Inactive My mother got happy clicking syndrome

beaslie0503 · 2011/10/25

[Inactive] My mother got happy clicking syndrome

So to start off I've told my mother to stop with the errant clicking... so she got an email shown below with a link attached to a document with .pdf.exe
the file wasnt a download but a link to an external site (below)

My mother in her infinite wisdom decided it was a good idea to click this link on her work computer... She has administrator access to this machine but was using our wireless network here at the house so her web blocker (websense) didnt block it because she wasnt on her work network...

After restarting her computer here are the 2 issues that pop-up plus the internet no longer is working...

1st error msg:
The procedure entry point AcceptEX could not be located in dynamic link library MSWSOCK.dll

2nd msg:
The TCP/IP network transport is not installed.

I have tried to release and renew the ips in the ipconfig util but i get the error that the operation was attempted on something that is not a socket

I ran all 4 of the utilities but the MBRcheck gets halfway through and closes itself and wont allow me to re-run it again using the same filename... if i change the filename I can run it but the same thing happens to no avail... It does say that a file near C:\windows\system32\???\afd.sys is SUSPICOUS before it closes...

MBAM Log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/25/2011 5:33:38 PM
mbam-log-2011-10-25 (17-33-38).txt

Scan type: Full scan (C:\|)
Objects scanned: 345013
Time elapsed: 33 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Goopoo3 (Worm.Prolaco.M) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Goopoo3 (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Google EnterpriseV3 (Worm.Prolaco.M) -> Value: Google EnterpriseV3 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER Log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-25 19:39:31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST912041 rev.DE16
Running: ltmnuggt.exe; Driver: C:\DOCUME~1\mcase\LOCALS~1\Temp\uwldykob.sys

---- System - GMER 1.0.15 ----

SSDT 89349468 ZwAlertResumeThread
SSDT 89349528 ZwAlertThread
SSDT 89349D78 ZwAllocateVirtualMemory
SSDT 8A787D90 ZwConnectPort
SSDT 89349218 ZwCreateMutant
SSDT 893487A8 ZwCreateThread
SSDT 89349BD8 ZwFreeVirtualMemory
SSDT 893492E8 ZwImpersonateAnonymousToken
SSDT 893493A8 ZwImpersonateThread
SSDT 89349AF8 ZwMapViewOfSection
SSDT 8937DF90 ZwOpenEvent
SSDT 89450148 ZwOpenProcessToken
SSDT 893498D0 ZwOpenThreadToken
SSDT 8944D428 ZwResumeThread
SSDT 893481B0 ZwSetContextThread
SSDT 893499A0 ZwSetInformationProcess
SSDT 89349778 ZwSetInformationThread
SSDT 8937DED0 ZwSuspendProcess
SSDT 89349630 ZwSuspendThread
SSDT 8934F310 ZwTerminateProcess
SSDT 8934E1A8 ZwTerminateThread
SSDT 89350980 ZwUnmapViewOfSection
SSDT 89349CA8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IoReuseIrp + 8B 804EF90D 7 Bytes CALL 8943E8B5
.text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 4 Bytes CALL FAD97A7B
.text iaStor.sys B9E718D7 7 Bytes CALL 8943B3C0
.PAGE C:\WINDOWS\System32\drivers\afd.sys unknown last section [0xA6028800, 0x100, 0xC0000040]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) BA2A8000-BA2B1000 (36864 bytes)
Module (noname) (*** hidden *** ) B727C000-B728B000 (61440 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:808] BA2AC3E0
Thread System [4:812] BA2AC3E0
Thread System [4:816] 8943E8C5
Thread System [4:820] 8943E8C5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB10716$\2753524284 0 bytes
File C:\WINDOWS\$NtUninstallKB10716$\2753524284\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB10716$\2753524284\L 0 bytes
File C:\WINDOWS\$NtUninstallKB10716$\2753524284\L\xfcwrezr 138496 bytes
File C:\WINDOWS\$NtUninstallKB10716$\2753524284\loader.tlb 2540 bytes
File C:\WINDOWS\$NtUninstallKB10716$\2753524284\U 0 bytes
File C:\WINDOWS\$NtUninstallKB10716$\2753524284\U\@00000001 45968 bytes
File C:\WINDOWS\$NtUninstallKB10716$\2753524284\U\@000000c0 3584 bytes
File C:\WINDOWS\$NtUninstallKB10716$\2753524284\U\@000000cb 3072 bytes
File C:\WINDOWS\$NtUninstallKB10716$\2753524284\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB10716$\2753524284\U\@80000000 23040 bytes
File C:\WINDOWS\$NtUninstallKB10716$\2753524284\U\@800000c0 35840 bytes
File C:\WINDOWS\$NtUninstallKB10716$\2753524284\U\@800000cb 23552 bytes
File C:\WINDOWS\$NtUninstallKB10716$\2753524284\U\@800000cf 27648 bytes
File C:\WINDOWS\$NtUninstallKB10716$\322713205 0 bytes

---- EOF - GMER 1.0.15 ----

broni · 2011/10/25

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================================

MBRcheck gets halfway through and closes
Click to expand...

Do you mean aswMBR?

I still need DDS logs.

beaslie0503 · 2011/10/25

here are the 2 DDS Logs

DDS LOG

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Run by mcase at 19:43:55 on 2011-10-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.2741 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r205445\stacsv.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\explorer.exe
C:\Program Files\SmartDraw VP\Messages\SDNotify.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=c:\documents and settings\mcase\local settings\application data\a41f723c\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe "
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe "
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234975290828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-6-27 1664248]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-8-23 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-8-23 108392]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-25 366152]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-1-28 112128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-4 105592]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-28 110080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-25 22216]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111021.002\NAVENG.SYS [2011-10-21 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111021.002\NAVEX15.SYS [2011-10-21 1576312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-8-23 1832072]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-8-23 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 vsdatant;vsdatant;a --> a [?]
.
=============== Created Last 30 ================
.
2011-10-25 23:40:36 -------- d-----w- c:\documents and settings\mcase\application data\Malwarebytes
2011-10-25 23:40:29 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-25 23:40:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-25 23:40:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-25 23:02:59 -------- d-sh--w- c:\documents and settings\mcase\local settings\application data\a41f723c
2011-10-06 11:23:53 -------- d-----w- c:\program files\CSTAR v10
.
==================== Find3M ====================
.
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-20 23:27:20 1003520 ----a-w- c:\windows\system32\cstarlib.dll
2011-09-20 19:03:42 1454080 ----a-w- c:\windows\system32\svdp.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 19:49:52.25 ===============

ATTACH LOG

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/18/2009 8:35:44 AM
System Uptime: 10/25/2011 4:32:03 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0D695C
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 83.142 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1397 WLAN Mini-Card
Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000C1028&REV_01\4&84CCC20&0&00E1
Manufacturer: Broadcom
Name: Dell Wireless 1397 WLAN Mini-Card
PNP Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000C1028&REV_01\4&84CCC20&0&00E1
Service: BCM43XX
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 9 Pro
Adobe Acrobat 9.4.5 - CPSID_83708
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint System
BioAPI Framework
Bonjour
Broadcom TPM Driver Installer
Critical Update for Windows Media Player 11 (KB959772)
CSTAR v10
Dell Security Device Driver Pack
Dell Touchpad
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 6127 series
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
J2SE Runtime Environment 5.0 Update 16
Java(TM) 6 Update 11
Java(TM) 6 Update 7
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Native Client
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mobile Broadband Drivers
Mobile Broadband Generic Drivers
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Policy Manager Office Module
PowerDVD
PrintReportDotNet
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SmartDraw PDF Export (novaPDF 6.4 printer)
SmartDraw VP
Sonic CinePlayer Decoder Pack
Spelling Dictionaries Support For Adobe Reader 9
Symantec Endpoint Protection
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2264107)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UPEK TouchChip Fingerprint Reader
VZAccess Manager
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (06/12/2008 8.1.0.51)
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0 MUI pack
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
10/25/2011 7:39:59 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service Symantec AntiVirus with arguments " " in order to run the server: {98694799-6891-4FD7-A91D-FB43B78AEC8C}
10/25/2011 4:41:08 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
10/25/2011 4:37:24 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{C2EA4E7A-659B-47FD-8CA7-58C3E1D45A2F} because another computer on the network has the same name. The server could not start.
10/25/2011 4:34:04 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).
10/25/2011 4:34:03 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
10/25/2011 4:34:03 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The specified procedure could not be found.
10/25/2011 4:34:03 PM, error: Service Control Manager [7023] - The Net Logon service terminated with the following error: The requested service provider could not be loaded or initialized.
10/25/2011 4:34:03 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The requested service provider could not be loaded or initialized.
10/25/2011 4:34:03 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952506
10/25/2011 4:34:03 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.
10/25/2011 4:33:42 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service Symantec AntiVirus with arguments " " in order to run the server: {5CEC0E13-CF22-414C-8D67-D44B06420FC1}
10/25/2011 4:33:24 PM, error: NETLOGON [5737] - The system returned the following unexpected error code: The requested service provider could not be loaded or initialized.
10/25/2011 4:03:27 PM, error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/21/2011 8:19:51 PM, error: NETLOGON [5719] - No Domain Controller is available for domain NEIGHBOR due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
10/19/2011 7:49:07 AM, error: Dhcp [1002] - The IP address lease 10.1.6.59 for the Network Card with network address 0023AE02B604 has been denied by the DHCP server 10.1.1.2 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

beaslie0503 · 2011/10/25

yea aswMBR wouldnt stay open

broni · 2011/10/25

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

beaslie0503 · 2011/10/25

20:35:04.0031 2724 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
20:35:04.0046 2724 ============================================================
20:35:04.0046 2724 Current date / time: 2011/10/25 20:35:04.0046
20:35:04.0046 2724 SystemInfo:
20:35:04.0046 2724
20:35:04.0046 2724 OS Version: 5.1.2600 ServicePack: 3.0
20:35:04.0046 2724 Product type: Workstation
20:35:04.0046 2724 ComputerName: MB-4026-03
20:35:04.0046 2724 UserName: mcase
20:35:04.0046 2724 Windows directory: C:\WINDOWS
20:35:04.0046 2724 System windows directory: C:\WINDOWS
20:35:04.0046 2724 Processor architecture: Intel x86
20:35:04.0046 2724 Number of processors: 2
20:35:04.0046 2724 Page size: 0x1000
20:35:04.0046 2724 Boot type: Normal boot
20:35:04.0046 2724 ============================================================
20:35:04.0484 2724 Initialize success
20:35:11.0093 2852 ============================================================
20:35:11.0093 2852 Scan started
20:35:11.0093 2852 Mode: Manual;
20:35:11.0093 2852 ============================================================
20:35:11.0250 2852 a41f723c ( Rootkit.Win32.PMax.gen ) - infected
20:35:11.0250 2852 a41f723c - detected Rootkit.Win32.PMax.gen (0)
20:35:11.0296 2852 Abiosdsk - ok
20:35:11.0359 2852 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:35:11.0359 2852 abp480n5 - ok
20:35:11.0406 2852 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:35:11.0406 2852 ACPI - ok
20:35:11.0421 2852 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:35:11.0421 2852 ACPIEC - ok
20:35:11.0453 2852 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:35:11.0468 2852 adpu160m - ok
20:35:11.0500 2852 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:35:11.0500 2852 aec - ok
20:35:11.0562 2852 AESTAud (20f078136f3bdc4c0405c0527b769303) C:\WINDOWS\system32\drivers\AESTAud.sys
20:35:11.0578 2852 AESTAud - ok
20:35:11.0640 2852 AFD (c6359b1a1c00dc0a7b06a5cf161045df) C:\WINDOWS\System32\drivers\afd.sys
20:35:11.0656 2852 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: c6359b1a1c00dc0a7b06a5cf161045df, Fake md5: 1e44bc1e83d8fd2305f8d452db109cf9
20:35:11.0656 2852 AFD ( Rootkit.Win32.ZAccess.g ) - infected
20:35:11.0656 2852 AFD - detected Rootkit.Win32.ZAccess.g (0)
20:35:11.0687 2852 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:35:11.0687 2852 agp440 - ok
20:35:11.0718 2852 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:35:11.0718 2852 agpCPQ - ok
20:35:11.0734 2852 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:35:11.0734 2852 Aha154x - ok
20:35:11.0765 2852 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:35:11.0765 2852 aic78u2 - ok
20:35:11.0781 2852 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:35:11.0781 2852 aic78xx - ok
20:35:11.0812 2852 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:35:11.0812 2852 AliIde - ok
20:35:11.0828 2852 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:35:11.0828 2852 alim1541 - ok
20:35:11.0859 2852 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:35:11.0859 2852 amdagp - ok
20:35:11.0875 2852 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:35:11.0875 2852 amsint - ok
20:35:11.0906 2852 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:35:11.0921 2852 ApfiltrService - ok
20:35:11.0984 2852 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:35:11.0984 2852 Arp1394 - ok
20:35:12.0015 2852 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:35:12.0015 2852 asc - ok
20:35:12.0046 2852 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:35:12.0046 2852 asc3350p - ok
20:35:12.0078 2852 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:35:12.0078 2852 asc3550 - ok
20:35:12.0125 2852 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:35:12.0125 2852 AsyncMac - ok
20:35:12.0140 2852 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:35:12.0156 2852 atapi - ok
20:35:12.0156 2852 Atdisk - ok
20:35:12.0203 2852 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:35:12.0203 2852 Atmarpc - ok
20:35:12.0234 2852 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:35:12.0234 2852 audstub - ok
20:35:12.0296 2852 b57w2k (58911390115465bf6d8048f21f48655a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:35:12.0296 2852 b57w2k - ok
20:35:12.0453 2852 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:35:12.0500 2852 BCM43XX - ok
20:35:12.0546 2852 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:35:12.0546 2852 Beep - ok
20:35:12.0593 2852 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
20:35:12.0593 2852 BTDriver - ok
20:35:12.0750 2852 BTKRNL (38a3331e2f690d4cdc9de0604b9416e5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:35:12.0750 2852 BTKRNL - ok
20:35:12.0812 2852 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
20:35:12.0812 2852 BTWDNDIS - ok
20:35:12.0843 2852 BTWUSB (d5af663711660d32ec230c6aaf7b6b83) C:\WINDOWS\system32\Drivers\btwusb.sys
20:35:12.0843 2852 BTWUSB - ok
20:35:12.0890 2852 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:35:12.0890 2852 cbidf - ok
20:35:12.0906 2852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:35:12.0906 2852 cbidf2k - ok
20:35:12.0953 2852 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:35:12.0953 2852 cd20xrnt - ok
20:35:13.0000 2852 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:35:13.0000 2852 Cdaudio - ok
20:35:13.0031 2852 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:35:13.0031 2852 Cdfs - ok
20:35:13.0062 2852 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:35:13.0062 2852 Cdrom - ok
20:35:13.0078 2852 Changer - ok
20:35:13.0140 2852 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:35:13.0140 2852 CmBatt - ok
20:35:13.0187 2852 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:35:13.0187 2852 CmdIde - ok
20:35:13.0234 2852 COH_Mon (a02dc932f3806d29b39ef3114ce00405) C:\WINDOWS\system32\Drivers\COH_Mon.sys
20:35:13.0234 2852 COH_Mon - ok
20:35:13.0265 2852 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:35:13.0265 2852 Compbatt - ok
20:35:13.0312 2852 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:35:13.0312 2852 Cpqarray - ok
20:35:13.0343 2852 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:35:13.0343 2852 dac2w2k - ok
20:35:13.0375 2852 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:35:13.0375 2852 dac960nt - ok
20:35:13.0406 2852 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:35:13.0406 2852 Disk - ok
20:35:13.0421 2852 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
20:35:13.0421 2852 DLABMFSM - ok
20:35:13.0437 2852 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
20:35:13.0437 2852 DLABOIOM - ok
20:35:13.0453 2852 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
20:35:13.0453 2852 DLACDBHM - ok
20:35:13.0468 2852 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
20:35:13.0468 2852 DLADResM - ok
20:35:13.0484 2852 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
20:35:13.0484 2852 DLAIFS_M - ok
20:35:13.0484 2852 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
20:35:13.0484 2852 DLAOPIOM - ok
20:35:13.0500 2852 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
20:35:13.0500 2852 DLAPoolM - ok
20:35:13.0515 2852 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
20:35:13.0515 2852 DLARTL_M - ok
20:35:13.0531 2852 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
20:35:13.0531 2852 DLAUDFAM - ok
20:35:13.0531 2852 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
20:35:13.0531 2852 DLAUDF_M - ok
20:35:13.0578 2852 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:35:13.0593 2852 dmboot - ok
20:35:13.0593 2852 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
20:35:13.0609 2852 dmio - ok
20:35:13.0625 2852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:35:13.0625 2852 dmload - ok
20:35:13.0656 2852 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:35:13.0656 2852 DMusic - ok
20:35:13.0703 2852 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:35:13.0703 2852 dpti2o - ok
20:35:13.0718 2852 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:35:13.0718 2852 drmkaud - ok
20:35:13.0734 2852 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
20:35:13.0734 2852 DRVMCDB - ok
20:35:13.0750 2852 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:35:13.0750 2852 DRVNDDM - ok
20:35:13.0828 2852 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:35:13.0828 2852 eeCtrl - ok
20:35:13.0859 2852 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:35:13.0859 2852 EraserUtilRebootDrv - ok
20:35:13.0890 2852 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:35:13.0890 2852 Fastfat - ok
20:35:13.0937 2852 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:35:13.0937 2852 Fdc - ok
20:35:14.0000 2852 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:35:14.0000 2852 Fips - ok
20:35:14.0031 2852 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:35:14.0031 2852 Flpydisk - ok
20:35:14.0062 2852 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:35:14.0062 2852 FltMgr - ok
20:35:14.0109 2852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:35:14.0109 2852 Fs_Rec - ok
20:35:14.0125 2852 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:35:14.0125 2852 Ftdisk - ok
20:35:14.0171 2852 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:35:14.0171 2852 GEARAspiWDM - ok
20:35:14.0203 2852 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:35:14.0203 2852 Gpc - ok
20:35:14.0296 2852 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:35:14.0296 2852 HDAudBus - ok
20:35:14.0312 2852 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:35:14.0312 2852 hidusb - ok
20:35:14.0359 2852 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:35:14.0359 2852 hpn - ok
20:35:14.0421 2852 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:35:14.0421 2852 HTTP - ok
20:35:14.0453 2852 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:35:14.0453 2852 i2omgmt - ok
20:35:14.0484 2852 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:35:14.0484 2852 i2omp - ok
20:35:14.0531 2852 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:35:14.0531 2852 i8042prt - ok
20:35:14.0765 2852 ialm (4f3139829f1ac202ff0d29c2fd6c15b6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:35:14.0921 2852 ialm - ok
20:35:14.0984 2852 iaStor (692830b048aacd7e0d6ededf098acc01) C:\WINDOWS\system32\drivers\iaStor.sys
20:35:14.0984 2852 iaStor - ok
20:35:15.0031 2852 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:35:15.0031 2852 Imapi - ok
20:35:15.0078 2852 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:35:15.0078 2852 ini910u - ok
20:35:15.0140 2852 IntcHdmiAddService (64c301d73db18ebdc8680ca82d82af2d) C:\WINDOWS\system32\drivers\IntcHdmi.sys
20:35:15.0140 2852 IntcHdmiAddService - ok
20:35:15.0187 2852 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:35:15.0187 2852 IntelIde - ok
20:35:15.0203 2852 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:35:15.0203 2852 intelppm - ok
20:35:15.0234 2852 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:35:15.0234 2852 Ip6Fw - ok
20:35:15.0265 2852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:35:15.0265 2852 IpFilterDriver - ok
20:35:15.0281 2852 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:35:15.0281 2852 IpInIp - ok
20:35:15.0328 2852 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:35:15.0328 2852 IpNat - ok
20:35:15.0406 2852 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:35:15.0406 2852 IPSec - ok
20:35:15.0453 2852 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:35:15.0453 2852 IRENUM - ok
20:35:15.0500 2852 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:35:15.0500 2852 isapnp - ok
20:35:15.0531 2852 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:35:15.0531 2852 Kbdclass - ok
20:35:15.0562 2852 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:35:15.0562 2852 kbdhid - ok
20:35:15.0593 2852 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:35:15.0593 2852 kmixer - ok
20:35:15.0640 2852 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:35:15.0640 2852 KSecDD - ok
20:35:15.0656 2852 lbrtfdc - ok
20:35:15.0703 2852 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
20:35:15.0703 2852 MBAMProtector - ok
20:35:15.0718 2852 MBAMSwissArmy - ok
20:35:15.0765 2852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:35:15.0765 2852 mnmdd - ok
20:35:15.0781 2852 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:35:15.0781 2852 Modem - ok
20:35:15.0828 2852 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:35:15.0828 2852 Mouclass - ok
20:35:15.0859 2852 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:35:15.0859 2852 mouhid - ok
20:35:15.0875 2852 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:35:15.0875 2852 MountMgr - ok
20:35:15.0906 2852 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:35:15.0906 2852 mraid35x - ok
20:35:15.0921 2852 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:35:15.0921 2852 MRxDAV - ok
20:35:15.0953 2852 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:35:15.0953 2852 MRxSmb - ok
20:35:16.0000 2852 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:35:16.0000 2852 Msfs - ok
20:35:16.0031 2852 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:35:16.0031 2852 MSKSSRV - ok
20:35:16.0046 2852 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:35:16.0046 2852 MSPCLOCK - ok
20:35:16.0078 2852 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:35:16.0078 2852 MSPQM - ok
20:35:16.0109 2852 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:35:16.0109 2852 mssmbios - ok
20:35:16.0125 2852 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:35:16.0125 2852 Mup - ok
20:35:16.0203 2852 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111021.002\NAVENG.SYS
20:35:16.0203 2852 NAVENG - ok
20:35:16.0281 2852 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111021.002\NAVEX15.SYS
20:35:16.0312 2852 NAVEX15 - ok
20:35:16.0390 2852 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:35:16.0390 2852 NDIS - ok
20:35:16.0406 2852 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:35:16.0406 2852 NdisTapi - ok
20:35:16.0437 2852 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:35:16.0437 2852 Ndisuio - ok
20:35:16.0468 2852 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:35:16.0468 2852 NdisWan - ok
20:35:16.0531 2852 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:35:16.0531 2852 NDProxy - ok
20:35:16.0546 2852 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:35:16.0546 2852 NetBIOS - ok
20:35:16.0562 2852 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:35:16.0578 2852 NetBT - ok
20:35:16.0640 2852 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:35:16.0640 2852 NIC1394 - ok
20:35:16.0671 2852 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:35:16.0671 2852 Npfs - ok
20:35:16.0734 2852 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:35:16.0750 2852 Ntfs - ok
20:35:16.0781 2852 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:35:16.0781 2852 Null - ok
20:35:16.0828 2852 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
20:35:16.0828 2852 NWADI - ok
20:35:16.0875 2852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:35:16.0875 2852 NwlnkFlt - ok
20:35:16.0890 2852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:35:16.0890 2852 NwlnkFwd - ok
20:35:16.0921 2852 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
20:35:16.0921 2852 NWUSBCDFIL - ok
20:35:16.0953 2852 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
20:35:16.0953 2852 NWUSBModem - ok
20:35:16.0968 2852 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
20:35:16.0984 2852 NWUSBPort - ok
20:35:17.0000 2852 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
20:35:17.0000 2852 NWUSBPort2 - ok
20:35:17.0031 2852 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:35:17.0031 2852 ohci1394 - ok
20:35:17.0093 2852 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:35:17.0109 2852 Parport - ok
20:35:17.0109 2852 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:35:17.0109 2852 PartMgr - ok
20:35:17.0156 2852 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:35:17.0156 2852 ParVdm - ok
20:35:17.0187 2852 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
20:35:17.0187 2852 PBADRV - ok
20:35:17.0203 2852 PCASp50 - ok
20:35:17.0218 2852 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:35:17.0218 2852 PCI - ok
20:35:17.0218 2852 PCIDump - ok
20:35:17.0265 2852 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:35:17.0265 2852 PCIIde - ok
20:35:17.0281 2852 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:35:17.0281 2852 Pcmcia - ok
20:35:17.0296 2852 PDCOMP - ok
20:35:17.0312 2852 PDFRAME - ok
20:35:17.0328 2852 PDRELI - ok
20:35:17.0328 2852 PDRFRAME - ok
20:35:17.0359 2852 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:35:17.0375 2852 perc2 - ok
20:35:17.0390 2852 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:35:17.0390 2852 perc2hib - ok
20:35:17.0437 2852 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:35:17.0453 2852 PptpMiniport - ok
20:35:17.0468 2852 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:35:17.0468 2852 PSched - ok
20:35:17.0531 2852 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:35:17.0531 2852 Ptilink - ok
20:35:17.0562 2852 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:35:17.0562 2852 PxHelp20 - ok
20:35:17.0578 2852 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:35:17.0578 2852 ql1080 - ok
20:35:17.0609 2852 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:35:17.0625 2852 Ql10wnt - ok
20:35:17.0640 2852 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:35:17.0640 2852 ql12160 - ok
20:35:17.0687 2852 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:35:17.0687 2852 ql1240 - ok
20:35:17.0734 2852 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:35:17.0734 2852 ql1280 - ok
20:35:17.0750 2852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:35:17.0750 2852 RasAcd - ok
20:35:17.0796 2852 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:35:17.0796 2852 Rasl2tp - ok
20:35:17.0828 2852 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:35:17.0828 2852 RasPppoe - ok
20:35:17.0843 2852 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:35:17.0843 2852 Raspti - ok
20:35:17.0875 2852 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:35:17.0875 2852 Rdbss - ok
20:35:17.0890 2852 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:35:17.0890 2852 RDPCDD - ok
20:35:17.0921 2852 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:35:17.0921 2852 rdpdr - ok
20:35:17.0968 2852 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:35:17.0968 2852 RDPWD - ok
20:35:18.0015 2852 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:35:18.0015 2852 redbook - ok
20:35:18.0109 2852 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
20:35:18.0109 2852 rimmptsk - ok
20:35:18.0203 2852 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:35:18.0203 2852 sdbus - ok
20:35:18.0265 2852 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:35:18.0265 2852 Secdrv - ok
20:35:18.0296 2852 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:35:18.0296 2852 Serenum - ok
20:35:18.0328 2852 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:35:18.0328 2852 Serial - ok
20:35:18.0375 2852 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:35:18.0375 2852 Sfloppy - ok
20:35:18.0406 2852 Simbad - ok
20:35:18.0453 2852 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:35:18.0453 2852 sisagp - ok
20:35:18.0531 2852 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
20:35:18.0531 2852 SMSIVZAM5 - ok
20:35:18.0593 2852 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:35:18.0593 2852 Sparrow - ok
20:35:18.0671 2852 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
20:35:18.0671 2852 SPBBCDrv - ok
20:35:18.0718 2852 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:35:18.0718 2852 splitter - ok
20:35:18.0750 2852 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:35:18.0750 2852 sr - ok
20:35:18.0781 2852 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
20:35:18.0796 2852 SRTSP - ok
20:35:18.0828 2852 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
20:35:18.0843 2852 SRTSPL - ok
20:35:18.0875 2852 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
20:35:18.0875 2852 SRTSPX - ok
20:35:18.0921 2852 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:35:18.0921 2852 Srv - ok
20:35:19.0015 2852 STHDA (886c708c91db573656d64c626468d707) C:\WINDOWS\system32\drivers\sthda.sys
20:35:19.0031 2852 STHDA - ok
20:35:19.0062 2852 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:35:19.0062 2852 swenum - ok
20:35:19.0093 2852 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:35:19.0093 2852 swmidi - ok
20:35:19.0125 2852 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:35:19.0125 2852 symc810 - ok
20:35:19.0140 2852 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:35:19.0140 2852 symc8xx - ok
20:35:19.0203 2852 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:35:19.0203 2852 SymEvent - ok
20:35:19.0234 2852 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
20:35:19.0234 2852 SYMREDRV - ok
20:35:19.0281 2852 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
20:35:19.0281 2852 SYMTDI - ok
20:35:19.0343 2852 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:35:19.0343 2852 sym_hi - ok
20:35:19.0375 2852 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:35:19.0375 2852 sym_u3 - ok
20:35:19.0406 2852 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:35:19.0406 2852 sysaudio - ok
20:35:19.0468 2852 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:35:19.0484 2852 Tcpip - ok
20:35:19.0531 2852 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:35:19.0531 2852 TDPIPE - ok
20:35:19.0546 2852 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:35:19.0546 2852 TDTCP - ok
20:35:19.0578 2852 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:35:19.0593 2852 TermDD - ok
20:35:19.0656 2852 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:35:19.0656 2852 TosIde - ok
20:35:19.0687 2852 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:35:19.0687 2852 Udfs - ok
20:35:19.0718 2852 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:35:19.0718 2852 ultra - ok
20:35:19.0734 2852 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:35:19.0734 2852 Update - ok
20:35:19.0781 2852 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:35:19.0781 2852 USBAAPL - ok
20:35:19.0828 2852 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:35:19.0828 2852 usbccgp - ok
20:35:19.0890 2852 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:35:19.0890 2852 usbehci - ok
20:35:19.0953 2852 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:35:19.0953 2852 usbhub - ok
20:35:20.0000 2852 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:35:20.0000 2852 usbohci - ok
20:35:20.0031 2852 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:35:20.0031 2852 usbprint - ok
20:35:20.0078 2852 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:35:20.0078 2852 USBSTOR - ok
20:35:20.0109 2852 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:35:20.0109 2852 usbuhci - ok
20:35:20.0156 2852 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
20:35:20.0156 2852 usb_rndisx - ok
20:35:20.0171 2852 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:35:20.0171 2852 VgaSave - ok
20:35:20.0218 2852 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:35:20.0218 2852 viaagp - ok
20:35:20.0250 2852 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:35:20.0250 2852 ViaIde - ok
20:35:20.0250 2852 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:35:20.0250 2852 VolSnap - ok
20:35:20.0265 2852 vsdatant - ok
20:35:20.0312 2852 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:35:20.0312 2852 Wanarp - ok
20:35:20.0390 2852 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:35:20.0390 2852 Wdf01000 - ok
20:35:20.0406 2852 WDICA - ok
20:35:20.0453 2852 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:35:20.0453 2852 wdmaud - ok
20:35:20.0500 2852 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:35:20.0500 2852 WmiAcpi - ok
20:35:20.0562 2852 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:35:20.0562 2852 WudfPf - ok
20:35:20.0578 2852 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:35:20.0578 2852 WudfRd - ok
20:35:20.0625 2852 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:35:20.0625 2852 \Device\Harddisk0\DR0 - ok
20:35:20.0640 2852 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR6
20:35:20.0640 2852 \Device\Harddisk1\DR6 - ok
20:35:20.0656 2852 Boot (0x1200) (80bc97a6cbbd0ac9a0fcfb4808ad7c74) \Device\Harddisk0\DR0\Partition0
20:35:20.0656 2852 \Device\Harddisk0\DR0\Partition0 - ok
20:35:20.0656 2852 Boot (0x1200) (1782b943b9958c36d83f6eab1ea94739) \Device\Harddisk1\DR6\Partition0
20:35:20.0656 2852 \Device\Harddisk1\DR6\Partition0 - ok
20:35:20.0656 2852 ============================================================
20:35:20.0656 2852 Scan finished
20:35:20.0656 2852 ============================================================
20:35:20.0671 2868 Detected object count: 2
20:35:20.0671 2868 Actual detected object count: 2
20:35:37.0625 2868 HKLM\SYSTEM\ControlSet001\services\a41f723c - will be deleted on reboot
20:35:37.0625 2868 HKLM\SYSTEM\ControlSet002\services\a41f723c - will be deleted on reboot
20:35:37.0625 2868 C:\WINDOWS\1014112164:1541443011.exe - will be deleted on reboot
20:35:37.0625 2868 a41f723c ( Rootkit.Win32.PMax.gen ) - User select action: Delete
20:35:38.0125 2868 Backup copy found, using it..
20:35:38.0203 2868 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
20:35:38.0203 2868 AFD ( Rootkit.Win32.ZAccess.g ) - User select action: Cure

broni · 2011/10/25

Please re-run the tool one more time

beaslie0503 · 2011/10/25

After the restart from the TDSSKiller

I have not yet recieved either error message that I was getting before...

1st error msg:
The procedure entry point AcceptEX could not be located in dynamic link library MSWSOCK.dll

2nd msg:
The TCP/IP network transport is not installed.

beaslie0503 · 2011/10/25

rerun the tdss killer?

broni · 2011/10/25

Yes.

Also see if aswMBR will run now.

beaslie0503 · 2011/10/25

ok reran the TDSSKIller with no new threats found... aswMBR is downloading the new definition and running

Malwarebytes is blockin all kinds of pop ups too all of a sudden... grrrrr

broni · 2011/10/25

Well your computer has been seriously infected.
We just removed rootkit and most likely there is more bad guys there.

beaslie0503 · 2011/10/25

thanks i'd like to get this stuff off for her... she would have had to get her IT ppl involved... they wont be happy even if she is the vice president lol

beaslie0503 · 2011/10/25

aswMBR made it alot farther than it did the last time when it crashed on me... ill have the report rdy shortly

broni · 2011/10/25

If still a problem with aswMBR try this....

Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.

Double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

beaslie0503 · 2011/10/25

here is the remover.exe one

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02800000
Boot sector MD5 is: fe5642739ba66ba18c128543669678a2

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

here is aswMBR

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-25 20:55:05
-----------------------------
20:55:05.515 OS Version: Windows 5.1.2600 Service Pack 3
20:55:05.515 Number of processors: 2 586 0xF0D
20:55:05.515 ComputerName: MB-4026-03 UserName: mcase
20:55:10.875 Initialize success
20:59:56.250 AVAST engine defs: 11102501
21:00:16.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:00:16.328 Disk 0 Vendor: ST912041 DE16 Size: 114473MB BusType: 3
21:00:16.359 Disk 0 MBR read successfully
21:00:16.359 Disk 0 MBR scan
21:00:16.875 Disk 0 Windows VISTA default MBR code
21:00:16.984 Disk 0 scanning sectors +234439600
21:00:17.109 Disk 0 scanning C:\WINDOWS\system32\drivers
21:00:59.171 Service scanning
21:01:00.296 Modules scanning
21:01:24.328 Disk 0 trace - called modules:
21:01:24.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:01:24.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a22f488]
21:01:24.359 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a22d028]
21:01:29.062 AVAST engine scan C:\WINDOWS
21:01:47.000 AVAST engine scan C:\WINDOWS\system32
21:05:16.328 AVAST engine scan C:\WINDOWS\system32\drivers
21:05:36.671 AVAST engine scan C:\Documents and Settings\mcase
21:07:37.859 File: C:\Documents and Settings\mcase\Local Settings\Application Data\a41f723c\U\800000cb.@ **INFECTED** Win32:Sirefef-AO [Rtk]
21:16:13.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mcase\Desktop\LOGS\MBRCheck\MBR.dat "
21:16:13.734 The log file has been saved successfully to "C:\Documents and Settings\mcase\Desktop\LOGS\MBRCheck\aswMBR.txt "

broni · 2011/10/25

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

beaslie0503 · 2011/10/25

combofix is still doing some serious scrubbing... have it for u shortly

beaslie0503 · 2011/10/26

ComboFix 11-10-25.04 - mcase 10/25/2011 21:41:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.3003 [GMT -7:00]
Running from: c:\documents and settings\mcase\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\aberry\Start Menu\Internet Explorer.lnk
c:\documents and settings\mcase\Local Settings\Application Data\a41f723c
c:\documents and settings\mcase\Local Settings\Application Data\a41f723c\@
c:\documents and settings\mcase\Local Settings\Application Data\a41f723c\U\800000cb.@
c:\documents and settings\mcase\Local Settings\Application Data\a41f723c\X
c:\documents and settings\mcase\Local Settings\Temporary Internet Files\ECOPY_EXCHANGE_10152010-134652.pdf
c:\documents and settings\mcase\Start Menu\Internet Explorer.lnk
c:\documents and settings\rchristian\Start Menu\Internet Explorer.lnk
c:\documents and settings\sgarcia\Start Menu\Internet Explorer.lnk
c:\windows\$NtUninstallKB10716$
c:\windows\$NtUninstallKB10716$\2753524284\@
c:\windows\$NtUninstallKB10716$\2753524284\L\xfcwrezr
c:\windows\$NtUninstallKB10716$\2753524284\loader.tlb
c:\windows\$NtUninstallKB10716$\2753524284\U\@00000001
c:\windows\$NtUninstallKB10716$\2753524284\U\@000000c0
c:\windows\$NtUninstallKB10716$\2753524284\U\@000000cb
c:\windows\$NtUninstallKB10716$\2753524284\U\@000000cf
c:\windows\$NtUninstallKB10716$\2753524284\U\@80000000
c:\windows\$NtUninstallKB10716$\2753524284\U\@800000c0
c:\windows\$NtUninstallKB10716$\2753524284\U\@800000cb
c:\windows\$NtUninstallKB10716$\2753524284\U\@800000cf
c:\windows\$NtUninstallKB10716$\322713205
c:\windows\1014112164
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system\oeminfo.ini
c:\windows\system32\
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2011-10-25 23:40 . 2011-10-25 23:40 -------- d-----w- c:\documents and settings\mcase\Application Data\Malwarebytes
2011-10-25 23:40 . 2011-10-25 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-25 23:40 . 2011-10-25 23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-25 23:40 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 11:23 . 2011-10-06 11:23 -------- d-----w- c:\program files\CSTAR v10
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 03:37 . 2008-04-14 08:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-26 18:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-20 23:27 . 2011-09-20 23:27 1003520 ----a-w- c:\windows\system32\cstarlib.dll
2011-09-20 19:03 . 2011-09-20 19:03 1454080 ----a-w- c:\windows\system32\svdp.dll
2011-09-09 09:12 . 2008-04-14 13:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2008-04-14 09:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2008-04-14 13:42 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-04-14 13:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:48 . 2008-04-14 13:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2008-04-14 08:07 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-10-28 200704]
"AESTFltr "= "c:\windows\system32\AESTFltr.exe" [2008-12-01 471040]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 136600]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-09-17 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-09-17 178712]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-09-17 150040]
"SysTrayApp "= "c:\program files\IDT\WDM\sttray.exe" [2008-12-01 483420]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-08-23 115560]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Synchronization Manager "= "c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"Adobe Acrobat Speed Launcher "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange "= 1 (0x1)
"ForceStartMenuLogOff "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-725345543-839522115-13706\Scripts\Logon\0\0]
"Script "=WKIX32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-725345543-839522115-17004\Scripts\Logon\0\0]
"Script "=WKIX32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-725345543-839522115-6911\Scripts\Logon\0\0]
"Script "=WKIX32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-725345543-839522115-9187\Scripts\Logon\0\0]
"Script "=WKIX32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-725345543-839522115-9276\Scripts\Logon\0\0]
"Script "=WKIX32.EXE
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [6/27/2008 12:47 PM 1664248]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/25/2011 4:40 PM 366152]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [1/28/2009 8:29 PM 112128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/4/2011 12:23 PM 105592]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [1/28/2009 8:30 PM 110080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/25/2011 4:40 PM 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 10:26 PM 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [8/23/2010 8:32 AM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 10:26 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 6:42 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:26]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:26]
.
2011-10-26 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\program files\SmartDraw VP\Messages\SDNotify.exe [2010-04-06 17:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ChangeTPMAuth - c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
SafeBoot-21776885.sys
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 21:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath "= "a "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3236)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\drivers\audio\r205445\stacsv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-10-25 21:59:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-26 04:59
.
Pre-Run: 89,230,839,808 bytes free
Post-Run: 90,161,541,120 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 67C850C295B803BC8871097FB63E1423

broni · 2011/10/26

Looks good now.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Log in or Sign up

Inactive My mother got happy clicking syndrome

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive My mother got happy clicking syndrome

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches