E5SargeUSMC

ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=e63382177a7ac04cb3021fe419afd2bf # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2012-02-17 01:53:36 # local_time=2012-02-17 08:53:36 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776533 42 87 0 25416981 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=19440 # found=0 # cleaned=0 # scan_time=1110 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=e63382177a7ac04cb3021fe419afd2bf # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2012-02-20 05:37:44 # local_time=2012-02-20 12:37:44 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776533 42 87 0 25679830 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=98971 # found=7 # cleaned=7 # scan_time=10910 C:\TDSSKiller_Quarantine\16.02.2012_11.32.43\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) F233AEABECAFAB7FB66CF7DEE832A6A1 C C:\TDSSKiller_Quarantine\16.02.2012_11.32.43\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 68ECB6572A9AF156F996A1735C1933EE C C:\TDSSKiller_Quarantine\16.02.2012_11.32.43\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AE trojan (cleaned by deleting - quarantined) B997881C1BBBDEFD15C2DAE05D5B4ADE C C:\TDSSKiller_Quarantine\17.02.2012_08.54.20\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) F233AEABECAFAB7FB66CF7DEE832A6A1 C C:\TDSSKiller_Quarantine\17.02.2012_08.54.20\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 68ECB6572A9AF156F996A1735C1933EE C C:\TDSSKiller_Quarantine\17.02.2012_08.54.20\tdlfs0000\tsk0004.dta Win64/Olmarik.AE trojan (cleaned by deleting - quarantined) B997881C1BBBDEFD15C2DAE05D5B4ADE C E:\Installers\Hardware Applications & Drivers\Micro Innovations USB to serial\setup_643627.exe Win32/Toolbar.Zugo application (deleted - quarantined) 3DD9CF70B23F4A6FEFB79665A07EAF81 C and... Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.17.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: REPAIR-SHOP1 [administrator] Protection: Enabled 2/17/2012 8:08:59 AM mbam-log-2012-02-17 (08-08-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 171523 Time elapsed: 11 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

response: 11:32:42.0654 4316 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14 11:32:43.0815 4316 ============================================================ 11:32:43.0815 4316 Current date / time: 2012/02/16 11:32:43.0815 11:32:43.0815 4316 SystemInfo: 11:32:43.0815 4316 11:32:43.0815 4316 OS Version: 5.1.2600 ServicePack: 3.0 11:32:43.0815 4316 Product type: Workstation 11:32:43.0815 4316 ComputerName: REPAIR-SHOP1 11:32:43.0815 4316 UserName: Owner 11:32:43.0815 4316 Windows directory: C:\WINDOWS 11:32:43.0815 4316 System windows directory: C:\WINDOWS 11:32:43.0815 4316 Processor architecture: Intel x86 11:32:43.0815 4316 Number of processors: 1 11:32:43.0815 4316 Page size: 0x1000 11:32:43.0815 4316 Boot type: Normal boot 11:32:43.0815 4316 ============================================================ 11:32:50.0595 4316 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 11:32:50.0615 4316 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 11:32:50.0625 4316 Drive \Device\Harddisk2\DR8 - Size: 0x1DF3FFE00 (7.49 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 11:32:50.0625 4316 \Device\Harddisk0\DR0: 11:32:50.0625 4316 MBR used 11:32:50.0625 4316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC 11:32:50.0645 4316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x4B3D830 11:32:50.0645 4316 \Device\Harddisk1\DR1: 11:32:50.0645 4316 MBR used 11:32:50.0645 4316 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC 11:32:50.0645 4316 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x4E1EE2B, BlocksNum 0x46EF696 11:32:50.0645 4316 \Device\Harddisk2\DR8: 11:32:50.0645 4316 MBR used 11:32:50.0836 4316 Initialize success 11:32:50.0836 4316 ============================================================ 11:33:15.0521 4328 ============================================================ 11:33:15.0521 4328 Scan started 11:33:15.0521 4328 Mode: Manual; SigCheck; TDLFS; 11:33:15.0521 4328 ============================================================ 11:33:16.0623 4328 Abiosdsk - ok 11:33:16.0793 4328 abp480n5 - ok 11:33:17.0063 4328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 11:33:22.0872 4328 ACPI - ok 11:33:23.0102 4328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 11:33:23.0723 4328 ACPIEC - ok 11:33:23.0913 4328 adpu160m - ok 11:33:24.0143 4328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 11:33:25.0005 4328 aec - ok 11:33:25.0225 4328 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 11:33:25.0495 4328 AFD - ok 11:33:25.0676 4328 Aha154x - ok 11:33:25.0796 4328 aic78u2 - ok 11:33:25.0956 4328 aic78xx - ok 11:33:26.0166 4328 AliIde - ok 11:33:26.0307 4328 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys 11:33:26.0727 4328 AmdK7 - ok 11:33:26.0907 4328 Amps2prt (1eb5ab76ce70e2f640a2c63438477674) C:\WINDOWS\system32\DRIVERS\Amps2prt.sys 11:33:27.0078 4328 Amps2prt ( UnsignedFile.Multi.Generic ) - warning 11:33:27.0078 4328 Amps2prt - detected UnsignedFile.Multi.Generic (1) 11:33:27.0268 4328 amsint - ok 11:33:27.0418 4328 asc - ok 11:33:27.0548 4328 asc3350p - ok 11:33:27.0729 4328 asc3550 - ok 11:33:28.0009 4328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 11:33:28.0400 4328 AsyncMac - ok 11:33:28.0630 4328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 11:33:29.0101 4328 atapi - ok 11:33:29.0241 4328 Atdisk - ok 11:33:29.0481 4328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 11:33:29.0972 4328 Atmarpc - ok 11:33:30.0192 4328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 11:33:30.0743 4328 audstub - ok 11:33:30.0883 4328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 11:33:31.0384 4328 Beep - ok 11:33:31.0664 4328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 11:33:32.0155 4328 cbidf2k - ok 11:33:32.0395 4328 cd20xrnt - ok 11:33:32.0676 4328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 11:33:33.0206 4328 Cdaudio - ok 11:33:33.0497 4328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 11:33:34.0258 4328 Cdfs - ok 11:33:34.0488 4328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 11:33:34.0979 4328 Cdrom - ok 11:33:35.0169 4328 Changer - ok 11:33:35.0460 4328 CmdIde - ok 11:33:35.0690 4328 COMMSB96 (4373058afc130b5ebe021f0a2a12b7ec) C:\WINDOWS\system32\drivers\COMMSB96.sys 11:33:35.0860 4328 COMMSB96 ( UnsignedFile.Multi.Generic ) - warning 11:33:35.0860 4328 COMMSB96 - detected UnsignedFile.Multi.Generic (1) 11:33:36.0101 4328 COMMSBEP (bbe6c601f43c21dee3f454f7a23dd5ef) C:\WINDOWS\system32\drivers\COMMSBEP.sys 11:33:36.0281 4328 COMMSBEP ( UnsignedFile.Multi.Generic ) - warning 11:33:36.0281 4328 COMMSBEP - detected UnsignedFile.Multi.Generic (1) 11:33:36.0571 4328 Cpqarray - ok 11:33:36.0742 4328 dac2w2k - ok 11:33:36.0952 4328 dac960nt - ok 11:33:37.0182 4328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 11:33:37.0533 4328 Disk - ok 11:33:37.0923 4328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 11:33:38.0534 4328 dmboot - ok 11:33:38.0744 4328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 11:33:39.0185 4328 dmio - ok 11:33:39.0375 4328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 11:33:39.0836 4328 dmload - ok 11:33:40.0126 4328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 11:33:40.0467 4328 DMusic - ok 11:33:40.0697 4328 dpti2o - ok 11:33:40.0958 4328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 11:33:41.0288 4328 drmkaud - ok 11:33:41.0559 4328 DS1410D (f3bcfdb8fc089258b5b4eeb0e92b5664) C:\WINDOWS\system32\drivers\DS1410D.SYS 11:33:43.0912 4328 DS1410D - ok 11:33:44.0182 4328 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 11:33:44.0763 4328 E100B - ok 11:33:45.0074 4328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 11:33:45.0424 4328 Fastfat - ok 11:33:45.0815 4328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 11:33:46.0155 4328 Fdc - ok 11:33:46.0436 4328 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys 11:33:46.0626 4328 FETND5BV - ok 11:33:46.0836 4328 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys 11:33:47.0257 4328 FETNDIS - ok 11:33:47.0517 4328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 11:33:47.0858 4328 Fips - ok 11:33:48.0138 4328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 11:33:48.0519 4328 Flpydisk - ok 11:33:48.0789 4328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 11:33:49.0139 4328 FltMgr - ok 11:33:49.0360 4328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 11:33:49.0780 4328 Fs_Rec - ok 11:33:50.0031 4328 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys 11:33:50.0291 4328 FTDIBUS - ok 11:33:50.0581 4328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 11:33:51.0072 4328 Ftdisk - ok 11:33:51.0293 4328 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys 11:33:51.0503 4328 FTSER2K - ok 11:33:51.0823 4328 fudally (d5e7365af6c323aba21f38b0356eba16) C:\WINDOWS\system32\drivers\fudally.sys 11:33:51.0913 4328 fudally ( UnsignedFile.Multi.Generic ) - warning 11:33:51.0913 4328 fudally - detected UnsignedFile.Multi.Generic (1) 11:33:52.0214 4328 G400 (36feb2ddce5f84128c2a8dbc60538dad) C:\WINDOWS\system32\DRIVERS\G400m.sys 11:33:52.0725 4328 G400 - ok 11:33:52.0945 4328 G400DH (2dd3d27e36ebf6804c40b843ff10872f) C:\WINDOWS\system32\DRIVERS\g400dhm.sys 11:33:53.0335 4328 G400DH - ok 11:33:53.0576 4328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 11:33:53.0916 4328 Gpc - ok 11:33:54.0237 4328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 11:33:54.0567 4328 HidUsb - ok 11:33:54.0747 4328 hpn - ok 11:33:54.0968 4328 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 11:33:55.0238 4328 HPZius12 - ok 11:33:55.0549 4328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 11:33:55.0789 4328 HTTP - ok 11:33:55.0999 4328 i2omgmt - ok 11:33:56.0200 4328 i2omp - ok 11:33:56.0440 4328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 11:33:56.0861 4328 i8042prt - ok 11:33:57.0151 4328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 11:33:57.0491 4328 Imapi - ok 11:33:57.0692 4328 ini910u - ok 11:33:57.0862 4328 IntelIde - ok 11:33:58.0082 4328 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 11:33:58.0463 4328 ip6fw - ok 11:33:58.0853 4328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 11:33:59.0344 4328 IpFilterDriver - ok 11:33:59.0574 4328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 11:33:59.0975 4328 IpInIp - ok 11:34:00.0235 4328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 11:34:00.0586 4328 IpNat - ok 11:34:00.0826 4328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 11:34:01.0197 4328 IPSec - ok 11:34:01.0447 4328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 11:34:01.0838 4328 IRENUM - ok 11:34:02.0068 4328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 11:34:02.0388 4328 isapnp - ok 11:34:02.0639 4328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 11:34:02.0949 4328 Kbdclass - ok 11:34:03.0200 4328 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 11:34:03.0480 4328 kbdhid - ok 11:34:03.0730 4328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 11:34:04.0011 4328 kmixer - ok 11:34:04.0281 4328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 11:34:04.0612 4328 KSecDD - ok 11:34:04.0812 4328 lbrtfdc - ok 11:34:05.0052 4328 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 11:34:05.0182 4328 MBAMProtector - ok 11:34:05.0473 4328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 11:34:05.0914 4328 mnmdd - ok 11:34:06.0134 4328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 11:34:06.0444 4328 Modem - ok 11:34:06.0715 4328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 11:34:07.0015 4328 Mouclass - ok 11:34:07.0205 4328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 11:34:07.0566 4328 MountMgr - ok 11:34:07.0776 4328 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 11:34:07.0936 4328 MpFilter - ok 11:34:08.0157 4328 MpKslcfc75a0b (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21C0F143-F402-4446-B2B9-9A86D88667FD}\MpKslcfc75a0b.sys 11:34:08.0317 4328 MpKslcfc75a0b - ok 11:34:08.0477 4328 mraid35x - ok 11:34:08.0848 4328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 11:34:09.0158 4328 MRxDAV - ok 11:34:09.0489 4328 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 11:34:09.0859 4328 MRxSmb - ok 11:34:10.0140 4328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 11:34:10.0450 4328 Msfs - ok 11:34:10.0801 4328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 11:34:11.0161 4328 MSKSSRV - ok 11:34:11.0451 4328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 11:34:11.0732 4328 MSPCLOCK - ok 11:34:11.0882 4328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 11:34:12.0163 4328 MSPQM - ok 11:34:12.0373 4328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 11:34:12.0663 4328 mssmbios - ok 11:34:12.0854 4328 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 11:34:13.0034 4328 Mup - ok 11:34:13.0294 4328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 11:34:13.0635 4328 NDIS - ok 11:34:13.0815 4328 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 11:34:13.0905 4328 NdisTapi - ok 11:34:14.0085 4328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 11:34:14.0386 4328 Ndisuio - ok 11:34:14.0616 4328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 11:34:14.0997 4328 NdisWan - ok 11:34:15.0187 4328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 11:34:15.0417 4328 NDProxy - ok 11:34:15.0648 4328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 11:34:15.0968 4328 NetBIOS - ok 11:34:16.0168 4328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 11:34:16.0569 4328 NetBT - ok 11:34:16.0959 4328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 11:34:17.0320 4328 Npfs - ok 11:34:17.0660 4328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 11:34:18.0181 4328 Ntfs - ok 11:34:18.0442 4328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 11:34:18.0852 4328 Null - ok 11:34:19.0123 4328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 11:34:19.0563 4328 NwlnkFlt - ok 11:34:19.0814 4328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 11:34:20.0354 4328 NwlnkFwd - ok 11:34:20.0735 4328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 11:34:21.0165 4328 Parport - ok 11:34:21.0406 4328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 11:34:21.0826 4328 PartMgr - ok 11:34:22.0097 4328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 11:34:22.0608 4328 ParVdm - ok 11:34:22.0838 4328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 11:34:23.0218 4328 PCI - ok 11:34:23.0369 4328 PCIDump - ok 11:34:23.0549 4328 PCIIde - ok 11:34:23.0809 4328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 11:34:24.0150 4328 Pcmcia - ok 11:34:24.0360 4328 PDCOMP - ok 11:34:24.0580 4328 PDFRAME - ok 11:34:24.0791 4328 PDRELI - ok 11:34:25.0001 4328 PDRFRAME - ok 11:34:25.0181 4328 perc2 - ok 11:34:25.0321 4328 perc2hib - ok 11:34:25.0732 4328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 11:34:26.0063 4328 PptpMiniport - ok 11:34:26.0323 4328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 11:34:26.0693 4328 PSched - ok 11:34:26.0974 4328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 11:34:27.0384 4328 Ptilink - ok 11:34:27.0665 4328 ql1080 - ok 11:34:27.0855 4328 Ql10wnt - ok 11:34:28.0055 4328 ql12160 - ok 11:34:28.0246 4328 ql1240 - ok 11:34:28.0386 4328 ql1280 - ok 11:34:28.0596 4328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 11:34:29.0017 4328 RasAcd - ok 11:34:29.0287 4328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 11:34:29.0608 4328 Rasl2tp - ok 11:34:29.0888 4328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 11:34:30.0198 4328 RasPppoe - ok 11:34:30.0439 4328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 11:34:30.0919 4328 Raspti - ok 11:34:31.0170 4328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 11:34:31.0530 4328 Rdbss - ok 11:34:31.0801 4328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 11:34:32.0221 4328 RDPCDD - ok 11:34:32.0512 4328 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 11:34:32.0892 4328 RDPWD - ok 11:34:33.0123 4328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 11:34:33.0453 4328 redbook - ok 11:34:33.0814 4328 S3Psddr (5cf6ea833ebd3cf79573e6960f4b9e0b) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys 11:34:34.0024 4328 S3Psddr - ok 11:34:34.0094 4328 S3SavageNB (5cf6ea833ebd3cf79573e6960f4b9e0b) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys 11:34:34.0184 4328 S3SavageNB - ok 11:34:34.0525 4328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 11:34:34.0855 4328 Secdrv - ok 11:34:35.0166 4328 Sentinel (99c81af18c0bf4d3b2ce0b36941e150f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS 11:34:35.0246 4328 Sentinel ( UnsignedFile.Multi.Generic ) - warning 11:34:35.0246 4328 Sentinel - detected UnsignedFile.Multi.Generic (1) 11:34:35.0506 4328 Ser2pl (0027cb14afaa576881fbaa16bb9762e2) C:\WINDOWS\system32\DRIVERS\ser2pl.sys 11:34:35.0766 4328 Ser2pl - ok 11:34:36.0017 4328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 11:34:36.0307 4328 serenum - ok 11:34:36.0538 4328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 11:34:36.0978 4328 Serial - ok 11:34:37.0329 4328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 11:34:37.0619 4328 Sfloppy - ok 11:34:37.0890 4328 silabenm (3ead8e1668ce42a0afe41d56e7157bcf) C:\WINDOWS\system32\DRIVERS\silabenm.sys 11:34:38.0010 4328 silabenm - ok 11:34:38.0240 4328 silabser (177d3ebf3e236a272d769c14f73ecc3e) C:\WINDOWS\system32\DRIVERS\silabser.sys 11:34:38.0440 4328 silabser - ok 11:34:38.0631 4328 Simbad - ok 11:34:38.0821 4328 slabbus - ok 11:34:39.0021 4328 slabser - ok 11:34:39.0261 4328 Sparrow - ok 11:34:39.0562 4328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 11:34:39.0942 4328 splitter - ok 11:34:40.0183 4328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 11:34:40.0553 4328 sr - ok 11:34:40.0954 4328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 11:34:41.0284 4328 Srv - ok 11:34:41.0565 4328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 11:34:41.0845 4328 swenum - ok 11:34:42.0045 4328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 11:34:42.0366 4328 swmidi - ok 11:34:42.0626 4328 symc810 - ok 11:34:42.0817 4328 symc8xx - ok 11:34:42.0967 4328 sym_hi - ok 11:34:43.0177 4328 sym_u3 - ok 11:34:43.0377 4328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 11:34:43.0718 4328 sysaudio - ok 11:34:43.0968 4328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 11:34:44.0209 4328 Tcpip - ok 11:34:44.0409 4328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 11:34:44.0709 4328 TDPIPE - ok 11:34:44.0940 4328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 11:34:45.0270 4328 TDTCP - ok 11:34:45.0450 4328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 11:34:45.0801 4328 TermDD - ok 11:34:46.0051 4328 TosIde - ok 11:34:46.0262 4328 U2SP (975e28ba5acdd645c3d7a6775a63c8d9) C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys 11:34:46.0412 4328 U2SP - ok 11:34:46.0632 4328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 11:34:47.0003 4328 Udfs - ok 11:34:47.0163 4328 ultra - ok 11:34:47.0433 4328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 11:34:47.0894 4328 Update - ok 11:34:48.0114 4328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 11:34:48.0445 4328 usbccgp - ok 11:34:48.0745 4328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 11:34:49.0036 4328 usbehci - ok 11:34:49.0266 4328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 11:34:49.0606 4328 usbhub - ok 11:34:49.0817 4328 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 11:34:50.0097 4328 usbohci - ok 11:34:50.0287 4328 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 11:34:50.0588 4328 usbprint - ok 11:34:50.0848 4328 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys 11:34:51.0139 4328 usbser - ok 11:34:51.0359 4328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 11:34:51.0649 4328 USBSTOR - ok 11:34:51.0850 4328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 11:34:52.0330 4328 usbuhci - ok 11:34:52.0601 4328 USB_RNDIS (baca551d105637c488631c8b4766f2fc) C:\WINDOWS\system32\DRIVERS\usb8023y.sys 11:34:52.0751 4328 USB_RNDIS - ok 11:34:52.0961 4328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 11:34:53.0262 4328 VgaSave - ok 11:34:53.0482 4328 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 11:34:53.0812 4328 viaagp - ok 11:34:54.0023 4328 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 11:34:54.0303 4328 ViaIde - ok 11:34:54.0563 4328 VIAudio (5e02b47671ec147251ab5487d039474d) C:\WINDOWS\system32\drivers\vinyl97.sys 11:34:54.0764 4328 VIAudio - ok 11:34:54.0974 4328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 11:34:55.0335 4328 VolSnap - ok 11:34:55.0645 4328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 11:34:55.0955 4328 Wanarp - ok 11:34:56.0216 4328 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 11:34:56.0416 4328 Wdf01000 - ok 11:34:56.0616 4328 WDICA - ok 11:34:56.0857 4328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 11:34:57.0237 4328 wdmaud - ok 11:34:57.0608 4328 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 11:34:57.0778 4328 WinUSB - ok 11:34:58.0179 4328 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 11:34:58.0389 4328 WudfPf - ok 11:34:58.0790 4328 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 11:34:58.0960 4328 WudfRd - ok 11:34:59.0240 4328 xgusb (cc810d6559da1307b7175dcf2a0f7411) C:\WINDOWS\system32\Drivers\xgusb.sys 11:34:59.0390 4328 xgusb - ok 11:34:59.0781 4328 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0 11:34:59.0801 4328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 11:34:59.0801 4328 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 11:35:00.0402 4328 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 11:35:00.0402 4328 \Device\Harddisk0\DR0 - detected TDSS File System (1) 11:35:00.0442 4328 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 11:35:00.0873 4328 \Device\Harddisk1\DR1 - ok 11:35:00.0913 4328 MBR (0x1B8) (45f1f43ffa09e1f67a5a75b764977af9) \Device\Harddisk2\DR8 11:35:09.0465 4328 \Device\Harddisk2\DR8 - ok 11:35:09.0515 4328 Boot (0x1200) (f5d9c04557273ed9f16ab904c0879bd9) \Device\Harddisk0\DR0\Partition0 11:35:09.0545 4328 \Device\Harddisk0\DR0\Partition0 - ok 11:35:09.0605 4328 Boot (0x1200) (e8a65e34631d63c922c871cbb555b645) \Device\Harddisk0\DR0\Partition1 11:35:09.0625 4328 \Device\Harddisk0\DR0\Partition1 - ok 11:35:09.0645 4328 Boot (0x1200) (084dfc198d2b35a8ab0ac012e5bc335a) \Device\Harddisk1\DR1\Partition0 11:35:09.0645 4328 \Device\Harddisk1\DR1\Partition0 - ok 11:35:09.0685 4328 Boot (0x1200) (cb38548140b40ac5f24c4cd4641b326f) \Device\Harddisk1\DR1\Partition1 11:35:09.0695 4328 \Device\Harddisk1\DR1\Partition1 - ok 11:35:09.0705 4328 ============================================================ 11:35:09.0705 4328 Scan finished 11:35:09.0705 4328 ============================================================ 11:35:09.0865 4512 Detected object count: 7 11:35:09.0865 4512 Actual detected object count: 7 11:38:17.0585 4512 Amps2prt ( UnsignedFile.Multi.Generic ) - skipped by user 11:38:17.0585 4512 Amps2prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:38:17.0585 4512 COMMSB96 ( UnsignedFile.Multi.Generic ) - skipped by user 11:38:17.0585 4512 COMMSB96 ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:38:17.0585 4512 COMMSBEP ( UnsignedFile.Multi.Generic ) - skipped by user 11:38:17.0585 4512 COMMSBEP ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:38:17.0585 4512 fudally ( UnsignedFile.Multi.Generic ) - skipped by user 11:38:17.0595 4512 fudally ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:38:17.0605 4512 Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user 11:38:17.0605 4512 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:38:18.0667 4512 \Device\Harddisk0\DR0\# - copied to quarantine 11:38:19.0218 4512 \Device\Harddisk0\DR0 - copied to quarantine 11:38:19.0348 4512 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 11:38:19.0428 4512 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 11:38:19.0879 4512 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 11:38:20.0189 4512 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 11:38:20.0279 4512 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 11:38:20.0510 4512 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 11:38:24.0315 4512 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 11:38:24.0575 4512 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 11:38:24.0636 4512 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 11:38:24.0716 4512 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 11:38:24.0776 4512 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 11:38:24.0996 4512 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 11:38:25.0297 4512 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 11:38:25.0297 4512 \Device\Harddisk0\DR0 - ok 11:38:40.0929 4512 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 11:38:40.0939 4512 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 11:38:40.0939 4512 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 11:38:47.0328 2096 Deinitialize success and: ComboFix 12-02-16.02 - Owner 02/16/2012 12:15:43.1.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1536.1073 [GMT -5:00] Running from: k:\malware tools\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ADS - WINDOWS: deleted 192 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Owner\g2mdlhlpx.exe c:\documents and settings\Owner\Local Settings\Application Data\{362E1EF8-5A5D-4510-9410-01FEAE88CE10} c:\documents and settings\Owner\Local Settings\Application Data\{362E1EF8-5A5D-4510-9410-01FEAE88CE10}\chrome.manifest c:\documents and settings\Owner\Local Settings\Application Data\{362E1EF8-5A5D-4510-9410-01FEAE88CE10}\chrome\content\overlay.xul c:\documents and settings\Owner\Local Settings\Application Data\{362E1EF8-5A5D-4510-9410-01FEAE88CE10}\install.rdf c:\documents and settings\Owner\Local Settings\Application Data\assembly\tmp c:\documents and settings\Owner\Local Settings\Application Data\assembly\tmp\KUY27BFJ\FsdDoc2003.DLL c:\documents and settings\Owner\WINDOWS c:\windows\dasetup.log c:\windows\ST6UNST.000 c:\windows\system32\_if8F.tmp c:\windows\system32\_ifA.tmp c:\windows\system32\_ifB.tmp c:\windows\system32\uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 ))))))))))))))))))))))))))))))) . . 2012-02-16 16:52 . 2012-02-16 16:52 -------- d-----w- c:\windows\LastGood 2012-02-16 16:38 . 2012-02-16 16:38 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-16 15:32 . 2012-02-16 15:32 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21C0F143-F402-4446-B2B9-9A86D88667FD}\MpKslcfc75a0b.sys 2012-02-15 21:32 . 2012-02-16 16:57 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21C0F143-F402-4446-B2B9-9A86D88667FD}\offreg.dll 2012-02-15 17:25 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21C0F143-F402-4446-B2B9-9A86D88667FD}\mpengine.dll 2012-01-27 15:28 . 2012-01-27 15:28 -------- d-----w- c:\program files\Motorola Media Link 2012-01-27 15:23 . 2012-01-27 15:23 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp 2012-01-24 16:26 . 2012-01-24 16:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Solid State Networks 2012-01-24 16:13 . 2012-01-25 21:04 -------- d-----w- c:\documents and settings\Owner\Application Data\gpdf2swf 2012-01-24 16:11 . 2012-01-24 16:12 -------- d-----w- c:\program files\SWFTools 2012-01-18 21:02 . 2005-10-15 03:41 72192 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp43a.dll 2012-01-18 21:02 . 2005-10-15 03:42 37376 ----a-w- c:\windows\system32\hpz3l43a.dll 2012-01-18 20:25 . 2005-03-14 18:39 65536 ----a-w- c:\windows\system32\HPZinw12.exe 2012-01-18 20:25 . 2005-03-14 17:05 69632 ----a-w- c:\windows\system32\HPZipm12.exe 2012-01-18 20:25 . 2005-03-08 16:55 57344 ----a-w- c:\windows\system32\HPZisn12.dll 2012-01-18 20:25 . 2005-03-08 16:55 94208 ----a-w- c:\windows\system32\HPZipt12.dll 2012-01-18 20:25 . 2005-03-14 17:05 204800 ----a-w- c:\windows\system32\HPZipr12.dll 2012-01-18 20:25 . 2005-03-14 17:03 278584 ----a-w- c:\windows\system32\HPZidr12.dll 2012-01-18 20:24 . 2012-01-18 20:25 -------- d-----w- c:\program files\HP 2012-01-18 20:21 . 2005-10-28 00:51 77824 ----a-w- c:\windows\system32\hpzids01.dll 2012-01-18 20:21 . 2005-09-09 23:28 98304 ----a-w- c:\windows\system32\hpzjsn01.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-01 15:43 . 2009-05-11 12:46 65536 ----a-w- c:\windows\IFinst27.exe 2012-01-31 12:44 . 2011-08-29 12:04 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-06 04:19 . 2011-09-19 12:08 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-12-10 20:24 . 2009-08-06 12:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-28 13:24 . 2011-06-16 12:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-25 21:57 . 2003-03-31 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2003-03-31 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-03-18 17:53 . 2011-03-30 18:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2009-12-09 645296] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="c:\hardware\Mouse\Amoumain.exe" [2002-03-09 225280] "Malwarebytes' Anti-Malware"="c:\program files\Security Applications\Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Office Taskbar.lnk - c:\windows\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\misc.exe [2009-5-8 28160] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ApxFamilyCPS Startup.lnk.disabled] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ApxFamilyCPS Startup.lnk.disabled backup=c:\windows\pss\ApxFamilyCPS Startup.lnk.disabledCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk.disabled] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk.disabled backup=c:\windows\pss\QuickBooks Update Agent.lnk.disabledCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk backup=c:\windows\pss\QuickBooks Web Connector.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-01-04 03:51 37296 ----a-w- c:\program files\Adobe Reader\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayFusion] 2009-12-09 18:31 645296 ----a-w- c:\program files\DisplayFusion\DisplayFusion.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] 2007-02-26 05:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager] 2011-12-06 14:40 2215768 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matrox PowerDesk SE] 2009-06-11 21:43 4223232 ----a-w- c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotoCast] 2012-01-27 15:31 1704 ----a-w- c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] 2011-06-15 19:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] 2009-09-02 14:42 4052152 ----a-w- c:\program files\Pando\pando.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe Reader\Reader\Reader_sl.exe" "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume "SunJavaUpdateSched"="c:\program files\Java\bin\jusched.exe" "VTPreset"=VTPreset.exe "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Pando\\pando.exe"= "c:\\Program Files\\Programming Applications\\Motorola\\MotoTrbo\\mototrbocps.exe"= "f:\\Program Files\\QB Enterprise\\QBDBMgrN.exe"= "c:\\Program Files\\Motorola Media Link\\Lite\\MML.exe"= "c:\\Program Files\\Motorola Mobility\\MotoCast\\motocast.exe"= "c:\\Program Files\\Motorola Mobility\\MotoCast\\bin\\MotoCast-thumbnailer.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56191:TCP"= 56191:TCP:Pando P2P TCP Listening Port "56191:UDP"= 56191:UDP:Pando P2P UDP Listening Port "58345:TCP"= 58345:TCP:Pando P2P TCP Listening Port "58345:UDP"= 58345:UDP:Pando P2P UDP Listening Port . R3 Amps2prt;AOpen PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [3/9/2002 4:35 PM 9216] S1 MpKsl7ba122be;MpKsl7ba122be;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21C0F143-F402-4446-B2B9-9A86D88667FD}\MpKsl7ba122be.sys [2/16/2012 11:52 AM 29904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384] S2 COMMSB96;COMMSB96;c:\windows\system32\drivers\COMMSB96.sys [5/4/2009 3:42 PM 24776] S2 COMMSBEP;COMMSBEP;c:\windows\system32\drivers\COMMSBEP.sys [5/4/2009 3:42 PM 44236] S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [12/15/2011 2:18 PM 87368] S2 Matrox Centering Service;Matrox Centering Service;c:\program files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [6/11/2009 4:44 PM 1263872] S2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [6/11/2009 4:43 PM 344832] S2 MBAMService;MBAMService;c:\program files\Security Applications\Anti-Malware\mbamservice.exe [8/6/2009 7:04 AM 652872] S2 MIP 5000 TFTP Server;MIP 5000 TFTP Server;c:\program files\Programming Applications\Motorola\MIP5K\TFTP\TFTP Server.exe [2/11/2009 7:13 AM 136704] S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [11/14/2011 2:44 PM 218992] S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [11/2/2011 8:24 AM 68896] S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 8:31 PM 1248256] S3 fudally;fudally;c:\windows\system32\drivers\fudally.sys [2/9/2004 9:39 AM 12928] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/6/2009 7:04 AM 20464] S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [6/17/2011 7:11 AM 47176] S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [6/17/2011 7:11 AM 58496] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504] S3 xgusb;Unity XG Devices;c:\windows\system32\drivers\xgusb.sys [11/12/2010 12:14 PM 30720] . Contents of the 'Scheduled Tasks' folder . 2012-01-09 c:\windows\Tasks\defrag.job - c:\windows\system32\defrag.exe [2003-03-31 09:42] . 2012-02-16 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 24.92.226.11 24.92.226.12 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - f:\program files\QB Enterprise\HelpAsyncPluggableProtocol.dll FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e27eqehy.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.com/ . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-FileZilla Server Interface - c:\program files\FileZilla Server\FileZilla Server Interface.exe MSConfigStartUp-Lsoquqerofiboqax - c:\windows\dpmshe.dll MSConfigStartUp-Uwovotohunicap - c:\windows\izucuhuhoneniqe.dll AddRemove-Avira NTFS4DOS - c:\program files\Avira\NTFS4DOS\uninst.exe AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60 . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-16 12:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-02-16 12:28:01 ComboFix-quarantined-files.txt 2012-02-16 17:27 . Pre-Run: 14,490,435,584 bytes free Post-Run: 15,984,713,728 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /maxmem=1536 . - - End Of File - - 7C8F7EC00CE9F93B7B6828AF28D64C71

durn thing is running slow as hell, and something is messing with virtual memory. Here's my stuff: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Owner at 10:28:00 on 2012-02-16 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1536.468 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe C:\Program Files\Java\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe C:\Program Files\Security Applications\Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mgabg.exe C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe C:\WINDOWS\system32\NLSSRV32.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Hardware\Mouse\Amoumain.exe C:\Program Files\Security Applications\Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Microsoft\Office\Taskbar\Office\1033\msoffice.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\System32\MsiExec.exe C:\WINDOWS\system32\rundll32.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\lib\deploy\jqs\ie\jqs_plugin.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [WheelMouse] c:\hardware\mouse\Amoumain.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\security applications\anti-malware\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\windows\installer\{00030409-78e1-11d2-b60f-006097c998e7}\misc.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://leagueathletics.com/XUpload.ocx DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: DhcpNameServer = 24.92.226.11 24.92.226.12 TCP: Interfaces\{5866CAD3-85A2-469E-A9F0-FCCE62AB7711} : DhcpNameServer = 24.92.226.11 24.92.226.12 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - f:\program files\qb enterprise\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\e27eqehy.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.com/ FF - plugin: c:\program files\adobe reader\reader\air\nppdf32.dll FF - plugin: c:\program files\adobe reader\reader\browser\nppdf32.dll FF - plugin: c:\program files\java\bin\new_plugin\npdeploytk.dll FF - plugin: c:\program files\java\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648] R1 MpKsl8ad52afc;MpKsl8ad52afc;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21c0f143-f402-4446-b2b9-9a86d88667fd}\MpKsl8ad52afc.sys [2012-2-15 29904] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 COMMSB96;COMMSB96;c:\windows\system32\drivers\COMMSB96.sys [2009-5-4 24776] R2 COMMSBEP;COMMSBEP;c:\windows\system32\drivers\COMMSBEP.sys [2009-5-4 44236] R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-12-15 87368] R2 Matrox Centering Service;Matrox Centering Service;c:\program files\matrox graphics inc\powerdesk\services\Matrox.PowerDesk.Services.exe [2009-6-11 1263872] R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\matrox graphics inc\powerdesk se\Matrox.Pdesk.ServicesHost.exe [2009-6-11 344832] R2 MBAMService;MBAMService;c:\program files\security applications\anti-malware\mbamservice.exe [2009-8-6 652872] R2 MIP 5000 TFTP Server;MIP 5000 TFTP Server;c:\program files\programming applications\motorola\mip5k\tftp\TFTP Server.exe [2009-2-11 136704] R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-11-14 218992] R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-11-2 68896] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-8-19 1248256] R3 Amps2prt;AOpen PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2002-3-9 9216] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-6 20464] S3 fudally;fudally;c:\windows\system32\drivers\fudally.sys [2004-2-9 12928] S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2011-6-17 47176] S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2011-6-17 58496] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 xgusb;Unity XG Devices;c:\windows\system32\drivers\xgusb.sys [2010-11-12 30720] . =============== Created Last 30 ================ . 2012-02-15 21:32:10 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21c0f143-f402-4446-b2b9-9a86d88667fd}\offreg.dll 2012-02-15 21:32:10 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21c0f143-f402-4446-b2b9-9a86d88667fd}\MpKsl8ad52afc.sys 2012-02-15 17:25:55 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21c0f143-f402-4446-b2b9-9a86d88667fd}\mpengine.dll 2012-01-27 15:28:46 -------- d-----w- c:\program files\Motorola Media Link 2012-01-27 15:23:58 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp 2012-01-24 16:26:07 -------- d-----w- c:\documents and settings\owner\local settings\application data\Solid State Networks 2012-01-24 16:13:07 -------- d-----w- c:\documents and settings\owner\application data\gpdf2swf 2012-01-24 16:11:52 -------- d-----w- c:\program files\SWFTools 2012-01-18 21:02:58 72192 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp43a.dll 2012-01-18 21:02:53 37376 ----a-w- c:\windows\system32\hpz3l43a.dll 2012-01-18 20:25:48 94208 ----a-w- c:\windows\system32\HPZipt12.dll 2012-01-18 20:25:48 69632 ----a-w- c:\windows\system32\HPZipm12.exe 2012-01-18 20:25:48 65536 ----a-w- c:\windows\system32\HPZinw12.exe 2012-01-18 20:25:48 57344 ----a-w- c:\windows\system32\HPZisn12.dll 2012-01-18 20:25:47 278584 ----a-w- c:\windows\system32\HPZidr12.dll 2012-01-18 20:25:47 204800 ----a-w- c:\windows\system32\HPZipr12.dll 2012-01-18 20:24:05 -------- d-----w- c:\program files\HP 2012-01-18 20:21:34 98304 ----a-w- c:\windows\system32\hpzjsn01.dll 2012-01-18 20:21:34 77824 ----a-w- c:\windows\system32\hpzids01.dll . ==================== Find3M ==================== . 2012-02-01 15:43:27 65536 ----a-w- c:\windows\IFinst27.exe 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-28 13:24:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: HDS728080PLAT20 rev.PF2OA21B -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A0FB49F]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a102738]; MOV EAX, [0x8a1028ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A4BAAB8] 3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000061[0x8A4E19E8] 5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x8A4DE940] \Driver\atapi[0x8A2F03F0] -> IRP_MJ_CREATE -> 0x8A0FB49F error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x8A0FB2C6 user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 10:32:13.05 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 4/23/2009 3:41:21 PM System Uptime: 2/16/2012 10:14:11 AM (0 hours ago) . Motherboard: ECS | | M825VXX Processor: AMD Duron | Socket-A | 1300/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 39 GiB total, 13.547 GiB free. D: is CDROM (CDFS) E: is FIXED (NTFS) - 38 GiB total, 16.651 GiB free. F: is FIXED (NTFS) - 39 GiB total, 37.59 GiB free. G: is FIXED (NTFS) - 35 GiB total, 34.714 GiB free. H: is CDROM () K: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP828: 1/11/2012 3:08:51 PM - Installed ASTRO 25 Mobile CPS RP829: 1/11/2012 3:28:33 PM - Installed ASTRO 25 Portable CPS RP830: 1/11/2012 3:34:26 PM - Unsigned driver install RP831: 1/13/2012 8:19:44 AM - Software Distribution Service 3.0 RP832: 1/13/2012 1:40:32 PM - Unsigned driver install RP833: 1/16/2012 8:03:19 AM - Software Distribution Service 3.0 RP834: 1/17/2012 11:43:23 AM - Unsigned driver install RP835: 1/18/2012 8:27:20 AM - Software Distribution Service 3.0 RP836: 1/18/2012 3:39:29 PM - Removed Adobe Content Viewer RP837: 1/18/2012 3:39:52 PM - Removed Adobe Download Assistant RP838: 1/18/2012 3:42:29 PM - Removed Adobe Community Help RP839: 1/18/2012 3:44:45 PM - Removed XPS Essentials Pack RP840: 1/19/2012 9:33:36 AM - Software Distribution Service 3.0 RP841: 1/19/2012 9:41:16 AM - Software Distribution Service 3.0 RP842: 1/20/2012 12:02:15 PM - System Checkpoint RP843: 1/20/2012 12:53:32 PM - Removed MOTOTRBO Customer Programming Software RP844: 1/20/2012 12:57:28 PM - Removed MOTOTRBO Tuner RP845: 1/20/2012 1:04:46 PM - Installed Microsoft Visual C++ 2005 Redistributable RP846: 1/20/2012 1:05:21 PM - Installed MOTOTRBO Customer Programming Software RP847: 1/20/2012 1:10:12 PM - Installed MOTOTRBO Tuner RP848: 1/23/2012 8:02:28 AM - Software Distribution Service 3.0 RP849: 1/24/2012 8:31:03 AM - System Checkpoint RP850: 1/25/2012 8:02:53 AM - Software Distribution Service 3.0 RP851: 1/26/2012 8:12:56 AM - Software Distribution Service 3.0 RP852: 1/27/2012 8:15:31 AM - Software Distribution Service 3.0 RP853: 1/27/2012 10:18:28 AM - Installed MotoCast RP854: 1/30/2012 8:04:29 AM - Software Distribution Service 3.0 RP855: 1/31/2012 2:06:01 PM - System Checkpoint RP856: 2/1/2012 8:03:43 AM - Software Distribution Service 3.0 RP857: 2/2/2012 8:07:26 AM - Software Distribution Service 3.0 RP858: 2/3/2012 11:26:27 AM - System Checkpoint RP859: 2/6/2012 8:05:43 AM - Software Distribution Service 3.0 RP860: 2/7/2012 2:59:26 PM - System Checkpoint RP861: 2/7/2012 4:32:26 PM - Software Distribution Service 3.0 RP862: 2/8/2012 8:12:15 AM - Software Distribution Service 3.0 RP863: 2/9/2012 1:32:41 PM - System Checkpoint RP864: 2/10/2012 8:02:23 AM - Software Distribution Service 3.0 RP865: 2/13/2012 8:08:35 AM - Software Distribution Service 3.0 RP866: 2/14/2012 10:48:58 AM - Software Distribution Service 3.0 RP867: 2/15/2012 12:25:35 PM - Software Distribution Service 3.0 RP868: 2/16/2012 8:04:19 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . 1-Wire Drivers Version 4.02 Beta ACU Controller Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader 9.5.0 Adobe SVG Viewer 3.0 AOpen iWheelWorks Ver. 3.32 ApxFamilyCPS R05.01.00 ApxFamilyTuner R05.00.00 ASTRO 25 Mobile CPS ASTRO 25 Portable CPS ASTRO 25 Tuner ASTRO Radio Tuner ASTRO Saber & XTS 3000 CPS ASTRO Spectra CPS Avira NTFS4DOS 1.9 Business Portable Two Way Radio Business Radio - Customer Programming Software CARD Suite 4.3.0 CE39 for Windows CE44 for Windows CE49SetUp CE59 for Windows(VX-4200_4100_920_820 Series) CE64 CE82 for Windows Commercial Series Customer Programming Software Commercial Series Radios Patch Tool for Codeplug Corruption Compatibility Pack for the 2007 Office system CompuPic CP110 CPS CPS R02.02 CPS Reports Crystal Reports Basic Runtime for Visual Studio 2008 CSDM-Lite Data Doctor Recovery Removable Media (Demo) Dell Driver Download Manager DisplayFusion 3.1.6 DTMF Decoder Entry Level Radio Customer Programming Software Entry Level Radio Tuner FTDI USB Serial Converter Drivers GoToMeeting 4.8.0.723 GT Radio Harris LMR Communications Planning Application 1.1.1 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB959765) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB971276-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Deskjet 6900 series Icom CS-F100 Icom CS-F100 ADJ Icom CS-F100S Icom CS-F100S ADJ Icom CS-F11 Icom CS-F11 ADJ Icom CS-F3020/F5020 Icom CS-F3160/F5060 Icom CS-F3G Icom CS-F3G ADJ Icom CS-F43TR Icom CS-F43TR ADJ Icom CS-F50 ADJ Icom CS-F500 Icom CS-F50MDC Icom CS-F70/F1700 Icom CS-F70/F1700 ADJ Java 6 Update 14 KeySecure KL3 Universal Programmer Ver 3.88 KPG-101D KPG-38D KPG-44D KPG-49D KPG-56D KPG-59D KPG-79D KPG-82D KPG-88D KPG-89D KPG-91D KPG-99D Malwarebytes Anti-Malware version 1.60.1.1000 Matrox Graphics Software (remove only) Matrox PowerDesk-SE MC Series RSS MCS2000 CPS MCS2000 Tuner Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Antimalware Microsoft Application Error Reporting Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Small Business Microsoft Office 2003 Primary Interop Assemblies Microsoft Office Professional Edition 2003 Microsoft Report Viewer Redistributable 2008 (KB971118) Microsoft Security Client Microsoft Security Essentials Microsoft SQL Server Compact 3.5 SP1 English Microsoft User-Mode Driver Framework Feature Pack 1.7 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft WinUsb 1.0 Microsoft XML Parser and SDK Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Minitor V PPS Minitor4 PPS MIP 5000 CSDM Mobile Firmware Kit R04.00.02 with Codeplug R07.01 Mobile Firmware Kit R04.01.02 with Codeplug R08.00 Mobile Firmware Kit R05.08.05 Mobile Upgrade Kit R05.09.01 Mobile Upgrade Kit R05.10.02 MotoCast MotoHelper 2.1.32 Driver 5.4.0 MotoHelper MergeModules Motorola Entry Level Professional Radio CPS-R02.01.03-AA MOTOROLA MEDIA LINK Motorola Mobile Drivers Installation 5.4.0 Motorola Professional Radio CPS-R06.12.04 Motorola Radius 1225 Series RSS Motorola Radius 1225LS Series RSS Motorola Trunking Professional Radio CPS R02.00.00-AA Motorola Trunking Professional Radio CPS R02.03.00 MOTOTRBO Customer Programming Software MOTOTRBO R010810_100001 Repeater Update Packages MOTOTRBO R010820_100001 Mobile Update Packages MOTOTRBO R010820_100001 Portable Update Packages MOTOTRBO RDAC MOTOTRBO Tuner MOTOTRBO Wireline_02030122 MTR3000 FPGA Image Upgrade Mozilla Firefox 4.0 (x86 en-US) MS Speech MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MTS2000 CPS MTS2000 Tuner NVIDIA Drivers Paint.NET v3.5.10 Pando PL-2303 USB-to-Serial Portable Firmware Kit R03.07.01A with Codeplug R10.01 Portable Upgrade Kit R05.16.01 - Non Four Line Display PR860 Customer Programming Software Premier MDC - NY ONTARIO COUNTY SHERIFF Professional Series Customer Programming Software ProSavageDDR and Utilities PX-777 QFolder QuickBooks QuickBooks Enterprise Solutions 12.0 Radio Service Software RDX Series CPS RPV599A & RPU499A Programming Software RPV599A Programming Software RPV599A&RPU499A Programming Software V2.3 S3Display S3Gamma2 S3Info2 S3Overlay Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Sentinel System Driver Sentralok-A Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 SVR-250 CPS Tuner Professional(R02.15.00) Tuner R02.16.00 for Motorola Professional and Entry Level Radios Tweak UI Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) UpgradeKit_Conv_Mobile_R05.10.01 UpgradeKit_Portable_R05.17.01_Non_Four_Lines_Display_Radios UpgradeKit_Portable_R05.17.02_Non_Four_Lines_Display_Radios VIA Rhine-Family Fast Ethernet Adapter WebFldrs XP Windows Backup Utility Windows Driver Package - Motorola Corporation (USB_RNDIS) Net (05/13/2005 5.2.3790.1454) Windows Driver Package - Motorola Solutions, Inc. (fudally) MotorolaUSBFlashZap (04/12/2011 03.04.00.00) Windows Driver Package - Motorola, Inc. (fudally) MotorolaUSBFlashZap (11/26/2007 03.04.00.00) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows XP Service Pack 3 WinRAR archiver WinRSS winSJIpp for MOTOTRBO winSJIpp for MOTOTRBO (c:\Program Files\Programming Applications\Motorola\MotoTrbo\SJ for Turbo\) WinZip XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 2/9/2012 8:07:27 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Pando\pando.exe. Reference error message: The operation completed successfully. . 2/9/2012 8:07:27 AM, error: DCOM [10000] - Unable to start a DCOM Server: {FA08F856-F05E-499B-9A48-F153A147DF27}. The error: "%14001" Happened while starting this command: "C:\Program Files\Pando\pando.exe" -Embedding 2/16/2012 8:33:55 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2633880). 2/16/2012 7:58:27 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBIDPService service to connect. 2/16/2012 10:18:17 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 2/16/2012 10:18:17 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/16/2012 10:13:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 DS1410D Fips MpFilter 2/16/2012 10:00:35 AM, error: E100B [4] - Adapter IBM 10/100 EtherJet PCI Adapter with Alert on LAN: Adapter Link Down 2/13/2012 7:59:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect. . ==== End Of File ===========================

Trying to recover my father's computer here........I bought the PRO ver of MBAM for him the last time he got infected, so I don't know why it didn't protect him from this, but I've followed the posted instructions. I can boot to safe mode, MBAM runs but then disappears. I have no WAN connection at the infected computer, but it is NOT setup for proxy server, so I don't know what's up with that. I've run the defogger, and while it did not give me an error message, it did not prompt me to reboot when it was done. I have a DDS log: . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 9.0.8112.16421 Run by Robert J Rosso Sr at 10:58:27 on 2011-09-30 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1607 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\2695051426:1573346399.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\Explorer.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://www.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: N/A: {796b75f6-6187-47e2-8f1f-c16e059e6e19} - c:\program files\filmfanatic\bar\1.bin\paSrcAs.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Toolbar BHO: {631acb68-57c3-48af-9cc5-fcec0837ffd3} - c:\progra~1\filmfa~2\bar\1.bin\pabar.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Search Assistant BHO: {d5e9b421-c309-41de-9014-800a2adcdeb0} - c:\program files\filmfanatic\bar\1.bin\paSrcAs.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: FilmFanatic: {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - c:\program files\filmfanatic\bar\1.bin\pabar.dll TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Z88ffRZZ9hTwjCe8234A] c:\users\robert j rosso sr\appdata\roaming\czzppnyccauvdob\s4pppmG5sQJ.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [iYogi Support Dock] "c:\program files\iyogi support dock\iYogiSupportDock.exe" mRun: [FilmFanatic Browser Plugin Loader] c:\progra~1\filmfa~2\bar\1.bin\pabrmon.exe mRun: [selectRebates] c:\program files\selectrebates\SelectRebates.exe mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNTYwODk2ODg2LUZMMTArMS1MSUMrOC1TUDErMS1TUDFUQisxLVNVUCs0LVNQMVM0KzEtRERUKzQyOTQ5MTg3ODUtREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzMtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisx"&"prod=90"&"ver=10.0.1410 mRunOnce: [GrpConv] grpconv -o mRunOnce: [innoSetupRegFile.0000000001] "c:\windows\is-TU4O6.exe" /REG /REGSVRMODE mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\robert~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking10\program\natspeak.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpbutt~1.lnk - c:\program files\hp\button manager\BM.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll LSP: mswsock.dll DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab TCP: DhcpNameServer = 24.92.226.11 24.92.226.12 TCP: Interfaces\{9DA5979C-A11D-4EE3-9723-D911AF231DA3} : DhcpNameServer = 24.92.226.40 24.92.226.41 TCP: Interfaces\{BB061B13-EC18-4E70-A718-9FD9008A964E} : DhcpNameServer = 24.92.226.11 24.92.226.12 Notify: igfxcui - igfxdev.dll Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FilmFanaticService;FilmFanaticService;c:\progra~1\filmfa~2\bar\1.bin\pabarsvc.exe [2011-7-26 42504] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-18 21504] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-24 136176] S2 SupportDockService.exe;Support Dock Service;c:\program files\iyogi support dock\services\commagent\SupportDockService.exe [2011-6-13 73728] S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\drivers\nvtcam.sys [2010-7-14 2696960] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-11 54632] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-24 136176] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-09-30 14:11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-09-30 14:11:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-30 14:11:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-30 14:11:22 94896 ----a-w- c:\windows\system32\drivers\04298979.sys 2011-09-30 12:46:45 709968 ----a-w- c:\windows\is-TU4O6.exe 2011-09-30 12:26:12 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\ztzP0ycA1v2n4 2011-09-30 12:26:12 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\RmH5sQJ7dKgZhXj 2011-09-30 12:14:14 48016 --sha-w- c:\windows\system32\c_34746.nl_ 2011-09-28 21:03:11 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\z6dWK7fRLg 2011-09-28 21:03:11 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\QUCekIBrNx0v2pG 2011-09-28 19:39:22 2456064 ----a-w- c:\users\robert j rosso sr\appdata\roaming\wmplayer.exe 2011-09-28 19:39:12 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\IEwe0Dd9hXjV 2011-09-28 19:39:10 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\gGaW9YkO0Sb4mJ 2011-09-28 17:25:11 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\WqVlNcib3467 2011-09-28 17:25:06 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\ZF5dEBrzv3GO 2011-09-28 14:43:16 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\e2onF4pmHsJdKg 2011-09-28 14:43:15 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\LqUVlOBtx0c1v3m 2011-09-28 14:01:22 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\guv2F3pnGaWVzN 2011-09-28 14:01:21 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\e2obF3p5aJdXjCB 2011-09-28 11:10:25 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\UBtzPNA1uDoFpGs 2011-09-28 11:10:25 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\FnF4pm7dE8RhXUe 2011-09-28 11:05:38 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\ptzPNycA1v2b 2011-09-28 11:05:38 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\DJ7dEK8gR9YwUI 2011-09-27 23:46:13 2456064 ----a-w- c:\users\robert j rosso sr\appdata\roaming\java.exe 2011-09-27 23:31:32 2456064 ----a-w- c:\users\robert j rosso sr\appdata\roaming\iexplore.exe 2011-09-27 23:26:12 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\yvD2onF4pHsJdK 2011-09-27 23:26:12 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\CgRZ9hYXwUe 2011-09-27 23:19:44 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\HDDD33pnG4a 2011-09-27 23:19:44 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\CIVVrrzONtxAuc2 2011-09-27 23:19:36 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\ZQQQJ77dEK8RZ9Y 2011-09-27 23:19:36 -------- d-----w- c:\users\robert j rosso sr\appdata\roaming\CzzPPNyccAuvDob . ==================== Find3M ==================== . 2011-09-30 13:29:10 72192 ----a-w- c:\windows\system32\drivers\tdx.sys 2011-07-24 19:43:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll 2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys . ============= FINISH: 10:59:50.68 =============== I have the other DDS log file attached, but when I try to run the GMER rootkit scanner, it starts up and then disappears, like MBAM does, so I don't get the opportunity to save the log. I'm doing this all from save mode, Vista Home. - Sarge Semper Fi attach.txt

I've tried to remove this damned program using the different instructions posted on the web with no success. I'm using MBAM Pro, but I can't get it to run.......it starts then it disappears.......I don't know what to do now. Is there any help here with this kind of problem? Semper Fi