rmc
-
Posts
6 -
Joined
-
Last visited
-
Great. No problems with DeFogger. Thanks very much for all of your prompt help. I'll definitely implement your further suggestions.
-
Ran ComboFix. Computer appears to be working fine - online browsing is still unperturbed. ComboFix Log: ComboFix 11-01-31.02 - Robert Culik 02/01/2011 14:32:36.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1473 [GMT -5:00] Running from: c:\documents and settings\Robert Culik\Desktop\Combo-Fix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 ))))))))))))))))))))))))))))))) . 2011-02-01 17:01 . 2011-02-01 17:01 -------- d-----w- c:\program files\ESET 2011-01-26 20:07 . 2011-01-26 20:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp 2011-01-20 19:26 . 2011-01-20 19:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2011-01-14 14:57 . 2011-01-14 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-01-14 14:57 . 2011-01-14 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2011-01-14 14:57 . 2011-01-14 14:57 -------- d-----w- c:\program files\McAfee Security Scan 2011-01-14 01:53 . 2011-01-14 01:53 -------- d-----w- c:\documents and settings\Robert Culik\Application Data\Malwarebytes 2011-01-14 01:53 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-14 01:53 . 2011-01-14 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-14 01:53 . 2011-01-14 01:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-14 01:53 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-14 01:04 . 2011-01-14 01:04 -------- d-----w- C:\$AVG 2011-01-13 20:09 . 2011-01-13 20:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-01-13 20:01 . 2011-01-13 20:01 -------- d-----w- c:\documents and settings\Robert Culik\Local Settings\Application Data\Sunbelt Software 2011-01-13 20:00 . 2011-01-13 20:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-01-13 19:59 . 2011-01-13 19:59 -------- d-----w- c:\program files\Lavasoft 2011-01-13 18:49 . 2011-01-13 18:49 -------- d-----w- c:\program files\Sophos 2011-01-13 18:34 . 2011-01-14 01:42 -------- d-----w- c:\program files\RootKit Hook Analyzer 2011-01-13 18:34 . 2007-07-07 05:39 19248 ----a-w- c:\windows\system32\drivers\rspsc32.sys 2011-01-13 18:04 . 2011-01-13 18:05 -------- d-----w- C:\Combo-Fix 2011-01-13 16:54 . 2011-01-13 16:54 -------- d-----w- c:\documents and settings\Robert Culik\Application Data\AVG10 2011-01-13 16:53 . 2011-01-13 16:53 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-01-13 16:50 . 2011-01-14 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-01-13 04:14 . 2011-01-13 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-01-11 15:12 . 2011-01-20 19:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-01-05 21:21 . 2011-01-05 21:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2011-01-04 18:58 . 2011-01-04 18:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-01 19:38 . 2010-03-02 01:47 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2011-02-01 19:38 . 2010-02-16 20:28 56680 ----a-w- c:\windows\system32\rpcnet.dll 2011-01-27 14:55 . 2010-03-02 01:49 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2011-01-13 20:09 . 2010-01-13 04:16 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-12-24 04:50 . 2008-05-30 00:17 0 ----a-w- c:\documents and settings\Robert Culik\Local Settings\Application Data\WavXMapDrive.bat 2010-12-15 19:49 . 2010-12-15 19:49 388096 ----a-r- c:\documents and settings\Robert Culik\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-03 09:05 . 2010-01-13 02:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-11-14 19:50 . 2010-11-14 19:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-11-08 15:54 . 2010-11-08 15:54 57736 ----a-w- c:\windows\system32\sw2_lang.dll 2010-11-08 15:54 . 2010-11-08 15:54 535944 ----a-w- c:\windows\system32\sw2_ttls.dll 2010-11-08 15:54 . 2010-11-08 15:54 327560 ----a-w- c:\windows\system32\sw2_res_default.dll 2010-11-08 15:54 . 2010-11-08 15:54 249736 ----a-w- c:\windows\system32\sw2_ttls_manager.exe 2009-11-25 22:03 . 2009-11-25 22:03 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2011-01-13_16.40.05 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2011-02-01 19:38 . 2011-02-01 19:38 16384 c:\windows\Temp\Perflib_Perfdata_558.dat + 2008-04-28 19:13 . 2011-01-31 13:59 60446 c:\windows\system32\nvModes.dat + 2011-01-13 20:09 . 2010-12-03 09:05 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys + 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2004-08-11 22:00 . 2008-04-14 00:11 640000 c:\windows\system32\dllcache\dbghelp.dll + 2011-01-20 19:26 . 2008-09-02 11:54 185414 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat + 2011-01-13 16:50 . 2011-01-13 16:50 219648 c:\windows\Installer\9f7d5.msi + 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll + 2011-01-14 14:58 . 2011-01-14 14:58 2283008 c:\windows\Installer\66519.msi + 2011-01-13 20:00 . 2011-01-13 20:00 1867776 c:\windows\Installer\200084.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Robert Culik\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Robert Culik\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Robert Culik\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-28 68856] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568] "nwiz"="nwiz.exe" [2007-05-31 1626112] "NVHotkey"="nvHotkey.dll" [2007-05-31 67584] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-25 30192] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-09 185872] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] c:\documents and settings\Robert Culik\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Robert Culik\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-28 50688] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-8-29 66864] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-15 14:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg8wd"=2 (0x2) "avg8emc"=2 (0x2) "AVG Security Toolbar Service"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Python25\\pythonw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\Robert Culik\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\MATLAB\\R2007a Student\\bin\\win32\\MATLAB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10588:TCP"= 10588:TCP:BitComet 10588 TCP "10588:UDP"= 10588:UDP:BitComet 10588 UDP "1047:TCP"= 1047:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/12/2010 9:44 PM 64288] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/11/2004 5:00 PM 14336] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 5:00 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 12:32 PM 97536] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 12:49 PM 135664] S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2/8/2010 12:41 PM 2944] S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2/8/2010 12:41 PM 60416] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2/8/2010 12:41 PM 11008] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2/8/2010 12:41 PM 10368] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/28/2008 2:47 PM 30192] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 4:05 AM 1402272] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 4:05 AM 15264] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?] S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?] S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder 2011-01-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 20:09] 2010-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 17:49] 2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 17:49] 2011-02-01 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.dell.com mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080428 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html TCP: {9533CB62-6F00-426F-BDCF-6E22FCA46442} = 128.91.2.13,128.91.254.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Robert Culik\Application Data\Mozilla\Firefox\Profiles\36loj5g9.default\ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d2f2df5&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-01 14:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\4.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-669542079-3211721784-3900705651-1005\Software\SecuROM\License information*] "datasecu"=hex:af,44,b8,75,29,91,86,fa,0c,88,41,db,7c,66,ac,6f,05,32,13,14,a9, 26,9a,56,48,2a,e4,a4,53,3c,ee,aa,41,56,ff,e1,25,df,f2,d5,0b,8c,a1,7e,28,2b,\ "rkeysecu"=hex:b6,fb,41,65,86,2a,17,f0,f9,d2,57,cd,d0,46,53,10 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(708) c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(7416) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\documents and settings\Robert Culik\Application Data\Dropbox\bin\DropboxExt.13.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\SCardSvr.exe c:\windows\system32\rundll32.exe c:\program files\Apoint\ApMsgFwd.exe c:\program files\Skype\Phone\Skype.exe c:\program files\Apoint\HidFind.exe c:\program files\Apoint\Apntex.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\rpcnet.exe c:\windows\system32\StacSV.exe c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\logitech\quickcam\lu\lulnchr.exe c:\program files\logitech\quickcam\lu\LogitechUpdate.exe . ************************************************************************** . Completion time: 2011-02-01 14:43:51 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-01 19:43 ComboFix2.txt 2011-01-17 17:34 ComboFix3.txt 2011-01-14 01:41 ComboFix4.txt 2011-01-13 18:27 ComboFix5.txt 2011-02-01 19:31 Pre-Run: 18,038,218,752 bytes free Post-Run: 18,159,632,384 bytes free - - End Of File - - 5D45B088F66F39B66FDF9E3995B479A1
-
ESET Log results are the following: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=3f5e8d8892fac440995710b541d970ef # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-02-01 05:56:03 # local_time=2011-02-01 12:56:03 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 3219479 3219479 0 0 # compatibility_mode=1024 16777215 100 0 694330 694330 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=147642 # found=0 # cleaned=0 # scan_time=2894
-
It found nothing. I'll post the second log file for completeness. 2011/02/01 11:53:19.0875 3876 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03 2011/02/01 11:53:19.0937 3876 ================================================================================ 2011/02/01 11:53:19.0937 3876 SystemInfo: 2011/02/01 11:53:19.0937 3876 2011/02/01 11:53:19.0937 3876 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/01 11:53:19.0937 3876 Product type: Workstation 2011/02/01 11:53:19.0937 3876 ComputerName: ZEROZEROONE 2011/02/01 11:53:19.0937 3876 UserName: Robert Culik 2011/02/01 11:53:19.0937 3876 Windows directory: C:\WINDOWS 2011/02/01 11:53:19.0937 3876 System windows directory: C:\WINDOWS 2011/02/01 11:53:19.0937 3876 Processor architecture: Intel x86 2011/02/01 11:53:19.0937 3876 Number of processors: 2 2011/02/01 11:53:19.0937 3876 Page size: 0x1000 2011/02/01 11:53:19.0937 3876 Boot type: Normal boot 2011/02/01 11:53:19.0937 3876 ================================================================================ 2011/02/01 11:53:20.0109 3876 Initialize success 2011/02/01 11:53:23.0390 3168 ================================================================================ 2011/02/01 11:53:23.0390 3168 Scan started 2011/02/01 11:53:23.0390 3168 Mode: Manual; 2011/02/01 11:53:23.0390 3168 ================================================================================ 2011/02/01 11:53:24.0156 3168 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/02/01 11:53:24.0187 3168 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/01 11:53:24.0234 3168 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/01 11:53:24.0265 3168 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/02/01 11:53:24.0296 3168 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/01 11:53:24.0312 3168 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/01 11:53:24.0343 3168 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/02/01 11:53:24.0359 3168 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/02/01 11:53:24.0375 3168 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/02/01 11:53:24.0390 3168 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/02/01 11:53:24.0406 3168 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/02/01 11:53:24.0500 3168 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/02/01 11:53:24.0515 3168 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/02/01 11:53:24.0546 3168 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/02/01 11:53:24.0562 3168 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/02/01 11:53:24.0593 3168 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/02/01 11:53:24.0625 3168 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 2011/02/01 11:53:24.0671 3168 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/02/01 11:53:24.0687 3168 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/02/01 11:53:24.0703 3168 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/02/01 11:53:24.0734 3168 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/02/01 11:53:24.0765 3168 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/01 11:53:24.0781 3168 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/01 11:53:24.0812 3168 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/01 11:53:24.0875 3168 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/01 11:53:24.0890 3168 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/02/01 11:53:24.0953 3168 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 2011/02/01 11:53:25.0093 3168 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2011/02/01 11:53:25.0312 3168 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/01 11:53:25.0343 3168 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys 2011/02/01 11:53:25.0375 3168 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys 2011/02/01 11:53:25.0421 3168 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys 2011/02/01 11:53:25.0437 3168 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys 2011/02/01 11:53:25.0515 3168 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/02/01 11:53:25.0515 3168 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/01 11:53:25.0562 3168 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/02/01 11:53:25.0578 3168 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/02/01 11:53:25.0593 3168 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/01 11:53:25.0625 3168 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/01 11:53:25.0656 3168 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/01 11:53:25.0687 3168 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/02/01 11:53:25.0718 3168 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/02/01 11:53:25.0750 3168 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/02/01 11:53:25.0765 3168 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/02/01 11:53:25.0796 3168 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/02/01 11:53:25.0812 3168 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/02/01 11:53:25.0828 3168 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/01 11:53:25.0875 3168 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS 2011/02/01 11:53:25.0937 3168 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/02/01 11:53:25.0953 3168 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/02/01 11:53:25.0953 3168 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS 2011/02/01 11:53:25.0968 3168 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/02/01 11:53:26.0000 3168 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/02/01 11:53:26.0000 3168 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/02/01 11:53:26.0015 3168 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 2011/02/01 11:53:26.0031 3168 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/02/01 11:53:26.0046 3168 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/02/01 11:53:26.0109 3168 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/01 11:53:26.0171 3168 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/01 11:53:26.0187 3168 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/01 11:53:26.0203 3168 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/01 11:53:26.0250 3168 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/02/01 11:53:26.0281 3168 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/01 11:53:26.0328 3168 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/02/01 11:53:26.0343 3168 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/02/01 11:53:26.0375 3168 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys 2011/02/01 11:53:26.0390 3168 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/02/01 11:53:26.0421 3168 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/01 11:53:26.0468 3168 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/02/01 11:53:26.0484 3168 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/01 11:53:26.0515 3168 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/02/01 11:53:26.0562 3168 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/02/01 11:53:26.0578 3168 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/01 11:53:26.0593 3168 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/01 11:53:26.0625 3168 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/02/01 11:53:26.0656 3168 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/01 11:53:26.0703 3168 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys 2011/02/01 11:53:26.0734 3168 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/02/01 11:53:26.0750 3168 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/01 11:53:26.0796 3168 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/02/01 11:53:26.0843 3168 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/02/01 11:53:26.0890 3168 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/02/01 11:53:26.0937 3168 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/01 11:53:26.0984 3168 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/02/01 11:53:27.0031 3168 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/02/01 11:53:27.0062 3168 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/01 11:53:27.0109 3168 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/01 11:53:27.0140 3168 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/02/01 11:53:27.0156 3168 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/02/01 11:53:27.0171 3168 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/02/01 11:53:27.0203 3168 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/02/01 11:53:27.0218 3168 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/01 11:53:27.0250 3168 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/01 11:53:27.0265 3168 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/01 11:53:27.0296 3168 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/01 11:53:27.0328 3168 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/01 11:53:27.0359 3168 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/01 11:53:27.0390 3168 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/01 11:53:27.0421 3168 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/01 11:53:27.0468 3168 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/01 11:53:27.0562 3168 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2011/02/01 11:53:27.0593 3168 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/02/01 11:53:27.0656 3168 LVcKap (9ce361764c5dd5fa5506510fe5d2297b) C:\WINDOWS\system32\DRIVERS\LVcKap.sys 2011/02/01 11:53:27.0734 3168 LVPr2Mon (94d03b31f36bb362fa5713470fcf1c79) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 2011/02/01 11:53:27.0796 3168 LVRS (a198cd8a1c813d9ceba29a29d45fc94c) C:\WINDOWS\system32\DRIVERS\lvrs.sys 2011/02/01 11:53:27.0828 3168 LVUSBSta (8b79a50360fc31df6b7b979b686b4aa2) C:\WINDOWS\system32\drivers\LVUSBSta.sys 2011/02/01 11:53:27.0875 3168 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/02/01 11:53:27.0937 3168 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys 2011/02/01 11:53:27.0937 3168 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/01 11:53:27.0968 3168 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/01 11:53:28.0000 3168 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/01 11:53:28.0031 3168 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/01 11:53:28.0062 3168 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/01 11:53:28.0093 3168 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/02/01 11:53:28.0125 3168 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/01 11:53:28.0156 3168 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/01 11:53:28.0171 3168 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/01 11:53:28.0203 3168 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/01 11:53:28.0250 3168 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/01 11:53:28.0296 3168 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/01 11:53:28.0328 3168 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/01 11:53:28.0343 3168 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/02/01 11:53:28.0375 3168 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/01 11:53:28.0421 3168 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/02/01 11:53:28.0453 3168 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/01 11:53:28.0484 3168 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/02/01 11:53:28.0515 3168 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/01 11:53:28.0531 3168 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/01 11:53:28.0546 3168 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/01 11:53:28.0562 3168 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/01 11:53:28.0578 3168 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/01 11:53:28.0609 3168 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/01 11:53:28.0656 3168 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/02/01 11:53:28.0671 3168 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/01 11:53:28.0703 3168 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/01 11:53:28.0765 3168 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/01 11:53:28.0937 3168 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/01 11:53:29.0109 3168 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/01 11:53:29.0125 3168 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/01 11:53:29.0156 3168 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/02/01 11:53:29.0203 3168 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/01 11:53:29.0234 3168 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/01 11:53:29.0265 3168 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/01 11:53:29.0265 3168 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys 2011/02/01 11:53:29.0296 3168 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/01 11:53:29.0328 3168 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/01 11:53:29.0343 3168 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/02/01 11:53:29.0421 3168 pepifilter (b071495101df7dd946cc6850f0203c8a) C:\WINDOWS\system32\DRIVERS\lv302af.sys 2011/02/01 11:53:29.0453 3168 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/02/01 11:53:29.0484 3168 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/02/01 11:53:29.0687 3168 PID_PEPI (39c3cdf1f845e8cc14331bbd3799c7cb) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS 2011/02/01 11:53:29.0765 3168 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/01 11:53:29.0781 3168 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/01 11:53:29.0796 3168 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/01 11:53:29.0828 3168 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/02/01 11:53:29.0843 3168 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/02/01 11:53:29.0859 3168 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/02/01 11:53:29.0875 3168 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/02/01 11:53:29.0921 3168 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/02/01 11:53:29.0937 3168 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/02/01 11:53:30.0000 3168 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/01 11:53:30.0031 3168 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/01 11:53:30.0046 3168 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/01 11:53:30.0062 3168 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/01 11:53:30.0093 3168 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/01 11:53:30.0109 3168 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/01 11:53:30.0125 3168 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/01 11:53:30.0156 3168 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/01 11:53:30.0187 3168 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/01 11:53:30.0250 3168 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/01 11:53:30.0281 3168 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/01 11:53:30.0312 3168 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/01 11:53:30.0328 3168 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/01 11:53:30.0390 3168 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/02/01 11:53:30.0421 3168 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/02/01 11:53:30.0500 3168 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/02/01 11:53:30.0500 3168 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/01 11:53:30.0531 3168 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/01 11:53:30.0578 3168 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/01 11:53:30.0640 3168 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 2011/02/01 11:53:30.0687 3168 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/02/01 11:53:30.0718 3168 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/01 11:53:30.0750 3168 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/01 11:53:30.0781 3168 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/02/01 11:53:30.0828 3168 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/02/01 11:53:30.0875 3168 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/02/01 11:53:30.0890 3168 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/02/01 11:53:30.0890 3168 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/01 11:53:30.0937 3168 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/01 11:53:30.0968 3168 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/01 11:53:31.0000 3168 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/01 11:53:31.0015 3168 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/01 11:53:31.0031 3168 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/02/01 11:53:31.0062 3168 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/01 11:53:31.0093 3168 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/02/01 11:53:31.0140 3168 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/01 11:53:31.0203 3168 USBAAPL (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/02/01 11:53:31.0234 3168 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/02/01 11:53:31.0281 3168 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/01 11:53:31.0328 3168 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/01 11:53:31.0343 3168 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/01 11:53:31.0359 3168 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/01 11:53:31.0375 3168 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/01 11:53:31.0390 3168 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/01 11:53:31.0437 3168 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/01 11:53:31.0468 3168 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/02/01 11:53:31.0484 3168 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/02/01 11:53:31.0500 3168 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/01 11:53:31.0546 3168 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/01 11:53:31.0578 3168 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys 2011/02/01 11:53:31.0625 3168 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 2011/02/01 11:53:31.0656 3168 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/01 11:53:31.0718 3168 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/02/01 11:53:31.0765 3168 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/02/01 11:53:31.0812 3168 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/02/01 11:53:32.0140 3168 ================================================================================ 2011/02/01 11:53:32.0140 3168 Scan finished 2011/02/01 11:53:32.0140 3168 ================================================================================
-
Thank you for the quick reply. It found and cured rootkit activity, and after the reboot, while maybe a slight bit more sluggish than usual, web browsing can be done without redirection or popups. The TDSSKiller Log: 2011/02/01 11:39:01.0640 2464 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03 2011/02/01 11:39:01.0687 2464 ================================================================================ 2011/02/01 11:39:01.0687 2464 SystemInfo: 2011/02/01 11:39:01.0687 2464 2011/02/01 11:39:01.0687 2464 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/01 11:39:01.0687 2464 Product type: Workstation 2011/02/01 11:39:01.0687 2464 ComputerName: ZEROZEROONE 2011/02/01 11:39:01.0687 2464 UserName: Robert Culik 2011/02/01 11:39:01.0687 2464 Windows directory: C:\WINDOWS 2011/02/01 11:39:01.0687 2464 System windows directory: C:\WINDOWS 2011/02/01 11:39:01.0687 2464 Processor architecture: Intel x86 2011/02/01 11:39:01.0687 2464 Number of processors: 2 2011/02/01 11:39:01.0687 2464 Page size: 0x1000 2011/02/01 11:39:01.0687 2464 Boot type: Normal boot 2011/02/01 11:39:01.0687 2464 ================================================================================ 2011/02/01 11:39:01.0906 2464 Initialize success 2011/02/01 11:39:20.0109 2836 ================================================================================ 2011/02/01 11:39:20.0109 2836 Scan started 2011/02/01 11:39:20.0109 2836 Mode: Manual; 2011/02/01 11:39:20.0109 2836 ================================================================================ 2011/02/01 11:39:20.0671 2836 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/02/01 11:39:20.0718 2836 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/01 11:39:20.0750 2836 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/01 11:39:20.0796 2836 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/02/01 11:39:20.0828 2836 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/01 11:39:20.0859 2836 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/01 11:39:20.0890 2836 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/02/01 11:39:20.0906 2836 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/02/01 11:39:20.0921 2836 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/02/01 11:39:20.0937 2836 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/02/01 11:39:20.0968 2836 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/02/01 11:39:21.0046 2836 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/02/01 11:39:21.0062 2836 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/02/01 11:39:21.0093 2836 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/02/01 11:39:21.0140 2836 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/02/01 11:39:21.0156 2836 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/02/01 11:39:21.0187 2836 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 2011/02/01 11:39:21.0234 2836 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/02/01 11:39:21.0250 2836 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/02/01 11:39:21.0265 2836 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/02/01 11:39:21.0281 2836 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/02/01 11:39:21.0328 2836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/01 11:39:21.0343 2836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/01 11:39:21.0421 2836 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/01 11:39:21.0437 2836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/01 11:39:21.0468 2836 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/02/01 11:39:21.0515 2836 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 2011/02/01 11:39:21.0562 2836 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2011/02/01 11:39:21.0625 2836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/01 11:39:21.0671 2836 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys 2011/02/01 11:39:21.0703 2836 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys 2011/02/01 11:39:21.0750 2836 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys 2011/02/01 11:39:21.0781 2836 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys 2011/02/01 11:39:21.0828 2836 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/02/01 11:39:21.0843 2836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/01 11:39:21.0875 2836 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/02/01 11:39:21.0906 2836 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/02/01 11:39:21.0921 2836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/01 11:39:21.0953 2836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/01 11:39:21.0984 2836 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/01 11:39:22.0015 2836 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/02/01 11:39:22.0031 2836 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/02/01 11:39:22.0046 2836 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/02/01 11:39:22.0078 2836 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/02/01 11:39:22.0093 2836 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/02/01 11:39:22.0140 2836 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/02/01 11:39:22.0171 2836 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/01 11:39:22.0203 2836 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS 2011/02/01 11:39:22.0234 2836 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/02/01 11:39:22.0265 2836 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/02/01 11:39:22.0281 2836 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS 2011/02/01 11:39:22.0296 2836 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/02/01 11:39:22.0312 2836 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/02/01 11:39:22.0328 2836 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/02/01 11:39:22.0328 2836 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 2011/02/01 11:39:22.0359 2836 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/02/01 11:39:22.0375 2836 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/02/01 11:39:22.0437 2836 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/01 11:39:22.0500 2836 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/01 11:39:22.0531 2836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/01 11:39:22.0546 2836 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/01 11:39:22.0593 2836 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/02/01 11:39:22.0625 2836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/01 11:39:22.0640 2836 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/02/01 11:39:22.0656 2836 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/02/01 11:39:22.0687 2836 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys 2011/02/01 11:39:22.0718 2836 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/02/01 11:39:22.0750 2836 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/01 11:39:22.0781 2836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/02/01 11:39:22.0812 2836 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/01 11:39:22.0828 2836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/02/01 11:39:22.0843 2836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/02/01 11:39:22.0875 2836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/01 11:39:22.0921 2836 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/01 11:39:22.0953 2836 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/02/01 11:39:23.0000 2836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/01 11:39:23.0046 2836 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys 2011/02/01 11:39:23.0062 2836 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/02/01 11:39:23.0093 2836 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/01 11:39:23.0125 2836 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/02/01 11:39:23.0203 2836 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/02/01 11:39:23.0234 2836 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/02/01 11:39:23.0312 2836 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/01 11:39:23.0343 2836 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/02/01 11:39:23.0390 2836 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/02/01 11:39:23.0453 2836 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/01 11:39:23.0468 2836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/01 11:39:23.0515 2836 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/02/01 11:39:23.0546 2836 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/02/01 11:39:23.0562 2836 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/02/01 11:39:23.0593 2836 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/02/01 11:39:23.0609 2836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/01 11:39:23.0640 2836 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/01 11:39:23.0656 2836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/01 11:39:23.0703 2836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/01 11:39:23.0765 2836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/01 11:39:23.0812 2836 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/01 11:39:23.0828 2836 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/01 11:39:23.0843 2836 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/01 11:39:23.0890 2836 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/01 11:39:23.0984 2836 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2011/02/01 11:39:23.0984 2836 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/02/01 11:39:24.0062 2836 LVcKap (9ce361764c5dd5fa5506510fe5d2297b) C:\WINDOWS\system32\DRIVERS\LVcKap.sys 2011/02/01 11:39:24.0125 2836 LVPr2Mon (94d03b31f36bb362fa5713470fcf1c79) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 2011/02/01 11:39:24.0218 2836 LVRS (a198cd8a1c813d9ceba29a29d45fc94c) C:\WINDOWS\system32\DRIVERS\lvrs.sys 2011/02/01 11:39:24.0296 2836 LVUSBSta (8b79a50360fc31df6b7b979b686b4aa2) C:\WINDOWS\system32\drivers\LVUSBSta.sys 2011/02/01 11:39:24.0343 2836 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/02/01 11:39:24.0390 2836 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys 2011/02/01 11:39:24.0421 2836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/01 11:39:24.0437 2836 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/01 11:39:24.0453 2836 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/01 11:39:24.0500 2836 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/01 11:39:24.0515 2836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/01 11:39:24.0546 2836 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/02/01 11:39:24.0562 2836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/01 11:39:24.0593 2836 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/01 11:39:24.0640 2836 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/01 11:39:24.0671 2836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/01 11:39:24.0687 2836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/01 11:39:24.0750 2836 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/01 11:39:24.0796 2836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/01 11:39:24.0828 2836 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/02/01 11:39:24.0859 2836 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/01 11:39:24.0890 2836 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/02/01 11:39:24.0921 2836 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/01 11:39:24.0968 2836 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/02/01 11:39:24.0984 2836 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/01 11:39:25.0000 2836 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/01 11:39:25.0031 2836 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/01 11:39:25.0046 2836 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/01 11:39:25.0062 2836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/01 11:39:25.0078 2836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/01 11:39:25.0140 2836 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/02/01 11:39:25.0187 2836 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/01 11:39:25.0250 2836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/01 11:39:25.0281 2836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/01 11:39:25.0437 2836 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/01 11:39:25.0593 2836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/01 11:39:25.0609 2836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/01 11:39:25.0640 2836 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/02/01 11:39:25.0687 2836 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/01 11:39:25.0734 2836 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/01 11:39:25.0750 2836 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/01 11:39:25.0765 2836 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys 2011/02/01 11:39:25.0781 2836 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/01 11:39:25.0828 2836 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/01 11:39:25.0828 2836 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/02/01 11:39:25.0906 2836 pepifilter (b071495101df7dd946cc6850f0203c8a) C:\WINDOWS\system32\DRIVERS\lv302af.sys 2011/02/01 11:39:25.0953 2836 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/02/01 11:39:25.0968 2836 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/02/01 11:39:26.0109 2836 PID_PEPI (39c3cdf1f845e8cc14331bbd3799c7cb) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS 2011/02/01 11:39:26.0265 2836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/01 11:39:26.0281 2836 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/01 11:39:26.0296 2836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/01 11:39:26.0328 2836 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/02/01 11:39:26.0343 2836 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/02/01 11:39:26.0359 2836 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/02/01 11:39:26.0375 2836 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/02/01 11:39:26.0421 2836 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/02/01 11:39:26.0437 2836 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/02/01 11:39:26.0468 2836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/01 11:39:26.0484 2836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/01 11:39:26.0500 2836 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/01 11:39:26.0531 2836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/01 11:39:26.0546 2836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/01 11:39:26.0562 2836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/01 11:39:26.0578 2836 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/01 11:39:26.0656 2836 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/01 11:39:26.0671 2836 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/01 11:39:26.0734 2836 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/01 11:39:26.0781 2836 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/01 11:39:26.0812 2836 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/01 11:39:26.0828 2836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/01 11:39:26.0875 2836 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/02/01 11:39:26.0906 2836 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/02/01 11:39:26.0937 2836 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/02/01 11:39:26.0968 2836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/01 11:39:27.0015 2836 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/01 11:39:27.0046 2836 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/01 11:39:27.0125 2836 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 2011/02/01 11:39:27.0203 2836 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/02/01 11:39:27.0234 2836 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/01 11:39:27.0281 2836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/01 11:39:27.0312 2836 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/02/01 11:39:27.0343 2836 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/02/01 11:39:27.0375 2836 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/02/01 11:39:27.0406 2836 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/02/01 11:39:27.0421 2836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/01 11:39:27.0468 2836 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/01 11:39:27.0500 2836 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/01 11:39:27.0515 2836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/01 11:39:27.0546 2836 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/01 11:39:27.0562 2836 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/02/01 11:39:27.0593 2836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/01 11:39:27.0640 2836 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/02/01 11:39:27.0687 2836 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/01 11:39:27.0734 2836 USBAAPL (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/02/01 11:39:27.0765 2836 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/02/01 11:39:27.0812 2836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/01 11:39:27.0843 2836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/01 11:39:27.0875 2836 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/01 11:39:27.0890 2836 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/01 11:39:27.0906 2836 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/01 11:39:27.0921 2836 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/01 11:39:27.0968 2836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/01 11:39:27.0984 2836 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/02/01 11:39:28.0015 2836 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/02/01 11:39:28.0046 2836 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/01 11:39:28.0093 2836 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/01 11:39:28.0125 2836 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys 2011/02/01 11:39:28.0156 2836 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 2011/02/01 11:39:28.0187 2836 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/01 11:39:28.0250 2836 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/02/01 11:39:28.0359 2836 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/02/01 11:39:28.0406 2836 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/02/01 11:39:28.0437 2836 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/01 11:39:28.0437 2836 ================================================================================ 2011/02/01 11:39:28.0437 2836 Scan finished 2011/02/01 11:39:28.0437 2836 ================================================================================ 2011/02/01 11:39:28.0453 1236 Detected object count: 1 2011/02/01 11:39:45.0000 1236 \HardDisk0 - will be cured after reboot 2011/02/01 11:39:45.0000 1236 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/01 11:40:11.0843 2992 Deinitialize success Thanks again.
-
Hi, I recently got a nasty browser hijack + some. Tried some simple fixes, but this thing is dug in deep. Posting mbam and dds logs, with ark.txt and attach.txt attached. MBAM Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5651 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 1/31/2011 10:26:25 PM mbam-log-2011-01-31 (22-26-25).txt Scan type: Quick scan Objects scanned: 172569 Time elapsed: 8 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS DDS (Ver_10-12-12.02) - NTFSx86 Run by Robert Culik at 22:38:09.62 on Mon 01/31/2011 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1361 [GMT -5:00] AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Documents and Settings\Robert Culik\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k Akamai C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\rpcnet.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\logitech\quickcam\lu\lulnchr.exe c:\program files\logitech\quickcam\lu\LogitechUpdate.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Robert Culik\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://www.dell.com mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080428 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u StartupFolder: c:\docume~1\robert~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\robert culik\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab TCP: {9533CB62-6F00-426F-BDCF-6E22FCA46442} = 128.91.2.13,128.91.254.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\robert~1\applic~1\mozilla\firefox\profiles\36loj5g9.default\ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d2f2df5&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-12 64288] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-11 14336] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664] S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2010-2-8 2944] S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2010-2-8 60416] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2010-2-8 11008] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2010-2-8 10368] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-28 30192] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1402272] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?] S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?] S4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?] =============== Created Last 30 ================ 2011-01-14 14:57:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan 2011-01-14 14:57:12 -------- d-----w- c:\program files\McAfee Security Scan 2011-01-14 01:53:26 -------- d-----w- c:\docume~1\robert~1\applic~1\Malwarebytes 2011-01-14 01:53:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-14 01:53:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-14 01:53:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-14 01:53:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-14 01:04:46 -------- d-----w- C:\$AVG 2011-01-13 20:09:40 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-01-13 20:01:07 -------- d-----w- c:\docume~1\robert~1\locals~1\applic~1\Sunbelt Software 2011-01-13 20:00:08 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-01-13 19:59:47 -------- d-----w- c:\program files\Lavasoft 2011-01-13 18:49:32 -------- d-----w- c:\program files\Sophos 2011-01-13 18:34:50 19248 ----a-w- c:\windows\system32\drivers\rspsc32.sys 2011-01-13 18:34:50 -------- d-----w- c:\program files\RootKit Hook Analyzer 2011-01-13 18:07:56 -------- d-sha-r- C:\cmdcons 2011-01-13 18:04:44 -------- d-----w- C:\Combo-Fix 2011-01-13 16:54:30 -------- d-----w- c:\docume~1\robert~1\applic~1\AVG10 2011-01-13 16:53:18 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files 2011-01-13 16:50:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-13 16:17:58 98816 ----a-w- c:\windows\sed.exe 2011-01-13 16:17:58 89088 ----a-w- c:\windows\MBR.exe 2011-01-13 16:17:58 256512 ----a-w- c:\windows\PEV.exe 2011-01-13 16:17:58 161792 ----a-w- c:\windows\SWREG.exe 2011-01-13 04:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData 2011-01-13 02:51:35 -------- d-----w- c:\windows\pss ==================== Find3M ==================== 2011-02-01 03:32:13 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2011-02-01 03:32:11 56680 ----a-w- c:\windows\system32\rpcnet.dll 2011-01-27 14:55:46 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2011-01-13 20:09:35 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-11-14 19:50:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-11-08 15:54:38 57736 ----a-w- c:\windows\system32\sw2_lang.dll 2010-11-08 15:54:38 535944 ----a-w- c:\windows\system32\sw2_ttls.dll 2010-11-08 15:54:38 327560 ----a-w- c:\windows\system32\sw2_res_default.dll 2010-11-08 15:54:38 249736 ----a-w- c:\windows\system32\sw2_ttls_manager.exe =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: TOSHIBA_MK8051GSY rev.LD201D -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A7BC555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a7c27b0]; MOV EAX, [0x8a7c282c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A7CAAB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A789F18] \Driver\atapi[0x8A843E20] -> IRP_MJ_CREATE -> 0x8A7BC555 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskTOSHIBA_MK8051GSY_______________________LD201D__#5&16482f9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x8A7BC39B user & kernel MBR OK copy of MBR has been found in sector 61 ! copy of MBR has been found in sector 62 ! Warning: possible TDL3 rootkit infection ! ============= FINISH: 22:39:03.82 =============== Thanks very much for all of your help in advance. ark.zip