Jump to content

vandy

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

0 Neutral

Contact Methods

  • Website URL
    http://
  • ICQ
    0
  1. Hello, I am in need of help with a rootkit problem that just won't go away. Not sure if it is 0access or something else but Malwarebytes is useless against it and TDSSkiller can't seem to clean in entirely. Please help me. Here is the TDSSkiller log and Malwarebytes log: 14:50:31.0328 3580 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 14:50:33.0328 3580 ============================================================ 14:50:33.0328 3580 Current date / time: 2012/05/04 14:50:33.0328 14:50:33.0328 3580 SystemInfo: 14:50:33.0328 3580 14:50:33.0328 3580 OS Version: 5.1.2600 ServicePack: 3.0 14:50:33.0328 3580 Product type: Workstation 14:50:33.0328 3580 ComputerName: DELL-F68667BFA2 14:50:33.0328 3580 UserName: Administrator 14:50:33.0328 3580 Windows directory: C:\WINDOWS 14:50:33.0328 3580 System windows directory: C:\WINDOWS 14:50:33.0328 3580 Processor architecture: Intel x86 14:50:33.0328 3580 Number of processors: 2 14:50:33.0328 3580 Page size: 0x1000 14:50:33.0328 3580 Boot type: Normal boot 14:50:33.0328 3580 ============================================================ 14:50:35.0906 3580 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 14:50:35.0921 3580 Drive \Device\Harddisk1\DR2 - Size: 0x3D3D2200 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 14:50:35.0921 3580 ============================================================ 14:50:35.0921 3580 \Device\Harddisk0\DR0: 14:50:35.0921 3580 MBR partitions: 14:50:35.0921 3580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F 14:50:35.0921 3580 \Device\Harddisk1\DR2: 14:50:35.0921 3580 MBR partitions: 14:50:35.0921 3580 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xE, StartLBA 0x3F, BlocksNum 0x1E9E52 14:50:35.0921 3580 ============================================================ 14:50:35.0937 3580 C: <-> \Device\Harddisk0\DR0\Partition0 14:50:35.0937 3580 ============================================================ 14:50:35.0937 3580 Initialize success 14:50:35.0937 3580 ============================================================ 14:50:38.0390 2508 ============================================================ 14:50:38.0390 2508 Scan started 14:50:38.0390 2508 Mode: Manual; 14:50:38.0390 2508 ============================================================ 14:50:39.0093 2508 Abiosdsk - ok 14:50:39.0109 2508 abp480n5 - ok 14:50:39.0156 2508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 14:50:39.0171 2508 ACPI - ok 14:50:39.0203 2508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 14:50:39.0203 2508 ACPIEC - ok 14:50:39.0265 2508 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 14:50:39.0281 2508 AdobeFlashPlayerUpdateSvc - ok 14:50:39.0281 2508 adpu160m - ok 14:50:39.0312 2508 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys 14:50:39.0328 2508 aeaudio - ok 14:50:39.0343 2508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 14:50:39.0343 2508 aec - ok 14:50:39.0468 2508 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 14:50:39.0500 2508 AFD - ok 14:50:39.0765 2508 AffinegyService (7e077309910ce334c3b2b7b8665a55c4) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe 14:50:39.0781 2508 AffinegyService - ok 14:50:39.0796 2508 AFGMp50 - ok 14:50:39.0812 2508 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys 14:50:39.0812 2508 AFGSp50 - ok 14:50:39.0812 2508 Aha154x - ok 14:50:39.0828 2508 aic78u2 - ok 14:50:39.0828 2508 aic78xx - ok 14:50:39.0859 2508 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 14:50:39.0859 2508 Alerter - ok 14:50:39.0875 2508 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 14:50:39.0890 2508 ALG - ok 14:50:39.0890 2508 AliIde - ok 14:50:39.0890 2508 amsint - ok 14:50:39.0921 2508 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 14:50:39.0937 2508 AppMgmt - ok 14:50:39.0937 2508 asc - ok 14:50:39.0937 2508 asc3350p - ok 14:50:39.0953 2508 asc3550 - ok 14:50:39.0984 2508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 14:50:39.0984 2508 AsyncMac - ok 14:50:40.0015 2508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 14:50:40.0015 2508 atapi - ok 14:50:40.0015 2508 Atdisk - ok 14:50:40.0046 2508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 14:50:40.0046 2508 Atmarpc - ok 14:50:40.0078 2508 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 14:50:40.0078 2508 AudioSrv - ok 14:50:40.0109 2508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 14:50:40.0109 2508 audstub - ok 14:50:40.0156 2508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 14:50:40.0156 2508 Beep - ok 14:50:40.0203 2508 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 14:50:40.0250 2508 BITS - ok 14:50:40.0281 2508 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 14:50:40.0281 2508 Browser - ok 14:50:40.0375 2508 catchme - ok 14:50:40.0421 2508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 14:50:40.0421 2508 cbidf2k - ok 14:50:40.0421 2508 cd20xrnt - ok 14:50:40.0468 2508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 14:50:40.0468 2508 Cdaudio - ok 14:50:40.0500 2508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 14:50:40.0500 2508 Cdfs - ok 14:50:40.0546 2508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 14:50:40.0546 2508 Cdrom - ok 14:50:40.0546 2508 cerc6 - ok 14:50:40.0562 2508 Changer - ok 14:50:40.0578 2508 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 14:50:40.0578 2508 CiSvc - ok 14:50:40.0593 2508 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 14:50:40.0609 2508 ClipSrv - ok 14:50:40.0609 2508 CmdIde - ok 14:50:40.0609 2508 COMSysApp - ok 14:50:40.0625 2508 Cpqarray - ok 14:50:40.0656 2508 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 14:50:40.0671 2508 CryptSvc - ok 14:50:40.0671 2508 dac2w2k - ok 14:50:40.0671 2508 dac960nt - ok 14:50:40.0734 2508 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 14:50:40.0750 2508 DcomLaunch - ok 14:50:40.0796 2508 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 14:50:40.0796 2508 Dhcp - ok 14:50:40.0812 2508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 14:50:40.0812 2508 Disk - ok 14:50:40.0828 2508 dmadmin - ok 14:50:40.0906 2508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 14:50:40.0921 2508 dmboot - ok 14:50:40.0968 2508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 14:50:40.0968 2508 dmio - ok 14:50:40.0984 2508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 14:50:40.0984 2508 dmload - ok 14:50:41.0015 2508 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 14:50:41.0015 2508 dmserver - ok 14:50:41.0046 2508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 14:50:41.0062 2508 DMusic - ok 14:50:41.0093 2508 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 14:50:41.0093 2508 Dnscache - ok 14:50:41.0140 2508 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 14:50:41.0140 2508 Dot3svc - ok 14:50:41.0140 2508 dpti2o - ok 14:50:41.0171 2508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 14:50:41.0171 2508 drmkaud - ok 14:50:41.0218 2508 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys 14:50:41.0218 2508 E100B - ok 14:50:41.0250 2508 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 14:50:41.0250 2508 EapHost - ok 14:50:41.0265 2508 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 14:50:41.0265 2508 ERSvc - ok 14:50:41.0312 2508 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 14:50:41.0343 2508 Eventlog - ok 14:50:41.0406 2508 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 14:50:41.0406 2508 EventSystem - ok 14:50:41.0468 2508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 14:50:41.0468 2508 Fastfat - ok 14:50:41.0515 2508 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 14:50:41.0531 2508 FastUserSwitchingCompatibility - ok 14:50:41.0578 2508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 14:50:41.0578 2508 Fdc - ok 14:50:41.0578 2508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 14:50:41.0578 2508 Fips - ok 14:50:41.0625 2508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 14:50:41.0625 2508 Flpydisk - ok 14:50:41.0656 2508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 14:50:41.0671 2508 FltMgr - ok 14:50:41.0703 2508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 14:50:41.0703 2508 Fs_Rec - ok 14:50:41.0734 2508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 14:50:41.0734 2508 Ftdisk - ok 14:50:41.0750 2508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 14:50:41.0750 2508 Gpc - ok 14:50:41.0828 2508 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 14:50:41.0828 2508 helpsvc - ok 14:50:41.0859 2508 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 14:50:41.0859 2508 HidServ - ok 14:50:41.0906 2508 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 14:50:41.0906 2508 hidusb - ok 14:50:41.0937 2508 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 14:50:41.0937 2508 hkmsvc - ok 14:50:41.0937 2508 hpn - ok 14:50:42.0000 2508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 14:50:42.0000 2508 HTTP - ok 14:50:42.0046 2508 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 14:50:42.0046 2508 HTTPFilter - ok 14:50:42.0046 2508 i2omgmt - ok 14:50:42.0062 2508 i2omp - ok 14:50:42.0093 2508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys 14:50:42.0093 2508 i8042prt - ok 14:50:42.0171 2508 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 14:50:42.0187 2508 ialm - ok 14:50:42.0234 2508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 14:50:42.0234 2508 Imapi - ok 14:50:42.0265 2508 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 14:50:42.0281 2508 ImapiService - ok 14:50:42.0296 2508 ini910u - ok 14:50:42.0312 2508 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 14:50:42.0312 2508 IntelIde - ok 14:50:42.0359 2508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 14:50:42.0359 2508 intelppm - ok 14:50:42.0437 2508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 14:50:42.0437 2508 Ip6Fw - ok 14:50:42.0468 2508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 14:50:42.0468 2508 IpFilterDriver - ok 14:50:42.0484 2508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 14:50:42.0484 2508 IpInIp - ok 14:50:42.0500 2508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 14:50:42.0515 2508 IpNat - ok 14:50:42.0562 2508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 14:50:42.0562 2508 IPSec - ok 14:50:42.0609 2508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 14:50:42.0609 2508 IRENUM - ok 14:50:42.0656 2508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 14:50:42.0656 2508 isapnp - ok 14:50:42.0734 2508 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe 14:50:42.0750 2508 JavaQuickStarterService - ok 14:50:42.0796 2508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 14:50:42.0796 2508 Kbdclass - ok 14:50:42.0828 2508 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 14:50:42.0828 2508 kbdhid - ok 14:50:42.0859 2508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 14:50:42.0859 2508 kmixer - ok 14:50:42.0906 2508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 14:50:42.0906 2508 KSecDD - ok 14:50:42.0968 2508 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 14:50:42.0968 2508 LanmanServer - ok 14:50:43.0015 2508 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 14:50:43.0031 2508 lanmanworkstation - ok 14:50:43.0031 2508 lbrtfdc - ok 14:50:43.0078 2508 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 14:50:43.0078 2508 LmHosts - ok 14:50:43.0156 2508 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe 14:50:43.0171 2508 McciCMService - ok 14:50:43.0203 2508 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 14:50:43.0203 2508 Messenger - ok 14:50:43.0234 2508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 14:50:43.0234 2508 mnmdd - ok 14:50:43.0281 2508 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 14:50:43.0281 2508 mnmsrvc - ok 14:50:43.0328 2508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 14:50:43.0328 2508 Modem - ok 14:50:43.0375 2508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 14:50:43.0375 2508 Mouclass - ok 14:50:43.0406 2508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 14:50:43.0406 2508 mouhid - ok 14:50:43.0406 2508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 14:50:43.0406 2508 MountMgr - ok 14:50:43.0421 2508 mraid35x - ok 14:50:43.0421 2508 MREMPR5 - ok 14:50:43.0437 2508 MRENDIS5 - ok 14:50:43.0437 2508 MRESP50 - ok 14:50:43.0453 2508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 14:50:43.0453 2508 MRxDAV - ok 14:50:43.0484 2508 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 14:50:43.0484 2508 MSDTC - ok 14:50:43.0531 2508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 14:50:43.0531 2508 Msfs - ok 14:50:43.0531 2508 MSIServer - ok 14:50:43.0593 2508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 14:50:43.0593 2508 MSKSSRV - ok 14:50:43.0609 2508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 14:50:43.0609 2508 MSPCLOCK - ok 14:50:43.0625 2508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 14:50:43.0625 2508 MSPQM - ok 14:50:43.0656 2508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 14:50:43.0656 2508 mssmbios - ok 14:50:43.0687 2508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 14:50:43.0703 2508 Mup - ok 14:50:43.0750 2508 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 14:50:43.0765 2508 napagent - ok 14:50:43.0796 2508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 14:50:43.0796 2508 NDIS - ok 14:50:43.0843 2508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 14:50:43.0843 2508 NdisTapi - ok 14:50:43.0875 2508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 14:50:43.0875 2508 Ndisuio - ok 14:50:43.0921 2508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 14:50:43.0921 2508 NdisWan - ok 14:50:43.0968 2508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 14:50:43.0968 2508 NDProxy - ok 14:50:44.0015 2508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 14:50:44.0015 2508 NetBIOS - ok 14:50:44.0031 2508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 14:50:44.0031 2508 NetBT - ok 14:50:44.0078 2508 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 14:50:44.0093 2508 NetDDE - ok 14:50:44.0093 2508 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 14:50:44.0093 2508 NetDDEdsdm - ok 14:50:44.0125 2508 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 14:50:44.0125 2508 Netlogon - ok 14:50:44.0171 2508 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 14:50:44.0187 2508 Netman - ok 14:50:44.0234 2508 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 14:50:44.0250 2508 Nla - ok 14:50:44.0296 2508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 14:50:44.0296 2508 Npfs - ok 14:50:44.0359 2508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 14:50:44.0375 2508 Ntfs - ok 14:50:44.0375 2508 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 14:50:44.0390 2508 NtLmSsp - ok 14:50:44.0453 2508 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 14:50:44.0468 2508 NtmsSvc - ok 14:50:44.0500 2508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 14:50:44.0500 2508 Null - ok 14:50:44.0546 2508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 14:50:44.0546 2508 NwlnkFlt - ok 14:50:44.0578 2508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 14:50:44.0578 2508 NwlnkFwd - ok 14:50:44.0640 2508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 14:50:44.0640 2508 Parport - ok 14:50:44.0671 2508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 14:50:44.0687 2508 PartMgr - ok 14:50:44.0718 2508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 14:50:44.0718 2508 ParVdm - ok 14:50:44.0750 2508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 14:50:44.0750 2508 PCI - ok 14:50:44.0750 2508 PCIDump - ok 14:50:44.0750 2508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 14:50:44.0765 2508 PCIIde - ok 14:50:44.0781 2508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 14:50:44.0796 2508 Pcmcia - ok 14:50:44.0796 2508 PDCOMP - ok 14:50:44.0796 2508 PDFRAME - ok 14:50:44.0812 2508 PDRELI - ok 14:50:44.0812 2508 PDRFRAME - ok 14:50:44.0828 2508 perc2 - ok 14:50:44.0828 2508 perc2hib - ok 14:50:44.0890 2508 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 14:50:44.0890 2508 PlugPlay - ok 14:50:44.0890 2508 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 14:50:44.0890 2508 PolicyAgent - ok 14:50:44.0937 2508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 14:50:44.0937 2508 PptpMiniport - ok 14:50:44.0937 2508 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 14:50:44.0937 2508 ProtectedStorage - ok 14:50:44.0953 2508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 14:50:44.0953 2508 PSched - ok 14:50:45.0000 2508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 14:50:45.0000 2508 Ptilink - ok 14:50:45.0000 2508 ql1080 - ok 14:50:45.0015 2508 Ql10wnt - ok 14:50:45.0015 2508 ql12160 - ok 14:50:45.0015 2508 ql1240 - ok 14:50:45.0031 2508 ql1280 - ok 14:50:45.0046 2508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 14:50:45.0046 2508 RasAcd - ok 14:50:45.0078 2508 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 14:50:45.0078 2508 RasAuto - ok 14:50:45.0109 2508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 14:50:45.0109 2508 Rasl2tp - ok 14:50:45.0140 2508 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 14:50:45.0140 2508 RasMan - ok 14:50:45.0156 2508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 14:50:45.0171 2508 RasPppoe - ok 14:50:45.0171 2508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 14:50:45.0171 2508 Raspti - ok 14:50:45.0218 2508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 14:50:45.0234 2508 Rdbss - ok 14:50:45.0234 2508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 14:50:45.0234 2508 RDPCDD - ok 14:50:45.0281 2508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 14:50:45.0296 2508 rdpdr - ok 14:50:45.0359 2508 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 14:50:45.0359 2508 RDPWD - ok 14:50:45.0406 2508 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 14:50:45.0421 2508 RDSessMgr - ok 14:50:45.0453 2508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 14:50:45.0453 2508 redbook - ok 14:50:45.0484 2508 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 14:50:45.0500 2508 RemoteAccess - ok 14:50:45.0531 2508 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 14:50:45.0531 2508 RemoteRegistry - ok 14:50:45.0562 2508 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 14:50:45.0562 2508 RpcLocator - ok 14:50:45.0640 2508 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 14:50:45.0656 2508 RpcSs - ok 14:50:45.0687 2508 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 14:50:45.0703 2508 RSVP - ok 14:50:45.0734 2508 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 14:50:45.0734 2508 SamSs - ok 14:50:45.0781 2508 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 14:50:45.0781 2508 SCardSvr - ok 14:50:45.0828 2508 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 14:50:45.0843 2508 Schedule - ok 14:50:45.0843 2508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 14:50:45.0859 2508 Secdrv - ok 14:50:45.0890 2508 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 14:50:45.0890 2508 seclogon - ok 14:50:45.0906 2508 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 14:50:45.0906 2508 SENS - ok 14:50:45.0953 2508 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 14:50:45.0953 2508 serenum - ok 14:50:45.0953 2508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 14:50:45.0953 2508 Serial - ok 14:50:45.0968 2508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 14:50:45.0968 2508 Sfloppy - ok 14:50:46.0031 2508 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 14:50:46.0046 2508 SharedAccess - ok 14:50:46.0078 2508 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 14:50:46.0078 2508 ShellHWDetection - ok 14:50:46.0078 2508 Simbad - ok 14:50:46.0140 2508 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys 14:50:46.0171 2508 smwdm - ok 14:50:46.0171 2508 Sparrow - ok 14:50:46.0187 2508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 14:50:46.0187 2508 splitter - ok 14:50:46.0234 2508 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 14:50:46.0234 2508 Spooler - ok 14:50:46.0281 2508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 14:50:46.0281 2508 sr - ok 14:50:46.0296 2508 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 14:50:46.0312 2508 srservice - ok 14:50:46.0359 2508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 14:50:46.0375 2508 Srv - ok 14:50:46.0421 2508 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 14:50:46.0421 2508 SSDPSRV - ok 14:50:46.0484 2508 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 14:50:46.0500 2508 stisvc - ok 14:50:46.0546 2508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 14:50:46.0546 2508 swenum - ok 14:50:46.0593 2508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 14:50:46.0593 2508 swmidi - ok 14:50:46.0609 2508 SwPrv - ok 14:50:46.0609 2508 symc810 - ok 14:50:46.0625 2508 symc8xx - ok 14:50:46.0625 2508 sym_hi - ok 14:50:46.0640 2508 sym_u3 - ok 14:50:46.0671 2508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 14:50:46.0671 2508 sysaudio - ok 14:50:46.0703 2508 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 14:50:46.0718 2508 SysmonLog - ok 14:50:46.0765 2508 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 14:50:46.0781 2508 TapiSrv - ok 14:50:46.0843 2508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 14:50:46.0859 2508 Tcpip - ok 14:50:46.0906 2508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 14:50:46.0906 2508 TDPIPE - ok 14:50:46.0921 2508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 14:50:46.0921 2508 TDTCP - ok 14:50:46.0937 2508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 14:50:46.0937 2508 TermDD - ok 14:50:46.0984 2508 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 14:50:47.0000 2508 TermService - ok 14:50:47.0031 2508 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 14:50:47.0046 2508 Themes - ok 14:50:47.0078 2508 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 14:50:47.0078 2508 TlntSvr - ok 14:50:47.0078 2508 TosIde - ok 14:50:47.0125 2508 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 14:50:47.0125 2508 TrkWks - ok 14:50:47.0140 2508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 14:50:47.0140 2508 Udfs - ok 14:50:47.0140 2508 ultra - ok 14:50:47.0203 2508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 14:50:47.0218 2508 Update - ok 14:50:47.0265 2508 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 14:50:47.0281 2508 upnphost - ok 14:50:47.0296 2508 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 14:50:47.0296 2508 UPS - ok 14:50:47.0343 2508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 14:50:47.0343 2508 usbccgp - ok 14:50:47.0390 2508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 14:50:47.0390 2508 usbehci - ok 14:50:47.0437 2508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 14:50:47.0437 2508 usbhub - ok 14:50:47.0484 2508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 14:50:47.0484 2508 USBSTOR - ok 14:50:47.0515 2508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 14:50:47.0515 2508 usbuhci - ok 14:50:47.0515 2508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 14:50:47.0531 2508 VgaSave - ok 14:50:47.0531 2508 ViaIde - ok 14:50:47.0562 2508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 14:50:47.0562 2508 VolSnap - ok 14:50:47.0625 2508 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 14:50:47.0671 2508 VSS - ok 14:50:47.0718 2508 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 14:50:47.0734 2508 W32Time - ok 14:50:47.0765 2508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 14:50:47.0781 2508 Wanarp - ok 14:50:47.0781 2508 WDICA - ok 14:50:47.0828 2508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 14:50:47.0828 2508 wdmaud - ok 14:50:47.0843 2508 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 14:50:47.0843 2508 WebClient - ok 14:50:47.0921 2508 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 14:50:47.0921 2508 winmgmt - ok 14:50:47.0968 2508 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 14:50:47.0968 2508 WmdmPmSN - ok 14:50:48.0031 2508 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 14:50:48.0062 2508 Wmi - ok 14:50:48.0109 2508 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 14:50:48.0109 2508 WmiApSrv - ok 14:50:48.0265 2508 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 14:50:48.0281 2508 WMPNetworkSvc - ok 14:50:48.0343 2508 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 14:50:48.0343 2508 WS2IFSL - ok 14:50:48.0390 2508 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 14:50:48.0390 2508 wscsvc - ok 14:50:48.0437 2508 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 14:50:48.0437 2508 wuauserv - ok 14:50:48.0484 2508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 14:50:48.0484 2508 WudfPf - ok 14:50:48.0515 2508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 14:50:48.0515 2508 WudfRd - ok 14:50:48.0546 2508 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 14:50:48.0546 2508 WudfSvc - ok 14:50:48.0625 2508 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 14:50:48.0656 2508 WZCSVC - ok 14:50:48.0687 2508 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 14:50:48.0703 2508 xmlprov - ok 14:50:48.0796 2508 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 14:50:48.0812 2508 YahooAUService - ok 14:50:48.0843 2508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 14:50:49.0062 2508 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning 14:50:49.0062 2508 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1) 14:50:49.0062 2508 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2 14:51:02.0406 2508 \Device\Harddisk1\DR2 - ok 14:51:02.0421 2508 Boot (0x1200) (3bd81cf09614750ef348b6d1e704e296) \Device\Harddisk0\DR0\Partition0 14:51:02.0421 2508 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - infected 14:51:02.0421 2508 \Device\Harddisk0\DR0\Partition0 - detected Rootkit.Boot.Cidox.b (0) 14:51:02.0421 2508 Boot (0x1200) (a6658a23e6d69224c6aae2da45606274) \Device\Harddisk1\DR2\Partition0 14:51:02.0437 2508 \Device\Harddisk1\DR2\Partition0 - ok 14:51:02.0437 2508 ============================================================ 14:51:02.0437 2508 Scan finished 14:51:02.0437 2508 ============================================================ 14:51:02.0437 1484 Detected object count: 2 14:51:02.0437 1484 Actual detected object count: 2 14:51:50.0953 1484 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user 14:51:50.0953 1484 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip 14:51:50.0984 1484 \Device\Harddisk0\DR0\Partition0 - copied to quarantine 14:51:51.0000 1484 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot 14:51:51.0000 1484 \Device\Harddisk0\DR0\Partition0 - ok 14:51:51.0000 1484 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - User select action: Cure 14:57:09.0578 2524 Deinitialize success Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.04.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: DELL-F68667BFA2 [administrator] 5/4/2012 2:57:49 PM mbam-log-2012-05-04 (14-57-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 176224 Time elapsed: 4 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  2. My PC managed to get a nasty bug that would redirect all web access, wouldn't allow me to open task manager, deleted Malwarebytes, wouldn't allow access to programs in my start menu or my C drive, and would pop up a window that said I was infected, among other things. I managed to install and run Malwarebytes and ESET in safe mode but neither found anything. I can install TDSSKiller.exe but it will not execute. Any help would be appreciated. Below is the most recent Malwarebytes log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6701 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/28/2011 11:20:42 AM mbam-log-2011-05-28 (11-20-42).txt Scan type: Quick scan Objects scanned: 268558 Time elapsed: 3 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. Sorry to keep bothering you. There is one lingering effect that I can't seem to get corrected. Something is happening to turn off my automatic updates approximately every 15 minutes and Windows Security Center pops up in the lower right saying that I might not be fully protected because automatic updates have been turned off. How do I fix this so that it's always on? And why does it keep shutting off?
  4. Thank you so much. Everything seems to be functioning properly. I'll let you know if I have any other issues regarding this fix.
  5. latest ComboFix log: ComboFix 10-12-20.01 - branch202 12/20/2010 12:27:32.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3543.2823 [GMT -6:00] Running from: c:\documents and settings\Branch202\Desktop\Combo-Fix.exe AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Oeminfo.ini . ((((((((((((((((((((((((( Files Created from 2010-11-20 to 2010-12-20 ))))))))))))))))))))))))))))))) . 2010-12-20 16:00 . 2010-12-20 16:00 -------- d-----w- c:\documents and settings\Branch202\Local Settings\Application Data\Adobe 2010-12-19 02:58 . 2010-12-19 03:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-12-17 20:19 . 2010-12-17 20:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-12-17 20:17 . 2010-12-17 20:17 0 ----a-w- c:\windows\Axolihiki.bin 2010-12-17 15:40 . 2010-12-17 15:40 -------- d-----w- c:\documents and settings\Branch201\Application Data\yoclient 2010-12-10 18:08 . 2010-12-10 18:08 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2010-12-10 18:08 . 2010-12-10 18:08 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache 2010-12-02 13:17 . 2010-12-01 14:57 -------- d-----w- c:\documents and settings\Branch201\Application Data\HP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-08 19:12 . 2010-04-14 15:08 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-12-08 19:11 . 2010-04-14 15:08 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2010-12-08 19:11 . 2010-04-14 15:08 29568 ----a-w- c:\windows\system32\LMIport.dll 2010-12-08 19:11 . 2010-04-14 15:08 87424 ----a-w- c:\windows\system32\LMIinit.dll 2010-11-29 23:42 . 2010-09-08 17:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-29 23:42 . 2010-09-08 17:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-30 15:10 . 2010-04-14 15:08 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2010-09-30 15:10 . 2010-04-14 15:08 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak . ((((((((((((((((((((((((((((( SnapShot@2010-12-20_15.46.56 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-20 17:30 . 2010-12-20 17:30 16384 c:\windows\Temp\Perflib_Perfdata_2d0.dat + 2009-04-06 14:51 . 2010-12-20 17:36 72050 c:\windows\system32\perfc009.dat - 2009-04-06 14:51 . 2010-12-20 15:46 72050 c:\windows\system32\perfc009.dat + 2009-04-06 14:51 . 2010-12-20 17:36 443918 c:\windows\system32\perfh009.dat - 2009-04-06 14:51 . 2010-12-20 15:46 443918 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872] "picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696] "RTHDCPL"="RTHDCPL.EXE" [2009-07-03 18665472] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048] "MVIClientEngineController"="c:\program files\MVi\Client Engine\ClientPostSvcController.exe" [2008-09-15 196608] "MViRCS"="c:\program files\MVi\RCS\rcs.exe" [2010-01-06 868352] "ESDUSBMon.exe"="c:\windows\system32\ESDUSBMon.exe" [2005-05-27 188416] "MVIHotKey"="c:\program files\MVi\Hotkey\MVI_HotKey.exe" [2010-02-10 442368] c:\documents and settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-4-9 221247] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2010-12-08 19:11 87424 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 9:10 AM 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 2:09 PM 12856] R2 MVi Client Engine;MVi Client Engine;c:\program files\MVi\Client Engine\ClientEngine.exe [9/17/2008 12:59 PM 122880] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [1/19/2010 6:35 PM 635416] R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 10:09 PM 11032] R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\SAAZOD\SAAZDPMACTL.exe [6/13/2009 10:33 AM 81920] R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\SAAZOD\SAAZRemoteSupport.exe [6/4/2009 10:49 AM 73728] R2 SAAZScheduler;SAAZScheduler;c:\progra~1\SAAZOD\SAAZScheduler.exe [4/5/2010 1:19 PM 77824] R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\SAAZOD\SAAZServerPlus.exe [4/30/2009 6:46 PM 77824] R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\SAAZOD\SAAZWatchDog.exe [6/4/2009 10:51 AM 81920] R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 6:48 PM 116416] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [1/19/2010 6:30 PM 2066968] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [1/19/2010 7:19 PM 149600] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/3/2010 7:22 PM 102448] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/18/2007 11:46 AM 44800] S2 0066661269268390mcinstcleanup;McAfee Application Installer Cleanup (0066661269268390);c:\docume~1\ADMINI~1\LOCALS~1\Temp\006666~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\006666~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] --- Other Services/Drivers In Memory --- *Deregistered* - klmd25 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: {35C78FE6-06D2-488A-96C9-85F0E6A15281} = 10.8.2.8,10.8.1.8 DPF: {737B4809-A1B0-4A96-82AC-124040809EF1} - hxxp://suite.cu08/shared/BranchUtil.CAB DPF: {9CF59D67-FABF-43BB-885B-68E9D6D340F0} - hxxp://suite.cu08/shared/SummitCSCS.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-20 12:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1236) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Completion time: 2010-12-20 12:31:54 ComboFix-quarantined-files.txt 2010-12-20 18:31 ComboFix2.txt 2010-12-20 15:51 Pre-Run: 141,412,642,816 bytes free Post-Run: 141,414,428,672 bytes free - - End Of File - - 0BD5C1EE0E4EE097B2749A26EE591EF9
  6. Didn't find anything this time around. Was able to turn on automatic updates without any problem. 2010/12/20 12:06:09.0479 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2010/12/20 12:06:09.0479 ================================================================================ 2010/12/20 12:06:09.0479 SystemInfo: 2010/12/20 12:06:09.0479 2010/12/20 12:06:09.0479 OS Version: 5.1.2600 ServicePack: 3.0 2010/12/20 12:06:09.0479 Product type: Workstation 2010/12/20 12:06:09.0479 ComputerName: BRANCH208 2010/12/20 12:06:09.0479 UserName: branch202 2010/12/20 12:06:09.0479 Windows directory: C:\windows 2010/12/20 12:06:09.0479 System windows directory: C:\windows 2010/12/20 12:06:09.0479 Processor architecture: Intel x86 2010/12/20 12:06:09.0479 Number of processors: 2 2010/12/20 12:06:09.0479 Page size: 0x1000 2010/12/20 12:06:09.0479 Boot type: Normal boot 2010/12/20 12:06:09.0479 ================================================================================ 2010/12/20 12:06:09.0682 Initialize success 2010/12/20 12:06:12.0682 ================================================================================ 2010/12/20 12:06:12.0682 Scan started 2010/12/20 12:06:12.0682 Mode: Manual; 2010/12/20 12:06:12.0682 ================================================================================ 2010/12/20 12:06:13.0276 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\windows\system32\drivers\ac97intc.sys 2010/12/20 12:06:13.0307 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys 2010/12/20 12:06:13.0339 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys 2010/12/20 12:06:13.0386 adpu160m (9a11864873da202c996558b2106b0bbc) C:\windows\system32\DRIVERS\adpu160m.sys 2010/12/20 12:06:13.0417 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\windows\system32\DRIVERS\adpu320.sys 2010/12/20 12:06:13.0448 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys 2010/12/20 12:06:13.0511 AFD (7e775010ef291da96ad17ca4b17137d7) C:\windows\System32\drivers\afd.sys 2010/12/20 12:06:13.0573 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\windows\system32\DRIVERS\aic78u2.sys 2010/12/20 12:06:13.0589 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\windows\system32\DRIVERS\aic78xx.sys 2010/12/20 12:06:13.0745 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys 2010/12/20 12:06:13.0792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys 2010/12/20 12:06:13.0823 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys 2010/12/20 12:06:13.0870 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys 2010/12/20 12:06:13.0886 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys 2010/12/20 12:06:13.0948 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys 2010/12/20 12:06:13.0979 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys 2010/12/20 12:06:14.0011 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys 2010/12/20 12:06:14.0073 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys 2010/12/20 12:06:14.0167 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys 2010/12/20 12:06:14.0292 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys 2010/12/20 12:06:14.0354 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys 2010/12/20 12:06:14.0432 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys 2010/12/20 12:06:14.0464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys 2010/12/20 12:06:14.0479 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys 2010/12/20 12:06:14.0526 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\windows\system32\DRIVERS\dpti2o.sys 2010/12/20 12:06:14.0589 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys 2010/12/20 12:06:14.0620 E100B (3fca03cbca11269f973b70fa483c88ef) C:\windows\system32\DRIVERS\e100b325.sys 2010/12/20 12:06:14.0682 e1kexpress (90700eb149c8ee9fd8f61821e7d4b8fe) C:\windows\system32\DRIVERS\e1k5132.sys 2010/12/20 12:06:14.0792 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/12/20 12:06:14.0839 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2010/12/20 12:06:14.0964 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys 2010/12/20 12:06:15.0011 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys 2010/12/20 12:06:15.0026 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys 2010/12/20 12:06:15.0057 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys 2010/12/20 12:06:15.0073 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys 2010/12/20 12:06:15.0104 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys 2010/12/20 12:06:15.0120 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys 2010/12/20 12:06:15.0167 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys 2010/12/20 12:06:15.0214 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys 2010/12/20 12:06:15.0261 HECI (88a67c34e37186665e916fd347b50d19) C:\windows\system32\DRIVERS\HECI.sys 2010/12/20 12:06:15.0292 HidBatt (748031ff4fe45ccc47546294905feab8) C:\windows\system32\DRIVERS\HidBatt.sys 2010/12/20 12:06:15.0323 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys 2010/12/20 12:06:15.0354 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys 2010/12/20 12:06:15.0432 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys 2010/12/20 12:06:15.0448 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\windows\system32\DRIVERS\i81xnt5.sys 2010/12/20 12:06:15.0479 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\windows\system32\DRIVERS\wADV01nt.sys 2010/12/20 12:06:15.0495 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\windows\system32\DRIVERS\wADV02NT.sys 2010/12/20 12:06:15.0511 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\windows\system32\DRIVERS\wADV05NT.sys 2010/12/20 12:06:15.0526 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\windows\system32\DRIVERS\wSiINTxx.sys 2010/12/20 12:06:15.0542 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\windows\system32\DRIVERS\wVchNTxx.sys 2010/12/20 12:06:15.0589 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\windows\system32\DRIVERS\wADV07nt.sys 2010/12/20 12:06:15.0604 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\windows\system32\DRIVERS\wADV08nt.sys 2010/12/20 12:06:15.0620 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\windows\system32\DRIVERS\wADV09nt.sys 2010/12/20 12:06:15.0667 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\windows\system32\DRIVERS\wATV01nt.sys 2010/12/20 12:06:15.0682 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\windows\system32\DRIVERS\wATV02NT.sys 2010/12/20 12:06:15.0682 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\windows\system32\DRIVERS\wATV04nt.sys 2010/12/20 12:06:15.0714 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\windows\system32\DRIVERS\wCh7xxNT.sys 2010/12/20 12:06:15.0729 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\windows\system32\DRIVERS\wATV10nt.sys 2010/12/20 12:06:15.0745 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\windows\system32\DRIVERS\wATV06nt.sys 2010/12/20 12:06:15.0870 ialm (d0190bbb1b577589548aba94e66d6838) C:\windows\system32\DRIVERS\igxpmp32.sys 2010/12/20 12:06:16.0011 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys 2010/12/20 12:06:16.0042 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\windows\system32\DRIVERS\IFXTPM.SYS 2010/12/20 12:06:16.0089 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys 2010/12/20 12:06:16.0198 IntcAzAudAddService (744a7507d7a69a2a54638b8e5b630c0b) C:\windows\system32\drivers\RtkHDAud.sys 2010/12/20 12:06:16.0245 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\windows\system32\DRIVERS\intelide.sys 2010/12/20 12:06:16.0276 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys 2010/12/20 12:06:16.0276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys 2010/12/20 12:06:16.0307 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys 2010/12/20 12:06:16.0323 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys 2010/12/20 12:06:16.0370 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys 2010/12/20 12:06:16.0401 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys 2010/12/20 12:06:16.0417 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys 2010/12/20 12:06:16.0495 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys 2010/12/20 12:06:16.0526 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\windows\system32\drivers\iviaspi.sys 2010/12/20 12:06:16.0557 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys 2010/12/20 12:06:16.0604 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys 2010/12/20 12:06:16.0651 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys 2010/12/20 12:06:16.0682 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys 2010/12/20 12:06:16.0823 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 2010/12/20 12:06:16.0917 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\windows\system32\drivers\LMIRfsDriver.sys 2010/12/20 12:06:16.0979 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\windows\system32\drivers\MfeAVFK.sys 2010/12/20 12:06:16.0995 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\windows\system32\drivers\MfeBOPK.sys 2010/12/20 12:06:17.0026 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\windows\system32\drivers\mfehidk.sys 2010/12/20 12:06:17.0057 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\windows\system32\drivers\MfeRKDK.sys 2010/12/20 12:06:17.0089 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys 2010/12/20 12:06:17.0120 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys 2010/12/20 12:06:17.0167 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys 2010/12/20 12:06:17.0214 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys 2010/12/20 12:06:17.0245 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys 2010/12/20 12:06:17.0292 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys 2010/12/20 12:06:17.0323 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys 2010/12/20 12:06:17.0370 MRxSmb (f3aefb11abc521122b67095044169e98) C:\windows\system32\DRIVERS\mrxsmb.sys 2010/12/20 12:06:17.0401 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys 2010/12/20 12:06:17.0432 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys 2010/12/20 12:06:17.0464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys 2010/12/20 12:06:17.0479 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys 2010/12/20 12:06:17.0511 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys 2010/12/20 12:06:17.0542 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys 2010/12/20 12:06:17.0651 NAL (d02734423b59b3ac14cdfe91e9665ff0) C:\WINDOWS\system32\Drivers\iqvw32.sys 2010/12/20 12:06:17.0761 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101220.002\naveng.sys 2010/12/20 12:06:17.0807 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101220.002\navex15.sys 2010/12/20 12:06:17.0917 NDIS (8716356e49a665bdc7b114725b60a456) C:\windows\system32\drivers\NDIS.sys 2010/12/20 12:06:17.0948 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys 2010/12/20 12:06:17.0979 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys 2010/12/20 12:06:18.0026 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\windows\system32\DRIVERS\ndiswan.sys 2010/12/20 12:06:18.0057 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys 2010/12/20 12:06:18.0089 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys 2010/12/20 12:06:18.0120 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys 2010/12/20 12:06:18.0167 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys 2010/12/20 12:06:18.0214 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys 2010/12/20 12:06:18.0276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys 2010/12/20 12:06:18.0323 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys 2010/12/20 12:06:18.0339 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys 2010/12/20 12:06:18.0386 P3 (c90018bafdc7098619a4a95b046b30f3) C:\windows\system32\DRIVERS\p3.sys 2010/12/20 12:06:18.0417 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys 2010/12/20 12:06:18.0448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys 2010/12/20 12:06:18.0495 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys 2010/12/20 12:06:18.0511 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys 2010/12/20 12:06:18.0542 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys 2010/12/20 12:06:18.0589 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys 2010/12/20 12:06:18.0776 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys 2010/12/20 12:06:18.0807 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys 2010/12/20 12:06:18.0839 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys 2010/12/20 12:06:18.0917 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys 2010/12/20 12:06:18.0932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys 2010/12/20 12:06:18.0979 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys 2010/12/20 12:06:19.0011 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys 2010/12/20 12:06:19.0042 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys 2010/12/20 12:06:19.0073 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys 2010/12/20 12:06:19.0120 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys 2010/12/20 12:06:19.0167 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys 2010/12/20 12:06:19.0245 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys 2010/12/20 12:06:19.0276 regi (001b4278407f4303efc902a2b16f2453) C:\windows\system32\drivers\regi.sys 2010/12/20 12:06:19.0417 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys 2010/12/20 12:06:19.0432 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys 2010/12/20 12:06:19.0542 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys 2010/12/20 12:06:19.0604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys 2010/12/20 12:06:19.0620 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys 2010/12/20 12:06:19.0667 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys 2010/12/20 12:06:19.0807 SPBBCDrv (ef9760a364d836a0ce6149ebdf71524d) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2010/12/20 12:06:19.0854 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys 2010/12/20 12:06:19.0886 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys 2010/12/20 12:06:19.0948 Srv (0f6aefad3641a657e18081f52d0c15af) C:\windows\system32\DRIVERS\srv.sys 2010/12/20 12:06:19.0979 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys 2010/12/20 12:06:19.0995 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys 2010/12/20 12:06:20.0042 symc810 (1ff3217614018630d0a6758630fc698c) C:\windows\system32\DRIVERS\symc810.sys 2010/12/20 12:06:20.0057 symc8xx (070e001d95cf725186ef8b20335f933c) C:\windows\system32\DRIVERS\symc8xx.sys 2010/12/20 12:06:20.0089 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2010/12/20 12:06:20.0120 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\windows\system32\DRIVERS\symmpi.sys 2010/12/20 12:06:20.0167 SYMREDRV (626f733be7f951116c5c0804b068666c) C:\windows\System32\Drivers\SYMREDRV.SYS 2010/12/20 12:06:20.0198 SYMTDI (cb7cc4ddbe09e224d4cd876760ba982c) C:\windows\System32\Drivers\SYMTDI.SYS 2010/12/20 12:06:20.0229 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\windows\system32\DRIVERS\sym_hi.sys 2010/12/20 12:06:20.0245 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\windows\system32\DRIVERS\sym_u3.sys 2010/12/20 12:06:20.0292 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys 2010/12/20 12:06:20.0354 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys 2010/12/20 12:06:20.0386 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys 2010/12/20 12:06:20.0401 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys 2010/12/20 12:06:20.0448 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys 2010/12/20 12:06:20.0511 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys 2010/12/20 12:06:20.0620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys 2010/12/20 12:06:20.0667 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys 2010/12/20 12:06:20.0714 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys 2010/12/20 12:06:20.0745 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys 2010/12/20 12:06:20.0776 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys 2010/12/20 12:06:20.0823 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS 2010/12/20 12:06:20.0870 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys 2010/12/20 12:06:20.0917 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys 2010/12/20 12:06:20.0964 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\windows\system32\DRIVERS\viaide.sys 2010/12/20 12:06:20.0995 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys 2010/12/20 12:06:21.0057 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys 2010/12/20 12:06:21.0104 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys 2010/12/20 12:06:21.0182 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\windows\system32\DRIVERS\wmiacpi.sys 2010/12/20 12:06:21.0229 ================================================================================ 2010/12/20 12:06:21.0229 Scan finished 2010/12/20 12:06:21.0229 ================================================================================ 2010/12/20 12:06:49.0991 Deinitialize success
  7. ran TDSSKiller (log below). After choosing "reboot" when it was done, it took almost 20 minutes for my computer to shut down. It also would lock up when I tried to turn "automatic updates" on. Had to turn firewall back on after restart. 2010/12/20 11:13:14.0652 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2010/12/20 11:13:14.0652 ================================================================================ 2010/12/20 11:13:14.0652 SystemInfo: 2010/12/20 11:13:14.0652 2010/12/20 11:13:14.0652 OS Version: 5.1.2600 ServicePack: 3.0 2010/12/20 11:13:14.0652 Product type: Workstation 2010/12/20 11:13:14.0652 ComputerName: BRANCH208 2010/12/20 11:13:14.0652 UserName: branch202 2010/12/20 11:13:14.0652 Windows directory: C:\windows 2010/12/20 11:13:14.0652 System windows directory: C:\windows 2010/12/20 11:13:14.0652 Processor architecture: Intel x86 2010/12/20 11:13:14.0652 Number of processors: 2 2010/12/20 11:13:14.0652 Page size: 0x1000 2010/12/20 11:13:14.0652 Boot type: Normal boot 2010/12/20 11:13:14.0652 ================================================================================ 2010/12/20 11:13:14.0761 Initialize success 2010/12/20 11:13:32.0290 ================================================================================ 2010/12/20 11:13:32.0290 Scan started 2010/12/20 11:13:32.0290 Mode: Manual; 2010/12/20 11:13:32.0290 ================================================================================ 2010/12/20 11:13:32.0633 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\windows\system32\drivers\ac97intc.sys 2010/12/20 11:13:32.0665 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys 2010/12/20 11:13:32.0712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys 2010/12/20 11:13:32.0727 adpu160m (9a11864873da202c996558b2106b0bbc) C:\windows\system32\DRIVERS\adpu160m.sys 2010/12/20 11:13:32.0743 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\windows\system32\DRIVERS\adpu320.sys 2010/12/20 11:13:32.0774 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys 2010/12/20 11:13:32.0821 AFD (7e775010ef291da96ad17ca4b17137d7) C:\windows\System32\drivers\afd.sys 2010/12/20 11:13:32.0868 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\windows\system32\DRIVERS\aic78u2.sys 2010/12/20 11:13:32.0883 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\windows\system32\DRIVERS\aic78xx.sys 2010/12/20 11:13:32.0993 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys 2010/12/20 11:13:33.0024 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys 2010/12/20 11:13:33.0055 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys 2010/12/20 11:13:33.0102 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys 2010/12/20 11:13:33.0149 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys 2010/12/20 11:13:33.0196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys 2010/12/20 11:13:33.0227 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys 2010/12/20 11:13:33.0274 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys 2010/12/20 11:13:33.0305 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys 2010/12/20 11:13:33.0415 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys 2010/12/20 11:13:33.0524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys 2010/12/20 11:13:33.0571 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys 2010/12/20 11:13:33.0633 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys 2010/12/20 11:13:33.0664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys 2010/12/20 11:13:33.0696 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys 2010/12/20 11:13:33.0743 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\windows\system32\DRIVERS\dpti2o.sys 2010/12/20 11:13:33.0789 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys 2010/12/20 11:13:33.0836 E100B (3fca03cbca11269f973b70fa483c88ef) C:\windows\system32\DRIVERS\e100b325.sys 2010/12/20 11:13:33.0883 e1kexpress (90700eb149c8ee9fd8f61821e7d4b8fe) C:\windows\system32\DRIVERS\e1k5132.sys 2010/12/20 11:13:33.0993 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/12/20 11:13:34.0039 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2010/12/20 11:13:34.0149 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys 2010/12/20 11:13:34.0196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys 2010/12/20 11:13:34.0227 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys 2010/12/20 11:13:34.0243 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys 2010/12/20 11:13:34.0274 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys 2010/12/20 11:13:34.0305 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys 2010/12/20 11:13:34.0321 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys 2010/12/20 11:13:34.0383 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys 2010/12/20 11:13:34.0414 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys 2010/12/20 11:13:34.0461 HECI (88a67c34e37186665e916fd347b50d19) C:\windows\system32\DRIVERS\HECI.sys 2010/12/20 11:13:34.0492 HidBatt (748031ff4fe45ccc47546294905feab8) C:\windows\system32\DRIVERS\HidBatt.sys 2010/12/20 11:13:34.0508 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys 2010/12/20 11:13:34.0571 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys 2010/12/20 11:13:34.0649 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys 2010/12/20 11:13:34.0664 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\windows\system32\DRIVERS\i81xnt5.sys 2010/12/20 11:13:34.0711 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\windows\system32\DRIVERS\wADV01nt.sys 2010/12/20 11:13:34.0727 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\windows\system32\DRIVERS\wADV02NT.sys 2010/12/20 11:13:34.0742 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\windows\system32\DRIVERS\wADV05NT.sys 2010/12/20 11:13:34.0774 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\windows\system32\DRIVERS\wSiINTxx.sys 2010/12/20 11:13:34.0789 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\windows\system32\DRIVERS\wVchNTxx.sys 2010/12/20 11:13:34.0867 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\windows\system32\DRIVERS\wADV07nt.sys 2010/12/20 11:13:34.0883 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\windows\system32\DRIVERS\wADV08nt.sys 2010/12/20 11:13:34.0899 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\windows\system32\DRIVERS\wADV09nt.sys 2010/12/20 11:13:34.0946 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\windows\system32\DRIVERS\wATV01nt.sys 2010/12/20 11:13:34.0977 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\windows\system32\DRIVERS\wATV02NT.sys 2010/12/20 11:13:35.0008 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\windows\system32\DRIVERS\wATV04nt.sys 2010/12/20 11:13:35.0024 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\windows\system32\DRIVERS\wCh7xxNT.sys 2010/12/20 11:13:35.0055 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\windows\system32\DRIVERS\wATV10nt.sys 2010/12/20 11:13:35.0086 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\windows\system32\DRIVERS\wATV06nt.sys 2010/12/20 11:13:35.0227 ialm (d0190bbb1b577589548aba94e66d6838) C:\windows\system32\DRIVERS\igxpmp32.sys 2010/12/20 11:13:35.0399 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys 2010/12/20 11:13:35.0430 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\windows\system32\DRIVERS\IFXTPM.SYS 2010/12/20 11:13:35.0477 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys 2010/12/20 11:13:35.0633 IntcAzAudAddService (744a7507d7a69a2a54638b8e5b630c0b) C:\windows\system32\drivers\RtkHDAud.sys 2010/12/20 11:13:35.0711 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\windows\system32\DRIVERS\intelide.sys 2010/12/20 11:13:35.0727 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys 2010/12/20 11:13:35.0774 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys 2010/12/20 11:13:35.0789 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys 2010/12/20 11:13:35.0805 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys 2010/12/20 11:13:35.0836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys 2010/12/20 11:13:35.0899 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys 2010/12/20 11:13:35.0914 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys 2010/12/20 11:13:35.0977 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys 2010/12/20 11:13:36.0024 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\windows\system32\drivers\iviaspi.sys 2010/12/20 11:13:36.0070 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys 2010/12/20 11:13:36.0102 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys 2010/12/20 11:13:36.0148 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys 2010/12/20 11:13:36.0180 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys 2010/12/20 11:13:36.0320 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 2010/12/20 11:13:36.0398 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\windows\system32\drivers\LMIRfsDriver.sys 2010/12/20 11:13:36.0445 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\windows\system32\drivers\MfeAVFK.sys 2010/12/20 11:13:36.0461 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\windows\system32\drivers\MfeBOPK.sys 2010/12/20 11:13:36.0523 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\windows\system32\drivers\mfehidk.sys 2010/12/20 11:13:36.0570 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\windows\system32\drivers\MfeRKDK.sys 2010/12/20 11:13:36.0602 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys 2010/12/20 11:13:36.0633 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys 2010/12/20 11:13:36.0664 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys 2010/12/20 11:13:36.0711 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys 2010/12/20 11:13:36.0742 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys 2010/12/20 11:13:36.0805 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys 2010/12/20 11:13:36.0852 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys 2010/12/20 11:13:36.0930 MRxSmb (f3aefb11abc521122b67095044169e98) C:\windows\system32\DRIVERS\mrxsmb.sys 2010/12/20 11:13:36.0961 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys 2010/12/20 11:13:36.0976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys 2010/12/20 11:13:37.0023 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys 2010/12/20 11:13:37.0086 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys 2010/12/20 11:13:37.0148 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys 2010/12/20 11:13:37.0164 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys 2010/12/20 11:13:37.0226 NAL (d02734423b59b3ac14cdfe91e9665ff0) C:\WINDOWS\system32\Drivers\iqvw32.sys 2010/12/20 11:13:37.0336 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101220.002\naveng.sys 2010/12/20 11:13:37.0383 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101220.002\navex15.sys 2010/12/20 11:13:37.0508 NDIS (8716356e49a665bdc7b114725b60a456) C:\windows\system32\drivers\NDIS.sys 2010/12/20 11:13:37.0570 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys 2010/12/20 11:13:37.0601 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys 2010/12/20 11:13:37.0633 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\windows\system32\DRIVERS\ndiswan.sys 2010/12/20 11:13:37.0711 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys 2010/12/20 11:13:37.0758 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys 2010/12/20 11:13:37.0773 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys 2010/12/20 11:13:37.0820 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys 2010/12/20 11:13:37.0867 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys 2010/12/20 11:13:37.0914 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys 2010/12/20 11:13:37.0945 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys 2010/12/20 11:13:37.0961 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys 2010/12/20 11:13:38.0008 P3 (c90018bafdc7098619a4a95b046b30f3) C:\windows\system32\DRIVERS\p3.sys 2010/12/20 11:13:38.0039 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys 2010/12/20 11:13:38.0070 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys 2010/12/20 11:13:38.0101 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys 2010/12/20 11:13:38.0117 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys 2010/12/20 11:13:38.0164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys 2010/12/20 11:13:38.0211 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys 2010/12/20 11:13:38.0398 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys 2010/12/20 11:13:38.0414 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys 2010/12/20 11:13:38.0461 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys 2010/12/20 11:13:38.0586 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys 2010/12/20 11:13:38.0601 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys 2010/12/20 11:13:38.0632 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys 2010/12/20 11:13:38.0664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys 2010/12/20 11:13:38.0695 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys 2010/12/20 11:13:38.0726 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys 2010/12/20 11:13:38.0757 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys 2010/12/20 11:13:38.0804 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys 2010/12/20 11:13:38.0867 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys 2010/12/20 11:13:38.0914 regi (001b4278407f4303efc902a2b16f2453) C:\windows\system32\drivers\regi.sys 2010/12/20 11:13:39.0039 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys 2010/12/20 11:13:39.0070 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys 2010/12/20 11:13:39.0179 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys 2010/12/20 11:13:39.0226 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys 2010/12/20 11:13:39.0242 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys 2010/12/20 11:13:39.0273 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys 2010/12/20 11:13:39.0414 SPBBCDrv (ef9760a364d836a0ce6149ebdf71524d) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2010/12/20 11:13:39.0523 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys 2010/12/20 11:13:39.0554 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys 2010/12/20 11:13:39.0617 Srv (0f6aefad3641a657e18081f52d0c15af) C:\windows\system32\DRIVERS\srv.sys 2010/12/20 11:13:39.0648 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys 2010/12/20 11:13:39.0664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys 2010/12/20 11:13:39.0726 symc810 (1ff3217614018630d0a6758630fc698c) C:\windows\system32\DRIVERS\symc810.sys 2010/12/20 11:13:39.0742 symc8xx (070e001d95cf725186ef8b20335f933c) C:\windows\system32\DRIVERS\symc8xx.sys 2010/12/20 11:13:39.0789 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2010/12/20 11:13:39.0820 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\windows\system32\DRIVERS\symmpi.sys 2010/12/20 11:13:39.0867 SYMREDRV (626f733be7f951116c5c0804b068666c) C:\windows\System32\Drivers\SYMREDRV.SYS 2010/12/20 11:13:39.0898 SYMTDI (cb7cc4ddbe09e224d4cd876760ba982c) C:\windows\System32\Drivers\SYMTDI.SYS 2010/12/20 11:13:39.0929 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\windows\system32\DRIVERS\sym_hi.sys 2010/12/20 11:13:39.0976 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\windows\system32\DRIVERS\sym_u3.sys 2010/12/20 11:13:40.0007 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys 2010/12/20 11:13:40.0101 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys 2010/12/20 11:13:40.0148 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys 2010/12/20 11:13:40.0163 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys 2010/12/20 11:13:40.0195 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys 2010/12/20 11:13:40.0257 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys 2010/12/20 11:13:40.0367 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys 2010/12/20 11:13:40.0398 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys 2010/12/20 11:13:40.0429 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys 2010/12/20 11:13:40.0460 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys 2010/12/20 11:13:40.0492 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys 2010/12/20 11:13:40.0523 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS 2010/12/20 11:13:40.0570 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys 2010/12/20 11:13:40.0617 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys 2010/12/20 11:13:40.0648 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\windows\system32\DRIVERS\viaide.sys 2010/12/20 11:13:40.0679 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys 2010/12/20 11:13:40.0726 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys 2010/12/20 11:13:40.0773 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys 2010/12/20 11:13:40.0851 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\windows\system32\DRIVERS\wmiacpi.sys 2010/12/20 11:13:40.0898 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/12/20 11:13:40.0898 ================================================================================ 2010/12/20 11:13:40.0898 Scan finished 2010/12/20 11:13:40.0898 ================================================================================ 2010/12/20 11:13:40.0913 Detected object count: 1 2010/12/20 11:14:14.0314 \HardDisk0 - will be cured after reboot 2010/12/20 11:14:14.0314 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2010/12/20 11:14:22.0798 Deinitialize success
  8. Auto-Protect has popped up with "Trojan.FakeAV!gen32". Said there were 57 counts and were cleaned by deletion. I'm guessing this is indicative of persisting problems.
  9. After ComboFix, computer restarted in normal mode and hasn't had any additional popups or symptoms although I haven't used it extensively yet. Here is the ComboFix log: ComboFix 10-12-19.03 - branch202 12/20/2010 9:35.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3543.3117 [GMT -6:00] Running from: c:\documents and settings\Branch202\Desktop\Combo-Fix.exe AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\bIkAj06511 c:\documents and settings\All Users\Application Data\bIkAj06511\bIkAj06511 c:\documents and settings\All Users\Application Data\bIkAj06511\bIkAj06511.exe c:\documents and settings\Branch201\Application Data\Adobe\AdobeUpdate .exe c:\documents and settings\Branch201\Application Data\Adobe\plugs c:\documents and settings\Branch201\Local Settings\Application Data\{31CFFDD0-1C70-4326-AA5A-7C8A98070E27} c:\documents and settings\Branch201\Local Settings\Application Data\{31CFFDD0-1C70-4326-AA5A-7C8A98070E27}\chrome.manifest c:\documents and settings\Branch201\Local Settings\Application Data\{31CFFDD0-1C70-4326-AA5A-7C8A98070E27}\chrome\content\_cfg.js c:\documents and settings\Branch201\Local Settings\Application Data\{31CFFDD0-1C70-4326-AA5A-7C8A98070E27}\chrome\content\overlay.xul c:\documents and settings\Branch201\Local Settings\Application Data\{31CFFDD0-1C70-4326-AA5A-7C8A98070E27}\install.rdf c:\documents and settings\Branch201\Start Menu\Programs\HDD Tools c:\documents and settings\Branch201\Start Menu\Programs\HDD Tools\HDD Tools.lnk c:\documents and settings\Branch201\Start Menu\Programs\HDD Tools\Uninstall HDD Tools.lnk c:\documents and settings\Branch201\Start Menu\Programs\System Tool c:\documents and settings\Branch201\Start Menu\Programs\System Tool\System Tool 2011.lnk c:\documents and settings\jbarnett\Desktop\Internet Explorer.lnk c:\documents and settings\jbarnett\g2mdlhlpx.exe c:\windows\isalidarexowex.dll c:\windows\system32\Drivers\uiiojlvl.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_axsdku ((((((((((((((((((((((((( Files Created from 2010-11-20 to 2010-12-20 ))))))))))))))))))))))))))))))) . 2010-12-19 02:58 . 2010-12-19 03:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-12-17 20:19 . 2010-12-17 20:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-12-17 20:17 . 2010-12-17 20:17 0 ----a-w- c:\windows\Axolihiki.bin 2010-12-17 15:40 . 2010-12-17 15:40 -------- d-----w- c:\documents and settings\Branch201\Application Data\yoclient 2010-12-10 18:08 . 2010-12-10 18:08 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2010-12-10 18:08 . 2010-12-10 18:08 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache 2010-12-02 13:17 . 2010-12-01 14:57 -------- d-----w- c:\documents and settings\Branch201\Application Data\HP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-08 19:12 . 2010-04-14 15:08 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-12-08 19:11 . 2010-04-14 15:08 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2010-12-08 19:11 . 2010-04-14 15:08 29568 ----a-w- c:\windows\system32\LMIport.dll 2010-12-08 19:11 . 2010-04-14 15:08 87424 ----a-w- c:\windows\system32\LMIinit.dll 2010-11-29 23:42 . 2010-09-08 17:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-29 23:42 . 2010-09-08 17:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-30 15:10 . 2010-04-14 15:08 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2010-09-30 15:10 . 2010-04-14 15:08 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872] "picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696] "RTHDCPL"="RTHDCPL.EXE" [2009-07-03 18665472] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048] "MVIClientEngineController"="c:\program files\MVi\Client Engine\ClientPostSvcController.exe" [2008-09-15 196608] "MViRCS"="c:\program files\MVi\RCS\rcs.exe" [2010-01-06 868352] "ESDUSBMon.exe"="c:\windows\system32\ESDUSBMon.exe" [2005-05-27 188416] "MVIHotKey"="c:\program files\MVi\Hotkey\MVI_HotKey.exe" [2010-02-10 442368] c:\documents and settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-4-9 221247] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2010-12-08 19:11 87424 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 9:10 AM 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 2:09 PM 12856] R2 MVi Client Engine;MVi Client Engine;c:\program files\MVi\Client Engine\ClientEngine.exe [9/17/2008 12:59 PM 122880] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [1/19/2010 6:35 PM 635416] R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 10:09 PM 11032] R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\SAAZOD\SAAZDPMACTL.exe [6/13/2009 10:33 AM 81920] R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\SAAZOD\SAAZRemoteSupport.exe [6/4/2009 10:49 AM 73728] R2 SAAZScheduler;SAAZScheduler;c:\progra~1\SAAZOD\SAAZScheduler.exe [4/5/2010 1:19 PM 77824] R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\SAAZOD\SAAZServerPlus.exe [4/30/2009 6:46 PM 77824] R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\SAAZOD\SAAZWatchDog.exe [6/4/2009 10:51 AM 81920] R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 6:48 PM 116416] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [1/19/2010 6:30 PM 2066968] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [1/19/2010 7:19 PM 149600] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/3/2010 7:22 PM 102448] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/18/2007 11:46 AM 44800] S2 0066661269268390mcinstcleanup;McAfee Application Installer Cleanup (0066661269268390);c:\docume~1\ADMINI~1\LOCALS~1\Temp\006666~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\006666~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: {35C78FE6-06D2-488A-96C9-85F0E6A15281} = 10.8.2.8,10.8.1.8 DPF: {737B4809-A1B0-4A96-82AC-124040809EF1} - hxxp://suite.cu08/shared/BranchUtil.CAB DPF: {9CF59D67-FABF-43BB-885B-68E9D6D340F0} - hxxp://suite.cu08/shared/SummitCSCS.CAB . - - - - ORPHANS REMOVED - - - - HKLM-Run-Lhewuxujabowixa - c:\windows\isalidarexowex.dll MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-20 09:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST316031 rev.HP34 -> Harddisk0\DR0 -> \Device\Ide\iaStor0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A7F3555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a7f97b0]; MOV EAX, [0x8a7f982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A821030] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000071[0x8A80C910] 5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A7D8028] \Driver\iaStor[0x8A7D6860] -> IRP_MJ_CREATE -> 0x8A7F3555 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; } detected disk devices: \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST3160318AS_____________________________HP34____#4&603d60d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user != kernel MBR !!! error: Read The request could not be performed because of an I/O device error. Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1232) c:\windows\system32\WININET.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'lsass.exe'(1292) c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3980) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\windows\system32\EpStsSrv.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\Intel\AMT\LMS.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\progra~1\SAAZOD\RMHLPDSK.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\program files\mvi\control\RCSListener.exe c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe c:\progra~1\SAAZOD\RMIP.exe . ************************************************************************** . Completion time: 2010-12-20 09:51:56 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-20 15:51 Pre-Run: 141,324,619,776 bytes free Post-Run: 141,486,997,504 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\windows [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\windows="Disk 0 Partition 1 Windows Installation" - - End Of File - - 5055828219D40FA45623BC29FBAA17CD
  10. New MBAM log in Safe Mode: Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5345 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 12/17/2010 5:54:14 PM mbam-log-2010-12-17 (17-54-14).txt Scan type: Quick scan Objects scanned: 242982 Time elapsed: 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  11. System Tool 2011 popped up on my computer and is not creating chaos. it wouldn't allow me to open task manager and when I would connect to the internet, it would slow and eventually freeze. Won't fully restart now. How do I get this thing off my computer?? Please help. here is the MBAM log: Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5345 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 12/17/2010 3:32:56 PM mbam-log-2010-12-17 (15-32-56).txt Scan type: Quick scan Objects scanned: 242533 Time elapsed: 3 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:documents and settingsbranch201Desktoperr.log659723094 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:documents and settingsbranch201local settingsTemphrihhetfwo.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. c:documents and settingsbranch201local settingsTempxinxiryfkf.dll (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. c:windowserfsht80.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. c:documents and settingsbranch201application dataAdobeplugskb659767907.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:documents and settingsbranch201application dataAdobeplugskb659808985.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:documents and settingsbranch201Desktopsystem tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.
  12. Disregard. It turns out some update to Yahoo toolbar was causing the disruption and not something malicious.
  13. Exlorer opened fine yesterday but now when I try to open it, it immediately crashes and pops up the windown saying that "Internet Explorer has encountered a problem and needs to close". When I try to reopen explorer, it attempts to recover the page and begings an endless cycle of crashing and attempting to recover. Have not seen any other signs of malicious infection yet but... It should be noted that my computer is connected through a network to others who have had System Tool 2011 show up in the past 48 hours. Below is the MBAM log and any help or suggestions would be greatly appreciated. Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5319 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/15/2010 9:16:22 AM mbam-log-2010-12-15 (09-16-22).txt Scan type: Quick scan Objects scanned: 198100 Time elapsed: 3 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: c:\documents and settings\troyvandyke\start menu\Programs\disk doctor (Rogue.DiskDoctor) -> Quarantined and deleted successfully. Files Infected: c:\documents and settings\troyvandyke\start menu\Programs\disk doctor\uninstall disk doctor.lnk (Rogue.DiskDoctor) -> Quarantined and deleted successfully. c:\documents and settings\troyvandyke\start menu\Programs\disk doctor\disk doctor.lnk (Rogue.DiskDoctor) -> Quarantined and deleted successfully.
  14. here are the next two logs! : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4704 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/27/2010 12:19:30 PM mbam-log-2010-09-27 (12-19-30).txt Scan type: Quick scan Objects scanned: 225408 Time elapsed: 4 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ESET log: C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP238\A0018976.dll Win32/Olmarik.ADF trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP238\A0018977.dll Win32/Olmarik.ADF trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP245\A0022946.dll probably a variant of Win32/Adware.Gamevance.AG application cleaned by deleting - quarantined
  15. here is the TDSSKiller log, followed by the ComboFix log: 2010/09/27 10:17:35.0616 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/27 10:17:35.0616 ================================================================================ 2010/09/27 10:17:35.0616 SystemInfo: 2010/09/27 10:17:35.0616 2010/09/27 10:17:35.0616 OS Version: 5.1.2600 ServicePack: 3.0 2010/09/27 10:17:35.0616 Product type: Workstation 2010/09/27 10:17:35.0616 ComputerName: BRANCH201 2010/09/27 10:17:35.0616 UserName: troyvandyke 2010/09/27 10:17:35.0616 Windows directory: C:\windows 2010/09/27 10:17:35.0616 System windows directory: C:\windows 2010/09/27 10:17:35.0616 Processor architecture: Intel x86 2010/09/27 10:17:35.0616 Number of processors: 2 2010/09/27 10:17:35.0616 Page size: 0x1000 2010/09/27 10:17:35.0616 Boot type: Normal boot 2010/09/27 10:17:35.0616 ================================================================================ 2010/09/27 10:17:35.0741 Initialize success 2010/09/27 10:17:39.0679 ================================================================================ 2010/09/27 10:17:39.0679 Scan started 2010/09/27 10:17:39.0679 Mode: Manual; 2010/09/27 10:17:39.0679 ================================================================================ 2010/09/27 10:17:40.0226 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\windows\system32\drivers\ac97intc.sys 2010/09/27 10:17:40.0288 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys 2010/09/27 10:17:40.0320 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys 2010/09/27 10:17:40.0351 adpu160m (9a11864873da202c996558b2106b0bbc) C:\windows\system32\DRIVERS\adpu160m.sys 2010/09/27 10:17:40.0382 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\windows\system32\DRIVERS\adpu320.sys 2010/09/27 10:17:40.0413 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys 2010/09/27 10:17:40.0445 AFD (7e775010ef291da96ad17ca4b17137d7) C:\windows\System32\drivers\afd.sys 2010/09/27 10:17:40.0492 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\windows\system32\DRIVERS\aic78u2.sys 2010/09/27 10:17:40.0507 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\windows\system32\DRIVERS\aic78xx.sys 2010/09/27 10:17:40.0632 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys 2010/09/27 10:17:40.0679 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys 2010/09/27 10:17:40.0726 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys 2010/09/27 10:17:40.0773 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys 2010/09/27 10:17:40.0820 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys 2010/09/27 10:17:40.0992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys 2010/09/27 10:17:41.0070 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys 2010/09/27 10:17:41.0117 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys 2010/09/27 10:17:41.0117 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys 2010/09/27 10:17:41.0195 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys 2010/09/27 10:17:41.0273 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys 2010/09/27 10:17:41.0335 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys 2010/09/27 10:17:41.0429 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys 2010/09/27 10:17:41.0429 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys 2010/09/27 10:17:41.0460 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys 2010/09/27 10:17:41.0507 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\windows\system32\DRIVERS\dpti2o.sys 2010/09/27 10:17:41.0554 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys 2010/09/27 10:17:41.0585 E100B (3fca03cbca11269f973b70fa483c88ef) C:\windows\system32\DRIVERS\e100b325.sys 2010/09/27 10:17:41.0632 e1kexpress (90700eb149c8ee9fd8f61821e7d4b8fe) C:\windows\system32\DRIVERS\e1k5132.sys 2010/09/27 10:17:41.0726 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/09/27 10:17:41.0742 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2010/09/27 10:17:41.0820 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys 2010/09/27 10:17:41.0851 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys 2010/09/27 10:17:41.0898 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys 2010/09/27 10:17:41.0913 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys 2010/09/27 10:17:41.0945 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys 2010/09/27 10:17:41.0976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys 2010/09/27 10:17:42.0007 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys 2010/09/27 10:17:42.0038 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys 2010/09/27 10:17:42.0054 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys 2010/09/27 10:17:42.0085 HECI (88a67c34e37186665e916fd347b50d19) C:\windows\system32\DRIVERS\HECI.sys 2010/09/27 10:17:42.0117 HidBatt (748031ff4fe45ccc47546294905feab8) C:\windows\system32\DRIVERS\HidBatt.sys 2010/09/27 10:17:42.0132 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys 2010/09/27 10:17:42.0195 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys 2010/09/27 10:17:42.0257 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys 2010/09/27 10:17:42.0304 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\windows\system32\DRIVERS\i81xnt5.sys 2010/09/27 10:17:42.0351 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\windows\system32\DRIVERS\wADV01nt.sys 2010/09/27 10:17:42.0367 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\windows\system32\DRIVERS\wADV02NT.sys 2010/09/27 10:17:42.0382 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\windows\system32\DRIVERS\wADV05NT.sys 2010/09/27 10:17:42.0398 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\windows\system32\DRIVERS\wSiINTxx.sys 2010/09/27 10:17:42.0413 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\windows\system32\DRIVERS\wVchNTxx.sys 2010/09/27 10:17:42.0445 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\windows\system32\DRIVERS\wADV07nt.sys 2010/09/27 10:17:42.0460 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\windows\system32\DRIVERS\wADV08nt.sys 2010/09/27 10:17:42.0492 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\windows\system32\DRIVERS\wADV09nt.sys 2010/09/27 10:17:42.0523 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\windows\system32\DRIVERS\wATV01nt.sys 2010/09/27 10:17:42.0570 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\windows\system32\DRIVERS\wATV02NT.sys 2010/09/27 10:17:42.0601 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\windows\system32\DRIVERS\wATV04nt.sys 2010/09/27 10:17:42.0632 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\windows\system32\DRIVERS\wCh7xxNT.sys 2010/09/27 10:17:42.0695 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\windows\system32\DRIVERS\wATV10nt.sys 2010/09/27 10:17:42.0726 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\windows\system32\DRIVERS\wATV06nt.sys 2010/09/27 10:17:42.0867 ialm (d0190bbb1b577589548aba94e66d6838) C:\windows\system32\DRIVERS\igxpmp32.sys 2010/09/27 10:17:43.0038 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys 2010/09/27 10:17:43.0070 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\windows\system32\DRIVERS\IFXTPM.SYS 2010/09/27 10:17:43.0085 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys 2010/09/27 10:17:43.0226 IntcAzAudAddService (744a7507d7a69a2a54638b8e5b630c0b) C:\windows\system32\drivers\RtkHDAud.sys 2010/09/27 10:17:43.0304 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\windows\system32\DRIVERS\intelide.sys 2010/09/27 10:17:43.0335 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys 2010/09/27 10:17:43.0382 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys 2010/09/27 10:17:43.0398 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys 2010/09/27 10:17:43.0413 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys 2010/09/27 10:17:43.0429 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys 2010/09/27 10:17:43.0476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys 2010/09/27 10:17:43.0523 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys 2010/09/27 10:17:43.0554 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys 2010/09/27 10:17:43.0585 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\windows\system32\drivers\iviaspi.sys 2010/09/27 10:17:43.0617 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys 2010/09/27 10:17:43.0632 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys 2010/09/27 10:17:43.0710 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys 2010/09/27 10:17:43.0757 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys 2010/09/27 10:17:43.0867 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 2010/09/27 10:17:43.0913 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\windows\system32\drivers\LMIRfsDriver.sys 2010/09/27 10:17:43.0960 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\windows\system32\drivers\MfeAVFK.sys 2010/09/27 10:17:43.0976 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\windows\system32\drivers\MfeBOPK.sys 2010/09/27 10:17:44.0023 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\windows\system32\drivers\mfehidk.sys 2010/09/27 10:17:44.0054 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\windows\system32\drivers\MfeRKDK.sys 2010/09/27 10:17:44.0101 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys 2010/09/27 10:17:44.0148 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys 2010/09/27 10:17:44.0195 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys 2010/09/27 10:17:44.0226 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys 2010/09/27 10:17:44.0257 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys 2010/09/27 10:17:44.0304 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys 2010/09/27 10:17:44.0335 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys 2010/09/27 10:17:44.0367 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\windows\system32\DRIVERS\mrxsmb.sys 2010/09/27 10:17:44.0382 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys 2010/09/27 10:17:44.0413 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys 2010/09/27 10:17:44.0429 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys 2010/09/27 10:17:44.0445 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys 2010/09/27 10:17:44.0460 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys 2010/09/27 10:17:44.0507 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys 2010/09/27 10:17:44.0554 NAL (d02734423b59b3ac14cdfe91e9665ff0) C:\WINDOWS\system32\Drivers\iqvw32.sys 2010/09/27 10:17:44.0679 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100926.003\naveng.sys 2010/09/27 10:17:44.0851 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100926.003\navex15.sys 2010/09/27 10:17:44.0913 NDIS (8716356e49a665bdc7b114725b60a456) C:\windows\system32\drivers\NDIS.sys 2010/09/27 10:17:44.0976 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys 2010/09/27 10:17:45.0007 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys 2010/09/27 10:17:45.0038 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\windows\system32\DRIVERS\ndiswan.sys 2010/09/27 10:17:45.0070 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys 2010/09/27 10:17:45.0101 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys 2010/09/27 10:17:45.0132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys 2010/09/27 10:17:45.0163 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys 2010/09/27 10:17:45.0210 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys 2010/09/27 10:17:45.0242 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys 2010/09/27 10:17:45.0273 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys 2010/09/27 10:17:45.0288 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys 2010/09/27 10:17:45.0335 P3 (c90018bafdc7098619a4a95b046b30f3) C:\windows\system32\DRIVERS\p3.sys 2010/09/27 10:17:45.0351 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys 2010/09/27 10:17:45.0398 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys 2010/09/27 10:17:45.0413 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys 2010/09/27 10:17:45.0445 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys 2010/09/27 10:17:45.0460 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys 2010/09/27 10:17:45.0476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys 2010/09/27 10:17:45.0601 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys 2010/09/27 10:17:45.0617 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys 2010/09/27 10:17:45.0632 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys 2010/09/27 10:17:45.0820 radpms (b953369c5ef43615f1bfa9cea69fc9aa) C:\windows\system32\DRIVERS\radpms.sys 2010/09/27 10:17:45.0851 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys 2010/09/27 10:17:45.0898 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys 2010/09/27 10:17:45.0913 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys 2010/09/27 10:17:45.0929 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys 2010/09/27 10:17:45.0945 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys 2010/09/27 10:17:45.0960 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys 2010/09/27 10:17:45.0992 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys 2010/09/27 10:17:46.0038 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys 2010/09/27 10:17:46.0070 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys 2010/09/27 10:17:46.0101 regi (001b4278407f4303efc902a2b16f2453) C:\windows\system32\drivers\regi.sys 2010/09/27 10:17:46.0210 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys 2010/09/27 10:17:46.0242 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys 2010/09/27 10:17:46.0320 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys 2010/09/27 10:17:46.0367 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys 2010/09/27 10:17:46.0398 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys 2010/09/27 10:17:46.0445 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys 2010/09/27 10:17:46.0601 SPBBCDrv (ef9760a364d836a0ce6149ebdf71524d) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2010/09/27 10:17:46.0679 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys 2010/09/27 10:17:46.0726 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys 2010/09/27 10:17:46.0773 Srv (89220b427890aa1dffd1a02648ae51c3) C:\windows\system32\DRIVERS\srv.sys 2010/09/27 10:17:46.0804 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys 2010/09/27 10:17:46.0804 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys 2010/09/27 10:17:46.0851 symc810 (1ff3217614018630d0a6758630fc698c) C:\windows\system32\DRIVERS\symc810.sys 2010/09/27 10:17:46.0867 symc8xx (070e001d95cf725186ef8b20335f933c) C:\windows\system32\DRIVERS\symc8xx.sys 2010/09/27 10:17:46.0898 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2010/09/27 10:17:46.0914 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\windows\system32\DRIVERS\symmpi.sys 2010/09/27 10:17:46.0945 SYMREDRV (626f733be7f951116c5c0804b068666c) C:\windows\System32\Drivers\SYMREDRV.SYS 2010/09/27 10:17:47.0007 SYMTDI (cb7cc4ddbe09e224d4cd876760ba982c) C:\windows\System32\Drivers\SYMTDI.SYS 2010/09/27 10:17:47.0039 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\windows\system32\DRIVERS\sym_hi.sys 2010/09/27 10:17:47.0054 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\windows\system32\DRIVERS\sym_u3.sys 2010/09/27 10:17:47.0085 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys 2010/09/27 10:17:47.0117 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys 2010/09/27 10:17:47.0164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys 2010/09/27 10:17:47.0179 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys 2010/09/27 10:17:47.0226 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys 2010/09/27 10:17:47.0273 TMUSB (36bc389ca632e6536b54e54103e8a0dd) C:\windows\system32\DRIVERS\TMUSBXP.SYS 2010/09/27 10:17:47.0320 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys 2010/09/27 10:17:47.0382 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys 2010/09/27 10:17:47.0429 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys 2010/09/27 10:17:47.0460 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys 2010/09/27 10:17:47.0492 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys 2010/09/27 10:17:47.0523 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys 2010/09/27 10:17:47.0570 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS 2010/09/27 10:17:47.0617 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys 2010/09/27 10:17:47.0664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys 2010/09/27 10:17:47.0695 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\windows\system32\DRIVERS\viaide.sys 2010/09/27 10:17:47.0742 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys 2010/09/27 10:17:47.0757 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys 2010/09/27 10:17:47.0789 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys 2010/09/27 10:17:47.0835 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\windows\system32\DRIVERS\wmiacpi.sys 2010/09/27 10:17:47.0867 ================================================================================ 2010/09/27 10:17:47.0867 Scan finished 2010/09/27 10:17:47.0867 ================================================================================ COMBO-FIX LOG: ComboFix 10-09-26.04 - troyvandyke 09/27/2010 10:37:09.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3543.2635 [GMT -5:00] Running from: \\fs3\FolderRedirections\troyvandyke\Desktop\Combo-Fix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((( Files Created from 2010-08-27 to 2010-09-27 ))))))))))))))))))))))))))))))) . 2010-09-21 19:23 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-09-21 19:21 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-21 19:21 . 2010-09-21 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-21 19:21 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-17 15:36 . 2010-09-17 15:36 -------- d-----w- C:\spoolerlogs 2010-09-17 15:35 . 2010-09-17 15:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-09-17 15:31 . 2010-09-17 15:31 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-27 15:23 . 2010-04-14 15:10 -------- d-----w- c:\program files\LogMeIn 2010-09-27 15:22 . 2010-03-23 19:26 -------- d-----w- c:\program files\Symantec AntiVirus 2010-09-27 15:07 . 2010-03-23 19:25 -------- d-----w- c:\program files\SAAZOD 2010-09-22 05:41 . 2010-01-20 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PDFC 2010-09-21 19:21 . 2010-05-06 17:35 -------- d-----w- c:\documents and settings\troyvandyke\Application Data\Malwarebytes 2010-09-21 19:21 . 2010-03-22 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-27 17:28 . 2010-05-10 20:52 -------- d-----w- c:\documents and settings\troyvandyke\Application Data\U3 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872] "picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696] "RTHDCPL"="RTHDCPL.EXE" [2009-07-03 18665472] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048] "MVIClientEngineController"="c:\program files\MVi\Client Engine\ClientPostSvcController.exe" [2008-09-15 196608] "MViRCS"="c:\program files\MVi\RCS\rcs.exe" [2010-01-06 868352] "ESDUSBMon.exe"="c:\windows\system32\ESDUSBMon.exe" [2005-05-27 188416] "MVIHotKey"="c:\program files\MVi\Hotkey\MVI_HotKey.exe" [2010-02-10 442368] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] c:\documents and settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-4-9 221247] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisablePersonalDirChange"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2010-06-09 21:50 87424 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\MVi\\control\\RCSListener.exe"= R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 3:09 PM 12856] R2 MVi Client Engine;MVi Client Engine;c:\program files\MVi\Client Engine\ClientEngine.exe [9/17/2008 1:59 PM 122880] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [1/19/2010 7:35 PM 635416] R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 11:09 PM 11032] R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\SAAZOD\SAAZDPMACTL.exe [6/13/2009 11:33 AM 81920] R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\SAAZOD\SAAZRemoteSupport.exe [6/4/2009 11:49 AM 73728] R2 SAAZScheduler;SAAZScheduler;c:\progra~1\SAAZOD\SAAZScheduler.exe [4/5/2010 2:53 PM 77824] R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\SAAZOD\SAAZServerPlus.exe [4/30/2009 7:46 PM 77824] R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\SAAZOD\SAAZWatchDog.exe [6/4/2009 11:51 AM 81920] R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [1/19/2010 7:30 PM 2066968] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [1/19/2010 8:19 PM 149600] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/9/2010 5:14 AM 102448] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/18/2007 12:46 PM 44800] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [8/3/2007 3:04 PM 13408] R3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\system32\drivers\TMUSBXP.SYS [4/14/2010 4:13 PM 48256] S2 0066661269268390mcinstcleanup;McAfee Application Installer Cleanup (0066661269268390);c:\docume~1\ADMINI~1\LOCALS~1\Temp\006666~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\006666~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] --- Other Services/Drivers In Memory --- *Deregistered* - klmd25 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: {35C78FE6-06D2-488A-96C9-85F0E6A15281} = 10.8.2.8,10.8.1.8 DPF: {737B4809-A1B0-4A96-82AC-124040809EF1} - hxxp://suite.cu08/shared/BranchUtil.CAB DPF: {9CF59D67-FABF-43BB-885B-68E9D6D340F0} - hxxp://suite.cu08/shared/SummitCSCS.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-27 10:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1232) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'explorer.exe'(3980) c:\windows\system32\WININET.dll c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll . Completion time: 2010-09-27 10:41:26 ComboFix-quarantined-files.txt 2010-09-27 15:41 ComboFix2.txt 2010-09-22 22:56 Pre-Run: 132,619,087,872 bytes free Post-Run: 132,615,806,976 bytes free - - End Of File - - 71CFE9150456F0053DAF33B111898A5B
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.