,053,324 | -H-- | M] (IBM Corporation) -- C:\Program Files\IBM\Director\bin\twgipcsv.exe

PRC - [2003/04/03 13:38:04 | 000,221,259 | -H-- | M] (IBM Corporation) -- C:\Program Files\IBM\Director\bin\twgipc.exe

PRC - [2003/04/03 13:36:40 | 000,065,610 | -H-- | M] () -- C:\Program Files\IBM\Director\bin\mscsagt.exe

PRC - [2003/03/26 21:19:10 | 000,045,056 | -H-- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

PRC - [2003/02/26 14:08:42 | 000,045,056 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe

PRC - [2002/08/20 13:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe

========== Modules (SafeList) ==========

MOD - [2011/05/19 19:37:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe

MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2010/03/04 23:38:00 | 000,071,096 | -H-- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2009/06/07 08:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)

SRV - [2007/01/31 15:55:42 | 000,096,370 | -H-- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2004/11/04 16:40:26 | 000,073,728 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\system32\DNTUS26.EXE -- (DNTUS26)

SRV - [2003/09/24 22:01:00 | 000,106,586 | -H-- | M] (Network Associates, Inc.) [Auto | Running] -- C:\ePOAgent\FrameworkService.exe -- (McAfeeFramework)

SRV - [2003/08/22 03:24:08 | 000,426,098 | -H-- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2003/04/03 13:38:44 | 000,053,324 | -H-- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\IBM\Director\bin\twgipcsv.exe -- (TWGIPC)

SRV - [2002/12/24 14:01:22 | 000,065,536 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2002/02/04 06:20:00 | 000,053,296 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)

========== Driver Services (SafeList) ==========

DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2004/04/13 17:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)

DRV - [2003/12/03 20:19:42 | 000,330,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2003/07/01 23:17:16 | 000,323,200 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)

DRV - [2003/06/11 00:35:58 | 000,093,700 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2003/04/03 13:38:00 | 000,012,044 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\twgsysin.sys -- (TWGSYSIN)

DRV - [2003/03/22 13:30:58 | 000,219,024 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)

DRV - [2003/03/13 17:19:00 | 000,156,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWSIS.sys -- (HSFHWSIS)

DRV - [2003/03/13 17:17:00 | 000,622,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/03/13 17:15:00 | 001,106,944 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2002/12/24 19:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)

DRV - [2002/08/29 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\beep.sys -- (Beep)

DRV - [2002/08/20 15:59:32 | 000,071,961 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)

DRV - [2002/07/11 03:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2002/01/19 12:02:14 | 000,038,479 | R--- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VVRUSB.sys -- (VVRUSB)

DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)

DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)

DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2722680096-3204252031-125957058-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-2722680096-3204252031-125957058-1009\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-2722680096-3204252031-125957058-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2003/08/13 21:08:30 | 000,000,000 | -H-D | M]

FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/11/22 21:02:21 | 000,000,000 | -H-D | M]

O1 HOSTS File: ([2002/08/29 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)

O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)

O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)

O3 - HKU\S-1-5-21-2722680096-3204252031-125957058-1009\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKU\S-1-5-21-2722680096-3204252031-125957058-1009\..\Toolbar\WebBrowser: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)

O4 - HKLM..\Run: [iTunesHelper] C:\Documents and Settings\Administrator\My Documents\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\ePOAgent\UpdaterUI.exe (Network Associates, Inc.)

O4 - HKLM..\Run: [Mouse Suite 98 Daemon] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe ()

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)

O4 - HKU\S-1-5-21-2722680096-3204252031-125957058-1009..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKU\.DEFAULT..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2722680096-3204252031-125957058-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)

O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/08/12 19:12:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 19:37:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe

[2011/05/18 20:33:11 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011/05/18 20:24:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/05/18 20:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/18 20:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/05/17 23:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/05/17 23:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools

[2011/05/11 23:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\AdobeUM

[2011/05/11 21:12:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011/05/11 19:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bA10600ApCcN10600

[2011/05/11 19:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\Adobe

[2011/05/11 07:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2011/05/10 21:52:03 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Home\Desktop\mbam-setup-1.50.1.1100.exe

[2011/05/10 21:25:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\TFC.exe

[2011/05/10 21:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\tdsskiller

[2011/05/10 21:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\WinRAR

[2011/05/10 20:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\Apple

[2011/05/10 20:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\Apple Computer

[2011/05/09 18:45:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home\Recent

[2011/05/09 17:45:42 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home\Desktop\TDSSKiller.exe

[2011/05/09 17:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\My Documents\Downloads

[2011/05/07 13:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\DivX

[2011/05/07 13:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\uTorrent

[2011/05/07 13:22:35 | 000,399,736 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Home\Desktop\utorrent.exe

[2011/05/07 13:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\GRETECH

[2011/05/07 13:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Malwarebytes

[2011/05/07 13:16:34 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Home\My Documents\mbam-setup-1.50.1.1100.exe

[2011/05/07 13:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\vShare

[2011/05/07 13:09:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Home\IECompatCache

[2011/05/07 13:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\Google

[2011/05/07 13:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Google

[2011/05/07 13:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Apple Computer

[2011/05/07 13:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Real

[2011/05/07 13:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\My Documents\IBM

[2011/05/07 13:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Macromedia

[2011/05/07 13:01:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home\My Documents\My Music

[2011/05/07 13:01:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home\My Documents\My Pictures

[2011/05/07 13:01:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Home\Application Data\Microsoft

[2011/05/07 13:01:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home\Favorites

[2011/05/07 13:01:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home\Application Data

[2011/05/07 13:01:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Home\IETldCache

[2011/05/07 13:01:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Home\Cookies

[2011/05/07 13:01:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home\Application Data\Identities

[2011/05/07 13:01:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home\Desktop

[2011/05/07 13:01:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home\Desktop\cache

[2011/05/07 13:01:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\ant.com

[2011/05/07 13:01:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home\Application Data\Adobe

[2011/05/07 13:01:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home\Start Menu\Programs\Startup

[2011/05/07 13:01:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home\Start Menu

[2011/05/07 13:01:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home\SendTo

[2011/05/07 13:01:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home\My Documents

[2011/05/07 13:01:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home\Start Menu\Programs\Accessories

[2011/05/07 13:01:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Home\PrivacIE

[2011/05/07 13:01:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home\Templates

[2011/05/07 13:01:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home\PrintHood

[2011/05/07 13:01:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home\NetHood

[2011/05/07 13:01:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft

[2011/05/07 13:01:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Home\Local Settings

[2011/05/02 17:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp

========== Files - Modified Within 30 Days ==========

[2011/05/19 19:38:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/19 19:37:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe

[2011/05/19 19:27:51 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2011/05/19 17:43:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/19 17:43:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/19 17:42:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/19 17:42:46 | 534,302,720 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/18 20:25:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/05/18 20:24:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/18 20:12:37 | 004,351,251 | R--- | M] () -- C:\Documents and Settings\Home\Desktop\ComboFix.exe

[2011/05/18 19:53:46 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\RKUnhookerLE.EXE

[2011/05/18 19:52:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Home\defogger_reenable

[2011/05/18 19:52:04 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Defogger.exe

[2011/05/17 23:06:38 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\dds.scr

[2011/05/11 19:19:57 | 000,002,136 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\B206.A31

[2011/05/10 21:53:22 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\rrr7kk62.exe

[2011/05/10 21:52:18 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Home\Desktop\mbam-setup-1.50.1.1100.exe

[2011/05/10 21:26:07 | 052,676,424 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\avira_antivir_personal_en.exe

[2011/05/10 21:25:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\TFC.exe

[2011/05/10 21:12:48 | 001,280,913 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\tdsskiller.zip

[2011/05/10 07:59:06 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/09 19:13:25 | 000,540,490 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\cc_20110509_191310.reg

[2011/05/07 13:23:42 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Malarebyte's Log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6634

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

5/21/2011 1:11:32 PM

mbam-log-2011-05-21 (13-11-32).txt

Scan type: Quick scan

Objects scanned: 193522

Time elapsed: 14 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

TDDKiller Log

2011/05/21 13:18:12.0109 3032 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29

2011/05/21 13:18:13.0015 3032 ================================================================================

2011/05/21 13:18:13.0015 3032 SystemInfo:

2011/05/21 13:18:13.0015 3032

2011/05/21 13:18:13.0031 3032 OS Version: 5.1.2600 ServicePack: 2.0

2011/05/21 13:18:13.0031 3032 Product type: Workstation

2011/05/21 13:18:13.0031 3032 ComputerName: JERRY

2011/05/21 13:18:13.0031 3032 UserName: Home

2011/05/21 13:18:13.0031 3032 Windows directory: C:\WINDOWS

2011/05/21 13:18:13.0031 3032 System windows directory: C:\WINDOWS

2011/05/21 13:18:13.0031 3032 Processor architecture: Intel x86

2011/05/21 13:18:13.0031 3032 Number of processors: 1

2011/05/21 13:18:13.0031 3032 Page size: 0x1000

2011/05/21 13:18:13.0031 3032 Boot type: Normal boot

2011/05/21 13:18:13.0031 3032 ================================================================================

2011/05/21 13:18:14.0343 3032 Initialize success

2011/05/21 13:18:19.0343 0296 ================================================================================

2011/05/21 13:18:19.0343 0296 Scan started

2011/05/21 13:18:19.0343 0296 Mode: Manual;

2011/05/21 13:18:19.0343 0296 ================================================================================

2011/05/21 13:18:23.0687 0296 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/21 13:18:23.0781 0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/05/21 13:18:23.0875 0296 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2011/05/21 13:18:23.0984 0296 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2011/05/21 13:18:24.0281 0296 ApfiltrService (c804fbe1248cfb9bb19e9274ff30f7e3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/05/21 13:18:24.0390 0296 AR5211 (4c085d506129550e38fdf1611431b9ea) C:\WINDOWS\system32\DRIVERS\ar5211.sys

2011/05/21 13:18:24.0609 0296 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/05/21 13:18:24.0796 0296 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/21 13:18:24.0859 0296 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/21 13:18:24.0968 0296 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/21 13:18:25.0031 0296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/21 13:18:25.0187 0296 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys

2011/05/21 13:18:25.0265 0296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/21 13:18:25.0390 0296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/21 13:18:25.0453 0296 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/21 13:18:25.0515 0296 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/21 13:18:25.0796 0296 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/05/21 13:18:25.0906 0296 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/05/21 13:18:26.0156 0296 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/21 13:18:26.0296 0296 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/21 13:18:26.0375 0296 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2011/05/21 13:18:26.0437 0296 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/21 13:18:26.0515 0296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/21 13:18:26.0578 0296 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/21 13:18:26.0687 0296 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/21 13:18:26.0906 0296 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/21 13:18:26.0984 0296 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

2011/05/21 13:18:27.0062 0296 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/21 13:18:27.0125 0296 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/05/21 13:18:27.0203 0296 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/05/21 13:18:27.0281 0296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/21 13:18:27.0359 0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/21 13:18:27.0437 0296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/05/21 13:18:27.0484 0296 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/21 13:18:27.0625 0296 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/21 13:18:27.0828 0296 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/05/21 13:18:27.0906 0296 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/05/21 13:18:28.0062 0296 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/05/21 13:18:28.0156 0296 HSFHWSIS (4f0adfdc296815fec09d0e3400651aa4) C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys

2011/05/21 13:18:28.0468 0296 HSF_DP (a95b7c58da69abefcbb849a38ae377c4) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/05/21 13:18:28.0625 0296 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/21 13:18:28.0921 0296 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/21 13:18:29.0000 0296 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/21 13:18:29.0187 0296 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/21 13:18:29.0250 0296 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/05/21 13:18:29.0328 0296 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/21 13:18:29.0390 0296 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/21 13:18:29.0453 0296 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/21 13:18:29.0515 0296 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/21 13:18:29.0593 0296 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/21 13:18:29.0781 0296 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/21 13:18:29.0843 0296 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/05/21 13:18:29.0921 0296 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/21 13:18:30.0031 0296 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/21 13:18:30.0187 0296 LEX_AS_NIC_SERVICE_YNOS (be35e5200dbe156af2534da1eb5fd6e9) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys

2011/05/21 13:18:30.0312 0296 mdmxsdk (b72d7ea394d5f1c5053368783ad7f7ed) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/05/21 13:18:30.0453 0296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/21 13:18:30.0625 0296 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/21 13:18:30.0671 0296 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/21 13:18:30.0750 0296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/21 13:18:30.0796 0296 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/21 13:18:30.0953 0296 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/21 13:18:31.0078 0296 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/21 13:18:31.0187 0296 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/21 13:18:31.0250 0296 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/21 13:18:31.0312 0296 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/21 13:18:31.0437 0296 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/21 13:18:31.0531 0296 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/21 13:18:31.0593 0296 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/21 13:18:31.0656 0296 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/21 13:18:31.0734 0296 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/21 13:18:31.0781 0296 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/21 13:18:31.0843 0296 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/21 13:18:31.0906 0296 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/21 13:18:32.0015 0296 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/21 13:18:32.0078 0296 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/21 13:18:32.0171 0296 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/05/21 13:18:32.0343 0296 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/21 13:18:32.0468 0296 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/21 13:18:32.0578 0296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/21 13:18:32.0718 0296 nv (396463d3a74da0d5d1d8fdaefefc3b89) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/05/21 13:18:32.0843 0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/21 13:18:32.0890 0296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/21 13:18:32.0953 0296 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/05/21 13:18:33.0046 0296 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2011/05/21 13:18:33.0125 0296 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/21 13:18:33.0187 0296 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/21 13:18:33.0265 0296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/21 13:18:33.0359 0296 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/21 13:18:33.0484 0296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/21 13:18:33.0546 0296 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/05/21 13:18:33.0640 0296 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2011/05/21 13:18:34.0015 0296 PMEM (83cb6f3a4a28e90deaa78b2717c80a4e) C:\WINDOWS\System32\drivers\pmemnt.sys

2011/05/21 13:18:34.0093 0296 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/21 13:18:34.0140 0296 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/05/21 13:18:34.0250 0296 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/21 13:18:34.0296 0296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/21 13:18:34.0375 0296 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/05/21 13:18:34.0656 0296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/21 13:18:34.0750 0296 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/21 13:18:34.0828 0296 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/21 13:18:34.0906 0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/21 13:18:35.0000 0296 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/21 13:18:35.0093 0296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/21 13:18:35.0234 0296 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/21 13:18:35.0343 0296 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/21 13:18:35.0437 0296 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/21 13:18:35.0656 0296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/21 13:18:35.0765 0296 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/05/21 13:18:35.0812 0296 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/05/21 13:18:35.0921 0296 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/05/21 13:18:36.0125 0296 SISAGP (8dfbc5aa688caa1b7eebc704250fc06e) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

2011/05/21 13:18:36.0203 0296 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys

2011/05/21 13:18:36.0281 0296 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys

2011/05/21 13:18:36.0375 0296 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/05/21 13:18:36.0500 0296 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys

2011/05/21 13:18:36.0578 0296 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/21 13:18:36.0656 0296 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/21 13:18:36.0765 0296 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/21 13:18:36.0953 0296 STAC97 (2d138621d3522d38032d45c896c5209a) C:\WINDOWS\system32\drivers\STAC97.sys

2011/05/21 13:18:37.0062 0296 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys

2011/05/21 13:18:37.0140 0296 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/21 13:18:37.0218 0296 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/21 13:18:37.0484 0296 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/21 13:18:37.0609 0296 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/21 13:18:37.0718 0296 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/21 13:18:37.0812 0296 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/21 13:18:37.0859 0296 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/21 13:18:38.0078 0296 TWGSYSIN (6185bf55537937c8f5d7dc7506784f32) C:\WINDOWS\system32\drivers\TWGSYSIN.sys

2011/05/21 13:18:38.0171 0296 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/21 13:18:38.0312 0296 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/21 13:18:38.0453 0296 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/05/21 13:18:38.0546 0296 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/21 13:18:38.0656 0296 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/21 13:18:38.0765 0296 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/21 13:18:38.0828 0296 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/05/21 13:18:38.0906 0296 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/05/21 13:18:38.0984 0296 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/21 13:18:39.0031 0296 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/05/21 13:18:39.0156 0296 VolSnap (e33edbb864a22f7474d2b297e44ee0b6) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/21 13:18:39.0156 0296 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: e33edbb864a22f7474d2b297e44ee0b6, Fake md5: ee4660083deba849ff6c485d944b379b

2011/05/21 13:18:39.0171 0296 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/05/21 13:18:39.0281 0296 VVRUSB (e538948f7b7ff2e8004c7ea0c6031bb4) C:\WINDOWS\system32\DRIVERS\VVRUSB.sys

2011/05/21 13:18:39.0437 0296 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/21 13:18:39.0546 0296 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/21 13:18:39.0671 0296 winachsf (602a1608c419d1be4a52df3a2e8f4516) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/05/21 13:18:39.0859 0296 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/05/21 13:18:39.0937 0296 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/05/21 13:18:40.0062 0296 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/21 13:18:40.0156 0296 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/05/21 13:18:40.0468 0296 ================================================================================

2011/05/21 13:18:40.0468 0296 Scan finished

2011/05/21 13:18:40.0468 0296 ================================================================================

2011/05/21 13:18:40.0515 3748 Detected object count: 1

2011/05/21 13:21:12.0765 3748 VolSnap (e33edbb864a22f7474d2b297e44ee0b6) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/21 13:21:12.0765 3748 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: e33edbb864a22f7474d2b297e44ee0b6, Fake md5: ee4660083deba849ff6c485d944b379b

2011/05/21 13:21:19.0406 3748 Backup copy found, using it..

2011/05/21 13:21:19.0562 3748 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot

2011/05/21 13:21:19.0562 3748 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure

2011/05/21 13:21:42.0656 0236 Deinitialize success

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.