STiBlammo

A RootKit.0Access.H Infection.

9 posts in this topic

I'm am trying to remove this for one my parents. I'm also fairly certain their other computer is infected with the same thing so if there are any "general" instructions that can be given in parallel to specific instructions, it would help to alleviate the need for another thread after. If the general instructions are not applicable or available, I will make a new thread after the first computer is good to go.

Below is the results from dds.txt, please let me know if i should also post attach.txt.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user at 12:58:04 on 2012-04-17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.815 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\OpenOffice.org 3\program\soffice.bin
svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.ca/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ALLUpdate] "c:\program files\allplayer\ALLUpdate.exe" "sleep"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
StartupFolder: c:\docume~1\user\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{4C5DCA95-036F-48BD-811A-63E787EB3C44} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{D4162941-9308-4DDC-90D8-00C7C9A81B47} : DhcpNameServer = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2008-11-7 88192]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-16 40776]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
.
=============== Created Last 30 ================
.
2012-04-17 03:03:36 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-12 02:08:42 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-01 00:58:25 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-26 21:45:14 -------- dc----w- C:\spoolerlogs
2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-14 19:20:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:58:32.65 ===============

Share this post


Link to post
Share on other sites

Hello STiBlammo and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please post Attach.txt

Share this post


Link to post
Share on other sites

Here is the results from attach.txt:

Thank you for your time and consideration.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/29/2009 2:48:09 PM
System Uptime: 4/16/2012 8:02:55 PM (16 hours ago)
.
Motherboard: Dell Inc. | | 0D4571
Processor: Intel(R) Pentium(R) M processor 1.86GHz | Microprocessor | 1861/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 23.524 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP793: 1/29/2012 9:32:00 AM - System Checkpoint
RP794: 1/30/2012 9:48:50 AM - System Checkpoint
RP795: 1/31/2012 6:56:05 PM - System Checkpoint
RP796: 2/2/2012 12:52:30 PM - System Checkpoint
RP797: 2/3/2012 1:12:29 PM - System Checkpoint
RP798: 2/4/2012 1:35:51 PM - System Checkpoint
RP799: 2/6/2012 9:38:39 AM - System Checkpoint
RP800: 2/7/2012 6:34:40 PM - System Checkpoint
RP801: 2/8/2012 6:35:53 PM - System Checkpoint
RP802: 2/10/2012 12:54:53 PM - System Checkpoint
RP803: 2/11/2012 1:40:27 PM - System Checkpoint
RP804: 2/13/2012 12:18:38 PM - System Checkpoint
RP805: 2/14/2012 10:04:33 PM - System Checkpoint
RP806: 2/15/2012 11:56:16 AM - Software Distribution Service 3.0
RP807: 2/16/2012 12:15:16 PM - System Checkpoint
RP808: 2/17/2012 7:31:36 PM - System Checkpoint
RP809: 2/19/2012 5:29:57 PM - System Checkpoint
RP810: 2/20/2012 7:57:21 PM - System Checkpoint
RP811: 2/22/2012 10:05:52 AM - System Checkpoint
RP812: 2/23/2012 10:12:15 AM - System Checkpoint
RP813: 2/24/2012 11:21:37 AM - System Checkpoint
RP814: 2/25/2012 7:37:28 PM - System Checkpoint
RP815: 2/26/2012 8:05:07 PM - System Checkpoint
RP816: 2/28/2012 7:31:26 PM - System Checkpoint
RP817: 2/29/2012 8:12:17 PM - System Checkpoint
RP818: 3/1/2012 8:45:16 PM - System Checkpoint
RP819: 3/2/2012 9:34:14 PM - System Checkpoint
RP820: 3/3/2012 10:54:16 PM - System Checkpoint
RP821: 3/5/2012 12:25:25 PM - System Checkpoint
RP822: 3/7/2012 1:11:56 PM - System Checkpoint
RP823: 3/8/2012 2:34:40 PM - System Checkpoint
RP824: 3/9/2012 3:11:40 PM - System Checkpoint
RP825: 3/10/2012 3:57:00 PM - System Checkpoint
RP826: 3/11/2012 6:09:42 PM - System Checkpoint
RP827: 3/13/2012 12:56:00 PM - System Checkpoint
RP828: 3/14/2012 12:17:01 PM - Software Distribution Service 3.0
RP829: 3/15/2012 1:36:30 PM - System Checkpoint
RP830: 3/16/2012 1:57:59 PM - System Checkpoint
RP831: 3/17/2012 4:49:52 PM - System Checkpoint
RP832: 3/18/2012 6:51:22 PM - System Checkpoint
RP833: 3/19/2012 7:29:33 PM - System Checkpoint
RP834: 3/21/2012 1:11:07 PM - System Checkpoint
RP835: 3/22/2012 1:31:24 PM - System Checkpoint
RP836: 3/24/2012 1:08:44 PM - System Checkpoint
RP837: 3/25/2012 3:19:51 PM - System Checkpoint
RP838: 3/26/2012 4:57:50 PM - System Checkpoint
RP839: 3/27/2012 5:40:03 PM - System Checkpoint
RP840: 3/28/2012 7:55:00 PM - System Checkpoint
RP841: 3/30/2012 8:25:32 PM - System Checkpoint
RP842: 3/31/2012 9:18:28 PM - System Checkpoint
RP843: 4/1/2012 9:49:02 PM - System Checkpoint
RP844: 4/3/2012 9:21:27 AM - System Checkpoint
RP845: 4/4/2012 11:04:37 AM - System Checkpoint
RP846: 4/5/2012 12:17:43 PM - System Checkpoint
RP847: 4/6/2012 2:35:01 PM - System Checkpoint
RP848: 4/8/2012 1:11:43 PM - System Checkpoint
RP849: 4/9/2012 3:14:16 PM - System Checkpoint
RP850: 4/10/2012 5:29:02 PM - System Checkpoint
RP851: 4/11/2012 2:03:38 PM - Software Distribution Service 3.0
RP852: 4/12/2012 4:11:36 PM - System Checkpoint
RP853: 4/15/2012 8:18:28 AM - System Checkpoint
RP854: 4/16/2012 9:00:44 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
ALLConverter PRO 1.0
Ask Toolbar
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Broadcom Gigabit Integrated Controller
C-Major Audio
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG2100 series MP Drivers
Canon MG2100 series On-screen Manual
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
Conexant D110 MDC V.92 Modem
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Java Auto Updater
Java(TM) 6 Update 29
Malwarebytes Anti-Malware version 1.61.0.1400
mDriver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mLogView
MSN
MSXML 6 Service Pack 2 (KB973686)
Nero 6 Ultra Edition
OpenOffice.org 3.3
Picasa 3
PrimoPDF -- brought to you by Nitro PDF Software
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.11
WD Diagnostics
WebFldrs XP
Webshots Desktop
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows iLivid Toolbar
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The Symwsc service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The RadProbe service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The Omniinet service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The KR10I service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The Idechndr service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The Hpdskflt service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The Fsssvc service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The Entech service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The CdaD10BA service terminated with the following error: The specified module could not be found.
4/14/2012 3:47:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
4/14/2012 3:47:53 PM, error: Service Control Manager [7023] - The NEOFLTR_600_13319 service terminated with the following error: The specified module could not be found.
4/14/2012 3:47:53 PM, error: Service Control Manager [7023] - The BrPar service terminated with the following error: The specified module could not be found.
4/12/2012 8:33:02 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'mrxsmb.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/12/2012 8:32:36 AM, error: SCardSvr [610] - Smart Card Reader '' rejected IOCTL GET_ATTRIBUTE: Incorrect function.
4/12/2012 8:32:36 AM, error: SCardSvr [406] - Reader object cannot Identify Device
4/12/2012 12:08:32 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
4/11/2012 8:54:01 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'mrxsmb.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================

Share this post


Link to post
Share on other sites

You don't have any antivirus program installed, which is very very bad choice. When we finish, I will suggest you some options for free antivirus solution.

Step 1

Please uninstall the following applications:

µTorrent - It is against our policy. Take a look here.

Ask Toolbar - Bundled with many third party applications - also see this note

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Share this post


Link to post
Share on other sites

Ok, I have followed the steps above. My apologies though, I believe I mistakenly selected "Delete" for one of the detected threats.

Another point that might be important to note, before originally posting, Malwarebytes' Anti-Malware would return threats that it seemingly could not remove, I have some earlier mbam log files if desired.

TDSSKiller log (TDSSKiller.2.7.28.0_17.04.2012_14.30.50_log.txt):


14:30:50.0406 2544 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
14:30:50.0828 2544 ============================================================
14:30:50.0828 2544 Current date / time: 2012/04/17 14:30:50.0828
14:30:50.0828 2544 SystemInfo:
14:30:50.0828 2544
14:30:50.0828 2544 OS Version: 5.1.2600 ServicePack: 2.0
14:30:50.0828 2544 Product type: Workstation
14:30:50.0828 2544 ComputerName: USER-699F3BC53F
14:30:50.0828 2544 UserName: user
14:30:50.0828 2544 Windows directory: C:\WINDOWS
14:30:50.0828 2544 System windows directory: C:\WINDOWS
14:30:50.0828 2544 Processor architecture: Intel x86
14:30:50.0828 2544 Number of processors: 1
14:30:50.0828 2544 Page size: 0x1000
14:30:50.0828 2544 Boot type: Normal boot
14:30:50.0828 2544 ============================================================
14:30:53.0765 2544 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:30:53.0765 2544 \Device\Harddisk0\DR0:
14:30:53.0765 2544 MBR used
14:30:53.0765 2544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
14:30:53.0812 2544 Initialize success
14:30:53.0812 2544 ============================================================
14:31:25.0453 2316 ============================================================
14:31:25.0453 2316 Scan started
14:31:25.0453 2316 Mode: Manual; SigCheck; TDLFS;
14:31:25.0453 2316 ============================================================
14:31:26.0203 2316 61883 - ok
14:31:26.0218 2316 Abiosdsk - ok
14:31:26.0234 2316 abp480n5 - ok
14:31:26.0312 2316 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:31:26.0703 2316 ACPI - ok
14:31:26.0750 2316 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:31:26.0906 2316 ACPIEC - ok
14:31:27.0031 2316 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:31:27.0046 2316 AdobeFlashPlayerUpdateSvc - ok
14:31:27.0062 2316 adpu160m - ok
14:31:27.0109 2316 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
14:31:27.0265 2316 aec - ok
14:31:27.0468 2316 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
14:31:27.0531 2316 AFD - ok
14:31:27.0531 2316 Aha154x - ok
14:31:27.0546 2316 aic78u2 - ok
14:31:27.0562 2316 aic78xx - ok
14:31:27.0609 2316 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
14:31:27.0796 2316 Alerter - ok
14:31:27.0828 2316 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
14:31:27.0937 2316 ALG - ok
14:31:27.0953 2316 AliIde - ok
14:31:27.0968 2316 amsint - ok
14:31:28.0015 2316 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
14:31:28.0296 2316 AppMgmt - ok
14:31:28.0312 2316 asc - ok
14:31:28.0328 2316 asc3350p - ok
14:31:28.0343 2316 asc3550 - ok
14:31:28.0531 2316 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:31:28.0546 2316 aspnet_state - ok
14:31:28.0578 2316 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:31:28.0703 2316 AsyncMac - ok
14:31:28.0750 2316 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:31:28.0890 2316 atapi - ok
14:31:28.0984 2316 Atdisk - ok
14:31:29.0062 2316 Ati HotKey Poller (dfea480ee09bdeb7f51244900170e173) C:\WINDOWS\system32\Ati2evxx.exe
14:31:29.0140 2316 Ati HotKey Poller - ok
14:31:29.0218 2316 ati2mtag (2a6c99cfdc23c9c26d0e30b1c99748d4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:31:29.0421 2316 ati2mtag - ok
14:31:29.0609 2316 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:31:29.0734 2316 Atmarpc - ok
14:31:29.0781 2316 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
14:31:29.0921 2316 AudioSrv - ok
14:31:30.0000 2316 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:31:30.0140 2316 audstub - ok
14:31:30.0187 2316 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:31:30.0218 2316 b57w2k - ok
14:31:30.0250 2316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:31:30.0375 2316 Beep - ok
14:31:30.0453 2316 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
14:31:30.0609 2316 BITS - ok
14:31:30.0625 2316 blueletscoaudio - ok
14:31:30.0656 2316 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
14:31:30.0796 2316 Browser - ok
14:31:30.0828 2316 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:31:30.0984 2316 cbidf2k - ok
14:31:31.0062 2316 cd20xrnt - ok
14:31:31.0078 2316 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:31:31.0203 2316 Cdaudio - ok
14:31:31.0265 2316 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
14:31:31.0406 2316 Cdfs - ok
14:31:31.0468 2316 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:31:31.0875 2316 Cdrom - ok
14:31:31.0875 2316 Changer - ok
14:31:31.0921 2316 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
14:31:32.0046 2316 CiSvc - ok
14:31:32.0046 2316 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
14:31:32.0203 2316 ClipSrv - ok
14:31:32.0359 2316 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:31:32.0359 2316 clr_optimization_v2.0.50727_32 - ok
14:31:32.0421 2316 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:31:32.0546 2316 CmBatt - ok
14:31:32.0562 2316 CmdIde - ok
14:31:32.0578 2316 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:31:32.0718 2316 Compbatt - ok
14:31:32.0734 2316 COMSysApp - ok
14:31:32.0750 2316 Cpqarray - ok
14:31:32.0812 2316 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
14:31:32.0953 2316 CryptSvc - ok
14:31:33.0031 2316 CTSBLFX.DLL - ok
14:31:33.0046 2316 dac2w2k - ok
14:31:33.0062 2316 dac960nt - ok
14:31:33.0140 2316 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
14:31:33.0296 2316 DcomLaunch - ok
14:31:33.0328 2316 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
14:31:33.0453 2316 Dhcp - ok
14:31:33.0515 2316 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
14:31:33.0656 2316 Disk - ok
14:31:33.0671 2316 dmadmin - ok
14:31:33.0734 2316 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
14:31:33.0890 2316 dmboot - ok
14:31:33.0984 2316 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
14:31:34.0109 2316 dmio - ok
14:31:34.0156 2316 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:31:34.0296 2316 dmload - ok
14:31:34.0328 2316 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
14:31:34.0500 2316 dmserver - ok
14:31:34.0546 2316 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:31:34.0687 2316 DMusic - ok
14:31:34.0750 2316 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
14:31:34.0875 2316 Dnscache - ok
14:31:34.0890 2316 dpti2o - ok
14:31:34.0921 2316 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:31:35.0078 2316 drmkaud - ok
14:31:35.0125 2316 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
14:31:35.0234 2316 ERSvc - ok
14:31:35.0296 2316 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
14:31:35.0359 2316 Eventlog - ok
14:31:35.0531 2316 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
14:31:35.0578 2316 EventSystem - ok
14:31:35.0640 2316 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
14:31:35.0781 2316 Fastfat - ok
14:31:35.0828 2316 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
14:31:35.0937 2316 FastUserSwitchingCompatibility - ok
14:31:36.0000 2316 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
14:31:36.0140 2316 Fdc - ok
14:31:36.0156 2316 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
14:31:36.0296 2316 Fips - ok
14:31:36.0328 2316 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:31:36.0468 2316 Flpydisk - ok
14:31:36.0531 2316 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:31:36.0656 2316 FltMgr - ok
14:31:36.0750 2316 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:31:36.0750 2316 FontCache3.0.0.0 - ok
14:31:36.0796 2316 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:31:36.0921 2316 Fs_Rec - ok
14:31:36.0937 2316 FTDIBUS - ok
14:31:36.0953 2316 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:31:37.0125 2316 Ftdisk - ok
14:31:37.0156 2316 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:31:37.0296 2316 Gpc - ok
14:31:37.0406 2316 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
14:31:37.0453 2316 GTIPCI21 - ok
14:31:37.0593 2316 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:31:37.0593 2316 gupdate - ok
14:31:37.0609 2316 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:31:37.0609 2316 gupdatem - ok
14:31:37.0671 2316 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:31:37.0687 2316 gusvc - ok
14:31:37.0703 2316 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:31:37.0843 2316 helpsvc - ok
14:31:37.0937 2316 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
14:31:38.0062 2316 HidServ - ok
14:31:38.0109 2316 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:31:38.0234 2316 HidUsb - ok
14:31:38.0250 2316 hpn - ok
14:31:38.0312 2316 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
14:31:38.0406 2316 HSFHWICH - ok
14:31:38.0609 2316 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
14:31:38.0718 2316 HSF_DPV - ok
14:31:38.0812 2316 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
14:31:38.0859 2316 HTTP - ok
14:31:38.0921 2316 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
14:31:39.0046 2316 HTTPFilter - ok
14:31:39.0062 2316 i2omgmt - ok
14:31:39.0078 2316 i2omp - ok
14:31:39.0140 2316 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:31:39.0281 2316 i8042prt - ok
14:31:39.0562 2316 ialm (643162fbc619e35d3f1a90a095a5bb42) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:31:39.0671 2316 ialm - ok
14:31:39.0921 2316 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:31:39.0984 2316 idsvc - ok
14:31:40.0218 2316 IJPLMSVC (ce1ee31fff730ca975a5535d8a71af61) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
14:31:40.0218 2316 IJPLMSVC - ok
14:31:40.0343 2316 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:31:40.0687 2316 Imapi - ok
14:31:40.0750 2316 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
14:31:40.0890 2316 ImapiService - ok
14:31:40.0906 2316 ini910u - ok
14:31:40.0968 2316 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:31:41.0109 2316 IntelIde - ok
14:31:41.0156 2316 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:31:41.0296 2316 intelppm - ok
14:31:41.0390 2316 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:31:41.0546 2316 Ip6Fw - ok
14:31:41.0640 2316 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:31:41.0750 2316 IpFilterDriver - ok
14:31:41.0765 2316 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:31:41.0875 2316 IpInIp - ok
14:31:41.0921 2316 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:31:42.0046 2316 IpNat - ok
14:31:42.0093 2316 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:31:42.0234 2316 IPSec - ok
14:31:42.0359 2316 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:31:42.0468 2316 IRENUM - ok
14:31:42.0500 2316 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:31:42.0640 2316 isapnp - ok
14:31:42.0796 2316 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
14:31:42.0812 2316 JavaQuickStarterService - ok
14:31:42.0859 2316 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:31:43.0000 2316 Kbdclass - ok
14:31:43.0062 2316 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
14:31:43.0203 2316 kmixer - ok
14:31:43.0250 2316 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
14:31:43.0281 2316 KSecDD - ok
14:31:43.0468 2316 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
14:31:43.0609 2316 lanmanserver - ok
14:31:43.0640 2316 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
14:31:43.0703 2316 lanmanworkstation - ok
14:31:43.0718 2316 lbrtfdc - ok
14:31:43.0750 2316 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
14:31:43.0890 2316 LmHosts - ok
14:31:43.0953 2316 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
14:31:43.0984 2316 MBAMSwissArmy - ok
14:31:44.0093 2316 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
14:31:44.0109 2316 MDM - ok
14:31:44.0171 2316 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:31:44.0187 2316 mdmxsdk - ok
14:31:44.0234 2316 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
14:31:44.0390 2316 Messenger - ok
14:31:44.0515 2316 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:31:44.0781 2316 mnmdd - ok
14:31:44.0812 2316 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
14:31:44.0968 2316 mnmsrvc - ok
14:31:45.0031 2316 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
14:31:45.0156 2316 Modem - ok
14:31:45.0187 2316 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:31:45.0296 2316 Mouclass - ok
14:31:45.0343 2316 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:31:45.0515 2316 mouhid - ok
14:31:45.0578 2316 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
14:31:45.0703 2316 MountMgr - ok
14:31:45.0703 2316 mraid35x - ok
14:31:45.0734 2316 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:31:45.0875 2316 MRxDAV - ok
14:31:45.0953 2316 MRxSmb (8decea23eb927d87441e29377db1e661) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:31:45.0953 2316 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: 8decea23eb927d87441e29377db1e661, Fake md5: 0b0d6ea60ccf0af8a497ce64e8762590
14:31:45.0953 2316 MRxSmb ( Virus.Win32.ZAccess.k ) - infected
14:31:45.0953 2316 MRxSmb - detected Virus.Win32.ZAccess.k (0)
14:31:46.0015 2316 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
14:31:46.0140 2316 MSDTC - ok
14:31:46.0156 2316 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
14:31:46.0296 2316 Msfs - ok
14:31:46.0312 2316 MSIServer - ok
14:31:46.0375 2316 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:31:46.0531 2316 MSKSSRV - ok
14:31:46.0593 2316 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:31:46.0953 2316 MSPCLOCK - ok
14:31:46.0984 2316 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
14:31:47.0125 2316 MSPQM - ok
14:31:47.0187 2316 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:31:47.0328 2316 mssmbios - ok
14:31:47.0515 2316 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
14:31:47.0625 2316 Mup - ok
14:31:47.0687 2316 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
14:31:47.0859 2316 NDIS - ok
14:31:47.0921 2316 NdisFilt (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\dhcp.dll
14:31:47.0921 2316 NdisFilt ( Backdoor.Multi.ZAccess.gen ) - infected
14:31:47.0921 2316 NdisFilt - detected Backdoor.Multi.ZAccess.gen (0)
14:31:47.0953 2316 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:31:48.0125 2316 NdisTapi - ok
14:31:48.0156 2316 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:31:48.0312 2316 Ndisuio - ok
14:31:48.0343 2316 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:31:48.0500 2316 NdisWan - ok
14:31:48.0578 2316 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
14:31:48.0687 2316 NDProxy - ok
14:31:48.0718 2316 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:31:48.0843 2316 NetBIOS - ok
14:31:48.0890 2316 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:31:49.0031 2316 NetBT - ok
14:31:49.0078 2316 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
14:31:49.0203 2316 NetDDE - ok
14:31:49.0203 2316 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
14:31:49.0328 2316 NetDDEdsdm - ok
14:31:49.0421 2316 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:31:49.0593 2316 Netlogon - ok
14:31:49.0640 2316 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
14:31:49.0765 2316 Netman - ok
14:31:49.0906 2316 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:31:49.0906 2316 NetTcpPortSharing - ok
14:31:49.0984 2316 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
14:31:50.0046 2316 Nla - ok
14:31:50.0140 2316 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
14:31:50.0281 2316 Npfs - ok
14:31:50.0468 2316 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
14:31:50.0656 2316 Ntfs - ok
14:31:50.0703 2316 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:31:50.0828 2316 NtLmSsp - ok
14:31:50.0875 2316 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
14:31:51.0062 2316 NtmsSvc - ok
14:31:51.0187 2316 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
14:31:51.0187 2316 NuidFltr - ok
14:31:51.0203 2316 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:31:51.0343 2316 Null - ok
14:31:51.0453 2316 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:31:51.0593 2316 NwlnkFlt - ok
14:31:51.0609 2316 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:31:51.0734 2316 NwlnkFwd - ok
14:31:51.0750 2316 oracledbconsoleorcl - ok
14:31:51.0843 2316 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:31:51.0859 2316 ose - ok
14:31:51.0921 2316 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
14:31:52.0062 2316 Parport - ok
14:31:52.0093 2316 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
14:31:52.0218 2316 PartMgr - ok
14:31:52.0234 2316 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:31:52.0359 2316 ParVdm - ok
14:31:52.0375 2316 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
14:31:52.0531 2316 PCI - ok
14:31:52.0546 2316 PCIDump - ok
14:31:52.0562 2316 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
14:31:52.0687 2316 PCIIde - ok
14:31:52.0781 2316 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:31:52.0921 2316 Pcmcia - ok
14:31:52.0937 2316 PDCOMP - ok
14:31:52.0953 2316 PDFRAME - ok
14:31:52.0968 2316 PDRELI - ok
14:31:52.0984 2316 PDRFRAME - ok
14:31:53.0000 2316 perc2 - ok
14:31:53.0015 2316 perc2hib - ok
14:31:53.0093 2316 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
14:31:53.0156 2316 PlugPlay - ok
14:31:53.0187 2316 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:31:53.0296 2316 PolicyAgent - ok
14:31:53.0312 2316 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:31:53.0453 2316 PptpMiniport - ok
14:31:53.0468 2316 procmon10 - ok
14:31:53.0484 2316 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:31:53.0593 2316 ProtectedStorage - ok
14:31:53.0640 2316 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
14:31:53.0781 2316 PSched - ok
14:31:53.0812 2316 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:31:53.0937 2316 Ptilink - ok
14:31:54.0078 2316 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:31:54.0109 2316 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:31:54.0109 2316 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:31:54.0125 2316 ql1080 - ok
14:31:54.0125 2316 Ql10wnt - ok
14:31:54.0140 2316 ql12160 - ok
14:31:54.0156 2316 ql1240 - ok
14:31:54.0171 2316 ql1280 - ok
14:31:54.0203 2316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:31:54.0343 2316 RasAcd - ok
14:31:54.0375 2316 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
14:31:54.0531 2316 RasAuto - ok
14:31:54.0671 2316 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:31:54.0781 2316 Rasl2tp - ok
14:31:54.0843 2316 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
14:31:54.0968 2316 RasMan - ok
14:31:54.0984 2316 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:31:55.0109 2316 RasPppoe - ok
14:31:55.0156 2316 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:31:55.0281 2316 Raspti - ok
14:31:55.0359 2316 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:31:55.0468 2316 Rdbss - ok
14:31:55.0484 2316 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:31:55.0593 2316 RDPCDD - ok
14:31:55.0656 2316 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:31:55.0796 2316 rdpdr - ok
14:31:55.0859 2316 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
14:31:56.0015 2316 RDPWD - ok
14:31:56.0046 2316 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
14:31:56.0203 2316 RDSessMgr - ok
14:31:56.0296 2316 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:31:56.0437 2316 redbook - ok
14:31:56.0515 2316 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
14:31:56.0671 2316 RemoteAccess - ok
14:31:56.0734 2316 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
14:31:56.0843 2316 RemoteRegistry - ok
14:31:56.0890 2316 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
14:31:57.0031 2316 RpcLocator - ok
14:31:57.0109 2316 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
14:31:57.0171 2316 RpcSs - ok
14:31:57.0250 2316 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:31:57.0390 2316 RSVP - ok
14:31:57.0421 2316 s217nd5 - ok
14:31:57.0437 2316 s24trans - ok
14:31:57.0468 2316 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:31:57.0593 2316 SamSs - ok
14:31:57.0656 2316 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
14:31:57.0812 2316 SCardSvr - ok
14:31:57.0906 2316 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
14:31:58.0046 2316 Schedule - ok
14:31:58.0062 2316 se27unic - ok
14:31:58.0078 2316 SE2Cmgmt - ok
14:31:58.0093 2316 se58bus - ok
14:31:58.0156 2316 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:31:58.0234 2316 Secdrv - ok
14:31:58.0296 2316 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
14:31:58.0437 2316 seclogon - ok
14:31:58.0484 2316 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
14:31:58.0609 2316 SENS - ok
14:31:58.0671 2316 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:31:58.0812 2316 serenum - ok
14:31:58.0828 2316 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
14:31:58.0953 2316 Serial - ok
14:31:59.0000 2316 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:31:59.0312 2316 Sfloppy - ok
14:31:59.0390 2316 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
14:31:59.0515 2316 SharedAccess - ok
14:31:59.0609 2316 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
14:31:59.0718 2316 ShellHWDetection - ok
14:31:59.0750 2316 Simbad - ok
14:31:59.0765 2316 Sparrow - ok
14:31:59.0843 2316 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
14:31:59.0968 2316 splitter - ok
14:32:00.0000 2316 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
14:32:00.0140 2316 Spooler - ok
14:32:00.0234 2316 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
14:32:00.0296 2316 sr - ok
14:32:00.0312 2316 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
14:32:00.0390 2316 srservice - ok
14:32:00.0468 2316 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
14:32:00.0593 2316 Srv - ok
14:32:00.0687 2316 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
14:32:00.0750 2316 SSDPSRV - ok
14:32:00.0812 2316 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
14:32:00.0859 2316 STAC97 - ok
14:32:00.0937 2316 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:32:01.0046 2316 StillCam - ok
14:32:01.0093 2316 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
14:32:01.0281 2316 stisvc - ok
14:32:01.0296 2316 STV680m - ok
14:32:01.0390 2316 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:32:01.0562 2316 swenum - ok
14:32:01.0625 2316 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
14:32:01.0765 2316 swmidi - ok
14:32:01.0796 2316 SwPrv - ok
14:32:01.0812 2316 symc810 - ok
14:32:01.0828 2316 symc8xx - ok
14:32:01.0828 2316 sym_hi - ok
14:32:01.0843 2316 sym_u3 - ok
14:32:01.0875 2316 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:32:02.0000 2316 sysaudio - ok
14:32:02.0062 2316 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
14:32:02.0203 2316 SysmonLog - ok
14:32:02.0250 2316 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
14:32:02.0375 2316 TapiSrv - ok
14:32:02.0531 2316 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:32:02.0593 2316 Tcpip - ok
14:32:02.0703 2316 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:32:02.0812 2316 TDPIPE - ok
14:32:02.0859 2316 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
14:32:03.0000 2316 TDTCP - ok
14:32:03.0031 2316 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:32:03.0156 2316 TermDD - ok
14:32:03.0203 2316 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
14:32:03.0343 2316 TermService - ok
14:32:03.0437 2316 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
14:32:03.0546 2316 Themes - ok
14:32:03.0609 2316 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
14:32:03.0703 2316 TlntSvr - ok
14:32:03.0718 2316 TosIde - ok
14:32:03.0750 2316 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
14:32:03.0875 2316 TrkWks - ok
14:32:03.0906 2316 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
14:32:04.0031 2316 Udfs - ok
14:32:04.0046 2316 UIUSys - ok
14:32:04.0062 2316 ultra - ok
14:32:04.0140 2316 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
14:32:04.0265 2316 Update - ok
14:32:04.0281 2316 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
14:32:04.0375 2316 upnphost - ok
14:32:04.0453 2316 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
14:32:04.0562 2316 UPS - ok
14:32:04.0640 2316 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
14:32:04.0781 2316 usbaudio - ok
14:32:04.0812 2316 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:32:04.0937 2316 usbccgp - ok
14:32:04.0984 2316 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:32:05.0109 2316 usbehci - ok
14:32:05.0156 2316 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:32:05.0296 2316 usbhub - ok
14:32:05.0343 2316 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:32:05.0515 2316 usbprint - ok
14:32:05.0546 2316 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:32:05.0687 2316 usbscan - ok
14:32:05.0750 2316 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:32:05.0859 2316 USBSTOR - ok
14:32:05.0875 2316 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:32:06.0015 2316 usbuhci - ok
14:32:06.0046 2316 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:32:06.0187 2316 VgaSave - ok
14:32:06.0250 2316 ViaIde - ok
14:32:06.0265 2316 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
14:32:06.0406 2316 VolSnap - ok
14:32:06.0468 2316 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
14:32:06.0562 2316 VSS - ok
14:32:06.0750 2316 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
14:32:06.0937 2316 w29n51 - ok
14:32:07.0046 2316 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
14:32:07.0187 2316 W32Time - ok
14:32:07.0234 2316 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:32:07.0359 2316 Wanarp - ok
14:32:07.0500 2316 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:32:07.0515 2316 Wdf01000 - ok
14:32:07.0531 2316 WDICA - ok
14:32:07.0625 2316 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
14:32:07.0796 2316 wdmaud - ok
14:32:07.0843 2316 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
14:32:07.0984 2316 WebClient - ok
14:32:08.0109 2316 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:32:08.0203 2316 winachsf - ok
14:32:08.0296 2316 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:32:08.0437 2316 winmgmt - ok
14:32:08.0515 2316 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:32:08.0562 2316 WmdmPmSN - ok
14:32:08.0656 2316 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
14:32:08.0734 2316 Wmi - ok
14:32:08.0859 2316 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:32:09.0000 2316 WmiApSrv - ok
14:32:09.0171 2316 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:32:09.0296 2316 WMPNetworkSvc - ok
14:32:09.0406 2316 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:32:09.0406 2316 WpdUsb - ok
14:32:09.0484 2316 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
14:32:09.0656 2316 wuauserv - ok
14:32:09.0796 2316 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:32:09.0843 2316 WudfPf - ok
14:32:09.0859 2316 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:32:09.0890 2316 WudfRd - ok
14:32:09.0937 2316 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:32:09.0953 2316 WudfSvc - ok
14:32:10.0031 2316 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
14:32:10.0156 2316 WZCSVC - ok
14:32:10.0203 2316 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
14:32:10.0312 2316 xmlprov - ok
14:32:10.0375 2316 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:32:10.0750 2316 \Device\Harddisk0\DR0 - ok
14:32:10.0750 2316 Boot (0x1200) (aeaaf6039a4e2f52408b46964417c713) \Device\Harddisk0\DR0\Partition0
14:32:10.0750 2316 \Device\Harddisk0\DR0\Partition0 - ok
14:32:10.0750 2316 ============================================================
14:32:10.0750 2316 Scan finished
14:32:10.0750 2316 ============================================================
14:32:10.0859 3636 Detected object count: 3
14:32:10.0859 3636 Actual detected object count: 3
14:34:00.0859 3636 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
14:34:00.0937 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\@ - copied to quarantine
14:34:00.0937 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\cfg.ini - copied to quarantine
14:34:00.0968 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\Desktop.ini - copied to quarantine
14:34:01.0109 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\L\ocjejecb - copied to quarantine
14:34:01.0171 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\oemid - copied to quarantine
14:34:01.0171 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\U\00000001.@ - copied to quarantine
14:34:01.0218 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\U\00000002.@ - copied to quarantine
14:34:01.0234 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\U\00000004.@ - copied to quarantine
14:34:01.0265 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\U\80000000.@ - copied to quarantine
14:34:01.0281 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\U\80000004.@ - copied to quarantine
14:34:01.0296 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\U\80000032.@ - copied to quarantine
14:34:01.0296 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\version - copied to quarantine
14:34:01.0796 3636 Backup copy found, using it..
14:34:01.0906 3636 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
14:34:03.0937 3636 C:\WINDOWS\$NtUninstallKB14427$\1511946520 - will be deleted on reboot
14:34:03.0937 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\@ - will be deleted on reboot
14:34:03.0937 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\cfg.ini - will be deleted on reboot
14:34:03.0937 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\Desktop.ini - will be deleted on reboot
14:34:04.0031 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\oemid - will be deleted on reboot
14:34:04.0031 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\U\00000001.@ - will be deleted on reboot
14:34:04.0031 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\U\00000002.@ - will be deleted on reboot
14:34:04.0031 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\U\00000004.@ - will be deleted on reboot
14:34:04.0031 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\U\80000000.@ - will be deleted on reboot
14:34:04.0031 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\U\80000004.@ - will be deleted on reboot
14:34:04.0031 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\U\80000032.@ - will be deleted on reboot
14:34:04.0031 3636 C:\WINDOWS\$NtUninstallKB14427$\2830405871\version - will be deleted on reboot
14:34:04.0031 3636 MRxSmb ( Virus.Win32.ZAccess.k ) - User select action: Cure
14:34:04.0171 3636 C:\WINDOWS\system32\dhcp.dll - copied to quarantine
14:34:04.0171 3636 HKLM\SYSTEM\ControlSet001\services\NdisFilt - will be deleted on reboot
14:34:04.0171 3636 HKLM\SYSTEM\ControlSet002\services\NdisFilt - will be deleted on reboot
14:34:04.0187 3636 C:\WINDOWS\system32\dhcp.dll - will be deleted on reboot
14:34:04.0187 3636 NdisFilt ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
14:34:04.0187 3636 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:04.0187 3636 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:09.0656 0532 Deinitialize success

Malwarebytes' log (mbam-log-2012-04-17 (14-38-29).txt):


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.17.05
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: USER-699F3BC53F [administrator]
4/17/2012 2:38:29 PM
mbam-log-2012-04-17 (14-38-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191393
Time elapsed: 7 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

dds.txt:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user at 14:48:17 on 2012-04-17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1477 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.ca/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ALLUpdate] "c:\program files\allplayer\ALLUpdate.exe" "sleep"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
StartupFolder: c:\docume~1\user\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{4C5DCA95-036F-48BD-811A-63E787EB3C44} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{D4162941-9308-4DDC-90D8-00C7C9A81B47} : DhcpNameServer = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2008-11-7 88192]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-17 40776]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
.
=============== Created Last 30 ================
.
2012-04-17 21:37:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-17 21:34:00 -------- dc----w- C:\TDSSKiller_Quarantine
2012-04-17 21:33:43 130048 -c--a-w- c:\documents and settings\all users\application data\6tq23qj7.exe
2012-04-12 02:08:42 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-01 00:58:25 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-26 21:45:14 -------- dc----w- C:\spoolerlogs
2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-17 21:35:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-04-14 19:20:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:48:50.04 ===============

attach.txt:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/29/2009 2:48:09 PM
System Uptime: 4/17/2012 2:34:56 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0D4571
Processor: Intel(R) Pentium(R) M processor 1.86GHz | Microprocessor | 1861/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 23.773 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP793: 1/29/2012 9:32:00 AM - System Checkpoint
RP794: 1/30/2012 9:48:50 AM - System Checkpoint
RP795: 1/31/2012 6:56:05 PM - System Checkpoint
RP796: 2/2/2012 12:52:30 PM - System Checkpoint
RP797: 2/3/2012 1:12:29 PM - System Checkpoint
RP798: 2/4/2012 1:35:51 PM - System Checkpoint
RP799: 2/6/2012 9:38:39 AM - System Checkpoint
RP800: 2/7/2012 6:34:40 PM - System Checkpoint
RP801: 2/8/2012 6:35:53 PM - System Checkpoint
RP802: 2/10/2012 12:54:53 PM - System Checkpoint
RP803: 2/11/2012 1:40:27 PM - System Checkpoint
RP804: 2/13/2012 12:18:38 PM - System Checkpoint
RP805: 2/14/2012 10:04:33 PM - System Checkpoint
RP806: 2/15/2012 11:56:16 AM - Software Distribution Service 3.0
RP807: 2/16/2012 12:15:16 PM - System Checkpoint
RP808: 2/17/2012 7:31:36 PM - System Checkpoint
RP809: 2/19/2012 5:29:57 PM - System Checkpoint
RP810: 2/20/2012 7:57:21 PM - System Checkpoint
RP811: 2/22/2012 10:05:52 AM - System Checkpoint
RP812: 2/23/2012 10:12:15 AM - System Checkpoint
RP813: 2/24/2012 11:21:37 AM - System Checkpoint
RP814: 2/25/2012 7:37:28 PM - System Checkpoint
RP815: 2/26/2012 8:05:07 PM - System Checkpoint
RP816: 2/28/2012 7:31:26 PM - System Checkpoint
RP817: 2/29/2012 8:12:17 PM - System Checkpoint
RP818: 3/1/2012 8:45:16 PM - System Checkpoint
RP819: 3/2/2012 9:34:14 PM - System Checkpoint
RP820: 3/3/2012 10:54:16 PM - System Checkpoint
RP821: 3/5/2012 12:25:25 PM - System Checkpoint
RP822: 3/7/2012 1:11:56 PM - System Checkpoint
RP823: 3/8/2012 2:34:40 PM - System Checkpoint
RP824: 3/9/2012 3:11:40 PM - System Checkpoint
RP825: 3/10/2012 3:57:00 PM - System Checkpoint
RP826: 3/11/2012 6:09:42 PM - System Checkpoint
RP827: 3/13/2012 12:56:00 PM - System Checkpoint
RP828: 3/14/2012 12:17:01 PM - Software Distribution Service 3.0
RP829: 3/15/2012 1:36:30 PM - System Checkpoint
RP830: 3/16/2012 1:57:59 PM - System Checkpoint
RP831: 3/17/2012 4:49:52 PM - System Checkpoint
RP832: 3/18/2012 6:51:22 PM - System Checkpoint
RP833: 3/19/2012 7:29:33 PM - System Checkpoint
RP834: 3/21/2012 1:11:07 PM - System Checkpoint
RP835: 3/22/2012 1:31:24 PM - System Checkpoint
RP836: 3/24/2012 1:08:44 PM - System Checkpoint
RP837: 3/25/2012 3:19:51 PM - System Checkpoint
RP838: 3/26/2012 4:57:50 PM - System Checkpoint
RP839: 3/27/2012 5:40:03 PM - System Checkpoint
RP840: 3/28/2012 7:55:00 PM - System Checkpoint
RP841: 3/30/2012 8:25:32 PM - System Checkpoint
RP842: 3/31/2012 9:18:28 PM - System Checkpoint
RP843: 4/1/2012 9:49:02 PM - System Checkpoint
RP844: 4/3/2012 9:21:27 AM - System Checkpoint
RP845: 4/4/2012 11:04:37 AM - System Checkpoint
RP846: 4/5/2012 12:17:43 PM - System Checkpoint
RP847: 4/6/2012 2:35:01 PM - System Checkpoint
RP848: 4/8/2012 1:11:43 PM - System Checkpoint
RP849: 4/9/2012 3:14:16 PM - System Checkpoint
RP850: 4/10/2012 5:29:02 PM - System Checkpoint
RP851: 4/11/2012 2:03:38 PM - Software Distribution Service 3.0
RP852: 4/12/2012 4:11:36 PM - System Checkpoint
RP853: 4/15/2012 8:18:28 AM - System Checkpoint
RP854: 4/16/2012 9:00:44 PM - System Checkpoint
RP855: 4/17/2012 2:27:10 PM - Removed Ask Toolbar.
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
ALLConverter PRO 1.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Broadcom Gigabit Integrated Controller
C-Major Audio
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG2100 series MP Drivers
Canon MG2100 series On-screen Manual
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
Conexant D110 MDC V.92 Modem
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Java Auto Updater
Java(TM) 6 Update 29
Malwarebytes Anti-Malware version 1.61.0.1400
mDriver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mLogView
MSN
MSXML 6 Service Pack 2 (KB973686)
Nero 6 Ultra Edition
OpenOffice.org 3.3
Picasa 3
PrimoPDF -- brought to you by Nitro PDF Software
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.11
WD Diagnostics
WebFldrs XP
Webshots Desktop
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows iLivid Toolbar
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The Symwsc service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The RadProbe service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The Omniinet service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The KR10I service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The Idechndr service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The Hpdskflt service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The Fsssvc service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The Entech service terminated with the following error: The specified module could not be found.
4/16/2012 8:03:53 PM, error: Service Control Manager [7023] - The CdaD10BA service terminated with the following error: The specified module could not be found.
4/14/2012 3:47:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
4/14/2012 3:47:53 PM, error: Service Control Manager [7023] - The NEOFLTR_600_13319 service terminated with the following error: The specified module could not be found.
4/14/2012 3:47:53 PM, error: Service Control Manager [7023] - The BrPar service terminated with the following error: The specified module could not be found.
4/12/2012 8:33:02 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'mrxsmb.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/12/2012 8:32:36 AM, error: SCardSvr [610] - Smart Card Reader '' rejected IOCTL GET_ATTRIBUTE: Incorrect function.
4/12/2012 8:32:36 AM, error: SCardSvr [406] - Reader object cannot Identify Device
4/12/2012 12:08:32 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
4/11/2012 8:54:01 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'mrxsmb.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================

Share this post


Link to post
Share on other sites
Ok, I have followed the steps above. My apologies though, I believe I mistakenly selected "Delete" for one of the detected threats.

It was infected driver belongs to Norton Internet Security. You don't have it anymore, so not needed.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

Hi Maniac,

Thanks so much for your time and consideration. I was under a strict deadline to get the computer back to working order the first night before going out of town, so I ended up just reinstalling Windows.

You mentioned you had some good recommendations for free antivirus and/or other software to have running. Can you still give your recommendations?

Share this post


Link to post
Share on other sites

This topic is now closed.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.