Inactive Rootkit.win32.tdss.d

flippylip · 2010/08/06

[Inactive] Rootkit.win32.tdss.d

Hi Everyone,

I am infected with rootkit.win32.tdss.d and have run the program DDS and here are my scans.

Im sorry, but i don't know how to post my scans on this board. How do you do that?

Thank you.

PeteC · 2010/08/06

Copy/paste the contents of each log into a new post in this thread. You may need to spread the logs over 2 posts .

flippylip · 2010/08/06

rootkit.win32.tdss.d

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 13:45:04.67 on Fri 08/06/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.231 [GMT -4:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Outlook Express\msimn.exe
c:\program files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\My Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: TwcToolbarBhoApp Class: {aa1f9ddb-e605-4ba6-81d4-e427dee012ad} - c:\windows\system32\TwcToolbarBho.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe "
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe "
mRun: [Lexmark X73 Button Monitor] c:\progra~1\lexmar~1\ACMonitor_X73.exe
mRun: [Lexmark X73 Button Manager] c:\progra~1\lexmar~1\AcBtnMgr_X73.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\jssanbcn.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=NSC-A&o=14095&locale=en_US&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [2010-5-18 902592]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-5-14 226832]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-11-11 208616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-3 304464]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-7-21 88176]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-3 20952]
R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [2007-10-25 616064]
S0 kctwb;kctwb;c:\windows\system32\drivers\ujkq.sys --> c:\windows\system32\drivers\ujkq.sys [?]
S2 0321951243778897mcinstcleanup;0321951243778897mcinstcleanup; [x]
S2 TLRecAgent;TLRecAgent;\??\c:\windows\system32\drivers\tlrecagent.sys --> c:\windows\system32\drivers\TLRecAgent.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2010-8-4 410976]

=============== Created Last 30 ================

2100-02-23 18:35:34 768 ----a-w- c:\windows\x73_lut.dat
2100-02-08 19:53:34 1439 ----a-w- c:\windows\GtX73.ini
2010-08-06 17:12:34 0 d-----w- C:\TDSSKiller_Quarantine
2010-08-04 17:39:45 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2010-08-03 15:56:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-03 15:55:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 15:55:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-03 15:53:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 1.46SAP0506010
2010-08-02 15:29:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Alawar Stargaze
2010-08-02 15:16:10 0 d-----w- c:\program files\Snark Busters Welcome to the Club
2010-07-31 00:57:24 0 d-----w- c:\docume~1\admini~1\applic~1\Vast Studios
2010-07-31 00:55:36 0 d-----w- c:\program files\Nightfall Mysteries Asylum Conspiracy
2010-07-28 15:13:51 0 d-----w- c:\docume~1\admini~1\applic~1\TikisLab
2010-07-26 20:02:48 0 d-----w- c:\docume~1\admini~1\applic~1\Office Genuine Advantage
2010-07-25 15:57:32 280 ----a-w- c:\windows\system32\PDBootState
2010-07-21 00:03:24 0 d-----w- c:\program files\Deep Blue Sea 2
2010-07-20 17:32:47 0 d-----w- c:\program files\RealArcade
2010-07-15 18:48:04 0 d-----w- c:\program files\Rainbow Mystery
2010-07-13 17:00:50 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-13 17:00:39 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-07-13 16:30:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2010-08-06 17:29:40 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-06 17:29:24 688160 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-08-06 17:29:24 5528 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-08-06 17:29:24 3232800 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-08-06 17:29:24 30528 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-08-04 16:16:54 34308 ----a-w- c:\docume~1\alluse~1\applic~1\mazuki.dll
2010-07-29 16:49:28 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 16:49:28 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-27 06:30:35 8462336 ----a-w- c:\windows\system32\dllcache\shell32.dll
2010-06-14 14:31:20 744448 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
2010-05-27 15:44:20 237320 ----a-w- c:\windows\system32\PDBoot.exe
2006-11-20 13:01:08 163840 ----a-w- c:\program files\common files\AMCap.exe

============= FINISH: 13:46:42.23 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/16/2004 1:43:18 PM
System Uptime: 8/6/2010 1:29:35 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 00T606
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2399/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 119.993 GiB free.
D: is FIXED (NTFS) - 56 GiB total, 31.638 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP298: 5/8/2010 10:43:15 AM - System Checkpoint
RP299: 5/9/2010 4:29:14 PM - System Checkpoint
RP300: 5/10/2010 5:07:11 PM - System Checkpoint
RP301: 5/11/2010 5:52:17 PM - System Checkpoint
RP302: 5/12/2010 6:02:00 PM - System Checkpoint
RP303: 5/13/2010 6:07:35 PM - System Checkpoint
RP304: 5/14/2010 6:52:39 PM - System Checkpoint
RP305: 5/15/2010 7:52:22 PM - System Checkpoint
RP306: 5/16/2010 8:43:05 PM - System Checkpoint
RP307: 5/17/2010 9:14:05 PM - System Checkpoint
RP308: 5/18/2010 12:52:19 PM - Installed Acronis*True*Image*Home
RP309: 5/18/2010 1:20:46 PM - Removed Acronis*True*Image*Home
RP310: 5/18/2010 2:11:37 PM - Installed Acronis*True*Image*Home
RP311: 5/18/2010 2:15:12 PM - Installed Acronis*True*Image*Home
RP312: 5/18/2010 2:37:02 PM - Installed Acronis*True*Image*Home
RP313: 5/18/2010 2:39:34 PM - Installed Acronis*True*Image*Home
RP314: 5/18/2010 5:26:18 PM - Installed Acronis*True*Image*Home
RP315: 5/18/2010 6:14:53 PM - Installed Acronis*True*Image*Home
RP316: 5/18/2010 6:54:13 PM - Installed Acronis*True*Image*Home
RP317: 5/18/2010 6:58:56 PM - Installed Acronis*True*Image*Home
RP318: 5/18/2010 7:15:55 PM - Installed Backup4all Professional 4
RP319: 5/18/2010 7:16:16 PM - SPTD setup V1.60
RP320: 5/19/2010 10:23:16 PM - System Checkpoint
RP321: 5/21/2010 10:38:31 AM - System Checkpoint
RP322: 5/22/2010 11:56:08 AM - System Checkpoint
RP323: 5/23/2010 11:58:53 AM - System Checkpoint
RP324: 5/24/2010 2:55:25 PM - System Checkpoint
RP325: 5/25/2010 3:06:47 PM - System Checkpoint
RP326: 5/26/2010 5:03:20 PM - System Checkpoint
RP327: 5/27/2010 5:33:04 PM - System Checkpoint
RP328: 5/29/2010 4:19:15 PM - System Checkpoint
RP329: 5/30/2010 4:35:17 PM - System Checkpoint
RP330: 5/31/2010 4:36:32 PM - System Checkpoint
RP331: 6/1/2010 5:24:36 PM - System Checkpoint
RP332: 6/2/2010 5:51:47 PM - System Checkpoint
RP333: 6/3/2010 6:16:17 PM - System Checkpoint
RP334: 6/4/2010 6:44:10 PM - System Checkpoint
RP335: 6/5/2010 7:43:32 PM - System Checkpoint
RP336: 6/6/2010 8:12:21 PM - System Checkpoint
RP337: 6/7/2010 8:20:44 PM - System Checkpoint
RP338: 6/9/2010 11:35:54 AM - System Checkpoint
RP339: 6/10/2010 12:09:21 PM - System Checkpoint
RP340: 6/11/2010 12:27:31 PM - System Checkpoint
RP341: 6/12/2010 3:35:38 PM - System Checkpoint
RP342: 6/13/2010 4:24:47 PM - System Checkpoint
RP343: 6/14/2010 5:30:18 PM - System Checkpoint
RP344: 6/15/2010 5:59:16 PM - System Checkpoint
RP345: 6/16/2010 6:19:33 PM - System Checkpoint
RP346: 6/17/2010 6:50:30 PM - System Checkpoint
RP347: 6/18/2010 7:26:16 PM - System Checkpoint
RP348: 6/20/2010 2:10:16 PM - System Checkpoint
RP349: 6/21/2010 2:24:29 PM - System Checkpoint
RP350: 6/22/2010 3:41:00 PM - System Checkpoint
RP351: 6/23/2010 3:49:21 PM - System Checkpoint
RP352: 6/24/2010 4:24:26 PM - System Checkpoint
RP353: 6/25/2010 4:24:53 PM - System Checkpoint
RP354: 6/26/2010 8:30:32 PM - System Checkpoint
RP355: 6/28/2010 12:22:13 PM - System Checkpoint
RP356: 6/29/2010 1:21:11 PM - System Checkpoint
RP357: 6/30/2010 2:35:38 PM - System Checkpoint
RP358: 7/1/2010 3:11:14 PM - System Checkpoint
RP359: 7/2/2010 4:17:47 PM - System Checkpoint
RP360: 7/4/2010 4:09:48 PM - System Checkpoint
RP361: 7/5/2010 4:28:37 PM - System Checkpoint
RP362: 7/7/2010 10:56:18 AM - System Checkpoint
RP363: 7/11/2010 5:58:33 PM - System Checkpoint
RP364: 7/12/2010 6:42:33 PM - System Checkpoint
RP365: 7/13/2010 12:55:28 PM - Restore Operation
RP366: 7/13/2010 1:00:16 PM - Restore Operation
RP367: 7/14/2010 2:10:58 PM - System Checkpoint
RP368: 7/15/2010 3:22:06 PM - System Checkpoint
RP369: 7/16/2010 3:45:19 PM - Software Distribution Service 3.0
RP370: 7/17/2010 11:02:31 AM - Software Distribution Service 3.0
RP371: 7/17/2010 11:07:41 AM - Software Distribution Service 3.0
RP372: 7/18/2010 4:43:46 PM - System Checkpoint
RP373: 7/20/2010 10:13:48 AM - System Checkpoint
RP374: 7/21/2010 11:26:43 AM - System Checkpoint
RP375: 7/22/2010 11:33:15 AM - System Checkpoint
RP376: 7/23/2010 4:17:47 PM - System Checkpoint
RP377: 7/24/2010 4:45:28 PM - System Checkpoint
RP378: 7/26/2010 2:12:00 PM - System Checkpoint
RP379: 7/27/2010 2:15:30 PM - System Checkpoint
RP380: 7/28/2010 2:55:59 PM - System Checkpoint
RP381: 7/29/2010 3:31:13 PM - System Checkpoint
RP382: 7/30/2010 3:43:28 PM - System Checkpoint
RP383: 7/31/2010 4:02:30 PM - System Checkpoint
RP384: 8/1/2010 4:38:32 PM - System Checkpoint
RP385: 8/2/2010 5:02:43 PM - System Checkpoint
RP386: 8/3/2010 11:53:04 AM - Software Distribution Service 3.0
RP387: 8/4/2010 7:00:54 PM - System Checkpoint
RP388: 8/5/2010 7:16:14 PM - System Checkpoint

==== Installed Programs ======================

4 Elements
7 Wonders
7 Wonders II
7 Wonders Treasures Of Seven
AAC Decoder
Acrobat.com
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Reader 9.3
AI RoboForm (All Users)
Apple Application Support
Apple Software Update
Archipelago
Ashampoo Burning Studio 9.21
Ashampoo WinOptimizer 6.01
Astro Avenger 2
AutoUpdate
Avalanche
Azkend 1.02
Backup4all Professional 4
Bejeweled 2
Belarc Advisor 7.2
Bespelled Deluxe 1.03
Big Kahuna Reef 2 - Chain Reaction
Bookworm Adventures 2 1.00
CCleaner
Chainz 2
Collapse III
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Data Lifeguard Diagnostic for Windows
Devastation Zone Troopers
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Faerie Solitaire
Flip Words 2
Glyph
Glyph 2
H.264 Decoder
Hidden Wonders Of The Depths
Hidden Wonders of the Depths 2 1.00
Hidden Wonders of the Depths 3 Atlantis Adventures 1.00
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB981793)
Hoyle Board Games
ImgBurn
Intel(R) Extreme Graphics Driver
Intel(R) PRO Ethernet Adapter and Software
Java(TM) 6 Update 15
Jewel Quest 2
Jewel Quest Heritage 1.00
Jewel Quest Solitaire II
Kaspersky Internet Security 2009
Lexmark X73
Lost In Reefs 1.00
Lost Treasures Of El Dorado
Luxor Adventures 1.00
MadCaps
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Converter Pack
Microsoft Office XP Small Business
Microsoft Picture It! Publishing Gold 2001
Microsoft PowerPoint Viewer 97
Microsoft Streets and Trips 2005
MKV Splitter
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NASCAR Toolbar
Nero 7 Ultra Edition
neroxml
Nightfall Mysteries Asylum Conspiracy 1.00
OGA Notifier 2.0.0048.0
One Million Recipes 6.00
PC Camera
PerfectDisk 11 Professional
QuickTime
Rainbow Mystery
Rainbow Web
Rainbow Web 2
Rainforest Adventure 1.00
Ricochet Infinity
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Shockwave
Sierra Utilities
SKIPBO Castaway Caper
Skype Toolbars
Skype™ 4.2
Slingo Supreme 1.00
Snark Busters Welcome to the Club 1.00
SolSuite 2010 v10.1
SoundMAX
The Cleaner
The Lost Inca Prophecy 1.00
The Weather Channel Toolbar
Treasure Island
Trial of the Gods Ariadnes Journey 1.00
TriPeaks Solitaire To Go
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB955759)
Update for Windows XP (KB973687)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.1.0
WebFldrs XP
Windows Internet Explorer 7
Windows Media Format Runtime
WinRAR archiver
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

8/6/2010 12:37:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
8/6/2010 12:36:26 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/5/2010 10:51:48 AM, error: Print [6161] - The document Microsoft Word - Rodger's Employers List.doc owned by Administrator failed to print on printer Lexmark X73. Data type: LEMF. Size of the spool file in bytes: 260310. Number of bytes printed: 4. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DELL-B9D0F5ABDA. Win32 error code returned by the print processor: 109 (0x6d).
8/4/2010 12:48:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/4/2010 12:46:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt Fips intelppm IPSec kl1 klbg KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
8/4/2010 12:46:42 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/4/2010 12:46:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/4/2010 12:46:42 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2010 12:46:42 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/4/2010 12:45:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/4/2010 12:45:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/4/2010 1:23:59 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
8/4/2010 1:23:30 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/4/2010 1:23:30 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
8/3/2010 11:37:04 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
8/3/2010 11:37:04 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/31/2010 10:59:02 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows User Mode Driver Framework service to connect.
7/31/2010 10:59:02 AM, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/31/2010 10:59:02 AM, error: Service Control Manager [7000] - The TLRecAgent service failed to start due to the following error: The system cannot find the file specified.
7/31/2010 10:59:02 AM, error: Service Control Manager [7000] - The Acronis Scheduler2 Service service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

flippylip · 2010/08/06

"PeteC said: ↑

Copy/paste the contents of each log into a new post in this thread. You may need to spread the logs over 2 posts .
Click to expand...

Thank you.

Copy and pasted done.

PeteC · 2010/08/06

Thanks

One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

Thank you for your patience.

broni · 2010/08/06

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

flippylip · 2010/08/06

rootkit.win32.tdss.d

2010/08/06 18:17:24.0703 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/06 18:17:24.0703 ================================================================================
2010/08/06 18:17:24.0703 SystemInfo:
2010/08/06 18:17:24.0703
2010/08/06 18:17:24.0703 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/06 18:17:24.0703 Product type: Workstation
2010/08/06 18:17:24.0718 ComputerName: DELL-B9D0F5ABDA
2010/08/06 18:17:24.0718 UserName: Administrator
2010/08/06 18:17:24.0718 Windows directory: C:\WINDOWS
2010/08/06 18:17:24.0718 System windows directory: C:\WINDOWS
2010/08/06 18:17:24.0718 Processor architecture: Intel x86
2010/08/06 18:17:24.0718 Number of processors: 1
2010/08/06 18:17:24.0718 Page size: 0x1000
2010/08/06 18:17:24.0718 Boot type: Normal boot
2010/08/06 18:17:24.0718 ================================================================================
2010/08/06 18:17:25.0203 Initialize success
2010/08/06 18:17:26.0843 ================================================================================
2010/08/06 18:17:26.0843 Scan started
2010/08/06 18:17:26.0843 Mode: Manual;
2010/08/06 18:17:26.0843 ================================================================================
2010/08/06 18:17:28.0062 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/06 18:17:28.0109 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/06 18:17:28.0218 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/06 18:17:28.0265 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/06 18:17:28.0312 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/06 18:17:28.0687 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/06 18:17:28.0734 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/06 18:17:28.0812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/06 18:17:28.0890 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/06 18:17:28.0953 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/08/06 18:17:29.0000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/06 18:17:29.0078 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/06 18:17:29.0140 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/06 18:17:29.0218 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/06 18:17:29.0250 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/06 18:17:29.0296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/06 18:17:29.0609 DefragFS (4bb22f61e7257ed353a39130b3ed2461) C:\WINDOWS\system32\drivers\DefragFS.sys
2010/08/06 18:17:29.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/06 18:17:29.0828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/06 18:17:29.0921 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/06 18:17:29.0968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/06 18:17:30.0015 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/06 18:17:30.0140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/06 18:17:30.0203 E1000 (854293999e91bf2eb9e786166de4a35f) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2010/08/06 18:17:30.0281 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/06 18:17:30.0359 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/06 18:17:30.0406 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/06 18:17:30.0453 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/06 18:17:30.0484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/06 18:17:30.0546 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/06 18:17:30.0578 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/06 18:17:30.0640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/06 18:17:30.0703 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/06 18:17:30.0796 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2010/08/06 18:17:30.0953 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2010/08/06 18:17:31.0140 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/06 18:17:31.0296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/06 18:17:31.0375 ialm (da58a8be6a445835f603720c4bc8837e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/06 18:17:31.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/06 18:17:31.0578 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/06 18:17:31.0625 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/06 18:17:31.0671 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/06 18:17:31.0718 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/06 18:17:31.0765 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/06 18:17:31.0812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/06 18:17:31.0875 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/06 18:17:31.0921 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/06 18:17:31.0968 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/06 18:17:32.0015 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/06 18:17:32.0062 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/06 18:17:32.0156 kl1 (cd6a8fa9395460ffe7fd8881a6c67254) C:\WINDOWS\system32\drivers\kl1.sys
2010/08/06 18:17:32.0250 klbg (f9089982ed97340984e3dd60edd75490) C:\WINDOWS\system32\drivers\klbg.sys
2010/08/06 18:17:32.0328 KLFLTDEV (73eb94ad1c85b4a3c5a8b4d879f668b9) C:\WINDOWS\system32\DRIVERS\klfltdev.sys
2010/08/06 18:17:32.0406 KLIF (2627c389ba33065b2e98118ce9d71e57) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/08/06 18:17:32.0468 klim5 (cd16a39c6f61c2ae0272e1f431353bf7) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/08/06 18:17:32.0515 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/06 18:17:32.0640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/06 18:17:33.0015 LXARScan (e8d15acd2f65a2e8756768353e08a9a0) C:\WINDOWS\system32\Drivers\Lxarscan.sys
2010/08/06 18:17:33.0140 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/08/06 18:17:33.0328 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/06 18:17:33.0406 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/06 18:17:33.0500 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/06 18:17:33.0578 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/08/06 18:17:33.0656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/06 18:17:33.0703 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/06 18:17:33.0765 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/06 18:17:33.0875 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/06 18:17:33.0968 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/06 18:17:34.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/06 18:17:34.0234 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/06 18:17:34.0296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/06 18:17:34.0359 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/06 18:17:34.0421 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/06 18:17:34.0515 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/06 18:17:34.0640 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/06 18:17:34.0734 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/06 18:17:34.0859 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/06 18:17:34.0984 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/06 18:17:35.0140 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/06 18:17:35.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/06 18:17:35.0296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/06 18:17:35.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/06 18:17:35.0421 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/06 18:17:35.0515 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/06 18:17:35.0937 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/06 18:17:36.0093 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/06 18:17:36.0375 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/06 18:17:36.0500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/06 18:17:36.0578 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/06 18:17:36.0750 PAC207 (9482616a0f87384c5afb5f34a317bf6c) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
2010/08/06 18:17:36.0968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/06 18:17:37.0062 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/06 18:17:37.0125 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/06 18:17:37.0187 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/06 18:17:37.0375 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/08/06 18:17:37.0437 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/06 18:17:37.0531 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/08/06 18:17:38.0062 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/06 18:17:38.0125 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/06 18:17:38.0218 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/06 18:17:38.0390 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/06 18:17:38.0796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/06 18:17:38.0859 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/06 18:17:39.0015 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/06 18:17:39.0062 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/06 18:17:39.0125 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/06 18:17:39.0171 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/06 18:17:39.0281 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/06 18:17:39.0421 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/06 18:17:39.0484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/06 18:17:39.0656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/06 18:17:39.0718 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/06 18:17:39.0765 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/06 18:17:39.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/06 18:17:39.0937 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/06 18:17:40.0015 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/06 18:17:40.0109 snapman (e60646143eb6b746eb3ab58ef7d5cff7) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/08/06 18:17:40.0187 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/06 18:17:40.0296 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\WINDOWS\system32\Drivers\sptd.sys
2010/08/06 18:17:40.0296 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
2010/08/06 18:17:40.0312 sptd - detected Locked file (1)
2010/08/06 18:17:40.0359 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/06 18:17:40.0453 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/06 18:17:40.0546 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/06 18:17:40.0640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/06 18:17:40.0703 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/06 18:17:40.0906 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/06 18:17:40.0984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/06 18:17:41.0062 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/06 18:17:41.0171 tdrpman228 (664469f03c955e851c5de58eea233f5a) C:\WINDOWS\system32\DRIVERS\tdrpm228.sys
2010/08/06 18:17:41.0312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/06 18:17:41.0359 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/06 18:17:41.0531 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/06 18:17:41.0671 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
2010/08/06 18:17:41.0812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/06 18:17:41.0906 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/06 18:17:41.0953 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/06 18:17:42.0000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/06 18:17:42.0062 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/06 18:17:42.0125 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/06 18:17:42.0171 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/06 18:17:42.0218 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/06 18:17:42.0250 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/06 18:17:42.0343 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/06 18:17:42.0421 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/06 18:17:42.0500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/06 18:17:42.0609 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2010/08/06 18:17:42.0828 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/06 18:17:42.0921 ================================================================================
2010/08/06 18:17:42.0921 Scan finished
2010/08/06 18:17:42.0921 ================================================================================
2010/08/06 18:17:42.0953 Detected object count: 1
2010/08/06 18:18:11.0375 Locked file(sptd) - User select action: Skip

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:14:25 PM, on 8/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Outlook Express\msimn.exe
c:\program files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe "
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 0321951243778897mcinstcleanup - - (no file)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

--
End of file - 8316 bytes

flippylip · 2010/08/06

"broni said: ↑

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Click to expand...

2010/08/06 18:17:24.0703 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/06 18:17:24.0703 ================================================================================
2010/08/06 18:17:24.0703 SystemInfo:
2010/08/06 18:17:24.0703
2010/08/06 18:17:24.0703 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/06 18:17:24.0703 Product type: Workstation
2010/08/06 18:17:24.0718 ComputerName: DELL-B9D0F5ABDA
2010/08/06 18:17:24.0718 UserName: Administrator
2010/08/06 18:17:24.0718 Windows directory: C:\WINDOWS
2010/08/06 18:17:24.0718 System windows directory: C:\WINDOWS
2010/08/06 18:17:24.0718 Processor architecture: Intel x86
2010/08/06 18:17:24.0718 Number of processors: 1
2010/08/06 18:17:24.0718 Page size: 0x1000
2010/08/06 18:17:24.0718 Boot type: Normal boot
2010/08/06 18:17:24.0718 ================================================================================
2010/08/06 18:17:25.0203 Initialize success
2010/08/06 18:17:26.0843 ================================================================================
2010/08/06 18:17:26.0843 Scan started
2010/08/06 18:17:26.0843 Mode: Manual;
2010/08/06 18:17:26.0843 ================================================================================
2010/08/06 18:17:28.0062 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/06 18:17:28.0109 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/06 18:17:28.0218 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/06 18:17:28.0265 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/06 18:17:28.0312 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/06 18:17:28.0687 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/06 18:17:28.0734 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/06 18:17:28.0812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/06 18:17:28.0890 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/06 18:17:28.0953 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/08/06 18:17:29.0000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/06 18:17:29.0078 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/06 18:17:29.0140 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/06 18:17:29.0218 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/06 18:17:29.0250 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/06 18:17:29.0296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/06 18:17:29.0609 DefragFS (4bb22f61e7257ed353a39130b3ed2461) C:\WINDOWS\system32\drivers\DefragFS.sys
2010/08/06 18:17:29.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/06 18:17:29.0828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/06 18:17:29.0921 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/06 18:17:29.0968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/06 18:17:30.0015 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/06 18:17:30.0140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/06 18:17:30.0203 E1000 (854293999e91bf2eb9e786166de4a35f) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2010/08/06 18:17:30.0281 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/06 18:17:30.0359 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/06 18:17:30.0406 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/06 18:17:30.0453 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/06 18:17:30.0484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/06 18:17:30.0546 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/06 18:17:30.0578 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/06 18:17:30.0640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/06 18:17:30.0703 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/06 18:17:30.0796 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2010/08/06 18:17:30.0953 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2010/08/06 18:17:31.0140 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/06 18:17:31.0296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/06 18:17:31.0375 ialm (da58a8be6a445835f603720c4bc8837e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/06 18:17:31.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/06 18:17:31.0578 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/06 18:17:31.0625 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/06 18:17:31.0671 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/06 18:17:31.0718 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/06 18:17:31.0765 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/06 18:17:31.0812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/06 18:17:31.0875 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/06 18:17:31.0921 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/06 18:17:31.0968 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/06 18:17:32.0015 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/06 18:17:32.0062 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/06 18:17:32.0156 kl1 (cd6a8fa9395460ffe7fd8881a6c67254) C:\WINDOWS\system32\drivers\kl1.sys
2010/08/06 18:17:32.0250 klbg (f9089982ed97340984e3dd60edd75490) C:\WINDOWS\system32\drivers\klbg.sys
2010/08/06 18:17:32.0328 KLFLTDEV (73eb94ad1c85b4a3c5a8b4d879f668b9) C:\WINDOWS\system32\DRIVERS\klfltdev.sys
2010/08/06 18:17:32.0406 KLIF (2627c389ba33065b2e98118ce9d71e57) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/08/06 18:17:32.0468 klim5 (cd16a39c6f61c2ae0272e1f431353bf7) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/08/06 18:17:32.0515 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/06 18:17:32.0640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/06 18:17:33.0015 LXARScan (e8d15acd2f65a2e8756768353e08a9a0) C:\WINDOWS\system32\Drivers\Lxarscan.sys
2010/08/06 18:17:33.0140 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/08/06 18:17:33.0328 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/06 18:17:33.0406 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/06 18:17:33.0500 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/06 18:17:33.0578 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/08/06 18:17:33.0656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/06 18:17:33.0703 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/06 18:17:33.0765 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/06 18:17:33.0875 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/06 18:17:33.0968 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/06 18:17:34.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/06 18:17:34.0234 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/06 18:17:34.0296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/06 18:17:34.0359 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/06 18:17:34.0421 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/06 18:17:34.0515 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/06 18:17:34.0640 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/06 18:17:34.0734 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/06 18:17:34.0859 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/06 18:17:34.0984 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/06 18:17:35.0140 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/06 18:17:35.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/06 18:17:35.0296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/06 18:17:35.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/06 18:17:35.0421 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/06 18:17:35.0515 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/06 18:17:35.0937 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/06 18:17:36.0093 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/06 18:17:36.0375 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/06 18:17:36.0500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/06 18:17:36.0578 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/06 18:17:36.0750 PAC207 (9482616a0f87384c5afb5f34a317bf6c) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
2010/08/06 18:17:36.0968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/06 18:17:37.0062 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/06 18:17:37.0125 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/06 18:17:37.0187 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/06 18:17:37.0375 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/08/06 18:17:37.0437 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/06 18:17:37.0531 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/08/06 18:17:38.0062 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/06 18:17:38.0125 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/06 18:17:38.0218 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/06 18:17:38.0390 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/06 18:17:38.0796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/06 18:17:38.0859 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/06 18:17:39.0015 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/06 18:17:39.0062 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/06 18:17:39.0125 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/06 18:17:39.0171 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/06 18:17:39.0281 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/06 18:17:39.0421 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/06 18:17:39.0484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/06 18:17:39.0656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/06 18:17:39.0718 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/06 18:17:39.0765 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/06 18:17:39.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/06 18:17:39.0937 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/06 18:17:40.0015 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/06 18:17:40.0109 snapman (e60646143eb6b746eb3ab58ef7d5cff7) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/08/06 18:17:40.0187 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/06 18:17:40.0296 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\WINDOWS\system32\Drivers\sptd.sys
2010/08/06 18:17:40.0296 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
2010/08/06 18:17:40.0312 sptd - detected Locked file (1)
2010/08/06 18:17:40.0359 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/06 18:17:40.0453 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/06 18:17:40.0546 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/06 18:17:40.0640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/06 18:17:40.0703 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/06 18:17:40.0906 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/06 18:17:40.0984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/06 18:17:41.0062 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/06 18:17:41.0171 tdrpman228 (664469f03c955e851c5de58eea233f5a) C:\WINDOWS\system32\DRIVERS\tdrpm228.sys
2010/08/06 18:17:41.0312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/06 18:17:41.0359 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/06 18:17:41.0531 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/06 18:17:41.0671 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
2010/08/06 18:17:41.0812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/06 18:17:41.0906 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/06 18:17:41.0953 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/06 18:17:42.0000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/06 18:17:42.0062 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/06 18:17:42.0125 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/06 18:17:42.0171 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/06 18:17:42.0218 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/06 18:17:42.0250 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/06 18:17:42.0343 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/06 18:17:42.0421 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/06 18:17:42.0500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/06 18:17:42.0609 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2010/08/06 18:17:42.0828 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/06 18:17:42.0921 ================================================================================
2010/08/06 18:17:42.0921 Scan finished
2010/08/06 18:17:42.0921 ================================================================================
2010/08/06 18:17:42.0953 Detected object count: 1
2010/08/06 18:18:11.0375 Locked file(sptd) - User select action: Skip

broni · 2010/08/06

I don't need HJT log

TDSSKiller didn't detect any rootkit activity.

I am infected with rootkit.win32.tdss.d
Click to expand...

How do you know?

=============================================================

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

flippylip · 2010/08/06

rootkit.win32.tdss.d

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8D19000 \WINDOWS\system32\KDCOM.DLL
0xF8C29000 \WINDOWS\system32\BOOTVID.dll
0xF8819000 klmdb.sys
0xF86F7000 spvv.sys
0xF8D1B000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF86DF000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF86B1000 ACPI.sys
0xF86A0000 pci.sys
0xF8829000 isapnp.sys
0xF8A99000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF8D1D000 intelide.sys
0xF8839000 MountMgr.sys
0xF8681000 ftdisk.sys
0xF8D1F000 dmload.sys
0xF865B000 dmio.sys
0xF8AA1000 PartMgr.sys
0xF8849000 VolSnap.sys
0xF8643000 atapi.sys
0xF8859000 disk.sys
0xF8869000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8623000 fltMgr.sys
0xF8611000 sr.sys
0xF8879000 klbg.sys
0xF8889000 PxHelp20.sys
0xF85FA000 KSecDD.sys
0xF856D000 Ntfs.sys
0xF8540000 NDIS.sys
0xF8465000 tdrpm228.sys
0xF8444000 snapman.sys
0xF842A000 Mup.sys
0xF7F0B000 kl1.sys
0xF8AA9000 \WINDOWS\system32\drivers\TDI.SYS
0xF88B9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7D93000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF7D7F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8AE1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7D5B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF88C9000 \SystemRoot\system32\DRIVERS\klfltdev.sys
0xF8AF1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7D25000 \SystemRoot\system32\DRIVERS\HSFBS2S2.sys
0xF7D02000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7C03000 \SystemRoot\system32\DRIVERS\HSFDPSP2.sys
0xF7B5B000 \SystemRoot\system32\DRIVERS\HSFCXTS2.sys
0xF8B11000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7B42000 \SystemRoot\system32\DRIVERS\e1000325.sys
0xF8B21000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF88D9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8B31000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF88E9000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7EBE000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7B2E000 \SystemRoot\system32\DRIVERS\parport.sys
0xF88F9000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8909000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8919000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7AAA000 \SystemRoot\system32\drivers\smwdm.sys
0xF7A86000 \SystemRoot\system32\drivers\portcls.sys
0xF8929000 \SystemRoot\system32\drivers\drmk.sys
0xF8D23000 \SystemRoot\system32\drivers\aeaudio.sys
0xF8B51000 \SystemRoot\system32\DRIVERS\klim5.sys
0xF8DE4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8939000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7EA2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7A6F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8949000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8959000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A5E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8969000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8B71000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8B81000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF798E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8979000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B91000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8D29000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7930000 \SystemRoot\system32\DRIVERS\update.sys
0xF7E86000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8989000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF89A9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8D2F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7E52000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF8BA9000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xEF804000 \SystemRoot\system32\DRIVERS\klif.sys
0xF8D33000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8E44000 \SystemRoot\System32\Drivers\Null.SYS
0xF8D37000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8BD1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8BD9000 \SystemRoot\System32\drivers\vga.sys
0xF8D3B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8D3F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8BE9000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8BF9000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7ECA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEF7D1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEF750000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEF728000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEF702000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF89F9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEF6E0000 \SystemRoot\System32\drivers\afd.sys
0xF8A09000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEF6B5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEF645000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8A19000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8E60000 \SystemRoot\System32\Drivers\BANTExt.sys
0xF7E3A000 \SystemRoot\System32\Drivers\Lxarscan.sys
0xF8BB1000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xEF7C1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8A79000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xEF4E6000 \SystemRoot\system32\DRIVERS\PFC027.SYS
0xF8A89000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF88A9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEF7BD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xEF4CE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8D67000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEF5A1000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8C09000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8E30000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
0xBF05E000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEF59D000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xEF369000 \SystemRoot\System32\Drivers\DefragFS.SYS
0xEF39E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEF034000 \SystemRoot\system32\drivers\wdmaud.sys
0xF8A29000 \SystemRoot\system32\drivers\sysaudio.sys
0xEEDF9000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8D47000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEED7A000 \SystemRoot\system32\DRIVERS\srv.sys
0xEF129000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEE530000 \SystemRoot\System32\Drivers\HTTP.sys
0xEE3F4000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDFE9000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ufwyypog.sys
0xEDFBE000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
1056 C:\WINDOWS\system32\smss.exe
1136 csrss.exe
1160 C:\WINDOWS\system32\winlogon.exe
1208 C:\WINDOWS\system32\services.exe
1220 C:\WINDOWS\system32\lsass.exe
1388 C:\WINDOWS\system32\svchost.exe
1500 svchost.exe
1648 C:\WINDOWS\system32\svchost.exe
1836 svchost.exe
388 C:\WINDOWS\explorer.exe
424 C:\WINDOWS\system32\LEXBCES.EXE
472 C:\WINDOWS\system32\spoolsv.exe
484 C:\WINDOWS\system32\ctfmon.exe
720 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
744 C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
760 C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
912 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
1040 svchost.exe
1604 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
1692 C:\Program Files\Java\jre6\bin\jqs.exe
1748 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1796 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1984 C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
352 C:\WINDOWS\system32\svchost.exe
1396 C:\WINDOWS\system32\fxssvc.exe
2396 C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
2904 alg.exe
2884 C:\Program Files\Mozilla Firefox\firefox.exe
3460 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
868 C:\Program Files\Outlook Express\msimn.exe
2984 C:\Documents and Settings\Administrator\Desktop\My Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JB-00REA0, Rev: 20.00K20
PhysicalDrive1 Model Number: SAMSUNGSV6003H, Rev: QQ100-09

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
55 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-06 20:20:23
Windows 5.1.2600 Service Pack 3
Running: nczboyve.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ufwyypog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xEF8130A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xEF813110]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82FDE1F8

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device \FileSystem\Fastfat \Fat 829941F8

AttachedDevice \FileSystem\Fastfat \Fat tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- EOF - GMER 1.0.15 ----

broni · 2010/08/06

Go on....

Log in or Sign up

Inactive Rootkit.win32.tdss.d

flippylip Well-Known Member Thread Starter

PeteC SuperGeek Staff

flippylip Well-Known Member Thread Starter

flippylip Well-Known Member Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

flippylip Well-Known Member Thread Starter

flippylip Well-Known Member Thread Starter

broni Moderator Malware Analyst

flippylip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Rootkit.win32.tdss.d

flippylip Well-Known Member Thread Starter

PeteC SuperGeek Staff

flippylip Well-Known Member Thread Starter

flippylip Well-Known Member Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

flippylip Well-Known Member Thread Starter

flippylip Well-Known Member Thread Starter

broni Moderator Malware Analyst

flippylip Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches