Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibe infection(s)


  • This topic is locked This topic is locked
28 replies to this topic

#1 Madbat68

Madbat68

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Twin Lake, MI
  • Local time:10:45 PM

Posted 02 October 2010 - 03:47 PM

I have had a problem with my browser redirecting me off and on now for a month since I installed Windows 7 on a new 1 TB hard drive. I also cannot download updates from Microsoft, or any programs from Microsoft. I also noticed that the website that it sends me to is not an actuall Microsoft website. have constant problems with redirects to sites that say I am infected and need to run there software which I know is falst. Kaspersky advised me to remove all of my old AV software which I did. Used to have Norton 360, removed with there removal tool, had malwarebytes as well and removed that as well per the staff at Kaspersky. Kaspersky AV now will lock up my system if it is active. Please advise.


DDS (Ver_10-03-17.01) - NTFSx86
Run by sgimenes at 15:00:48.81 on Sat 10/02/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.2067 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\sgimenes\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
Trusted Zone: microsoft.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\sgimenes\appdata\roaming\mozilla\firefox\profiles\tka0mtfw.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\gamespy\comrade\npcomrade.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-7-1 357096]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-9-23 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S4 mstbsvc;MSN Toolbar Setup;c:\program files\msn\toolbar\4.0.0412.0\mstbsvc.exe [2010-4-6 102752]

=============== Created Last 30 ================

2010-10-02 18:59:07 0 ----a-w- c:\users\sgimenes\defogger_reenable
2010-10-02 13:20:14 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-02 12:21:21 30512 ----a-w- c:\windows\system32\mdimon.dll
2010-10-02 12:16:57 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-02 12:16:08 0 d-----w- c:\programdata\Microsoft Help
2010-10-01 05:06:59 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-10-01 05:06:59 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-10-01 05:05:41 0 d-----w- c:\programdata\Kaspersky Lab
2010-10-01 05:05:41 0 d-----w- c:\program files\Kaspersky Lab
2010-10-01 04:06:05 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-09-30 20:55:43 0 d-sh--w- c:\programdata\SecuROM
2010-09-30 01:38:52 0 d-----w- c:\program files\Coupons
2010-09-27 00:28:35 0 d-----w- c:\program files\iPod
2010-09-27 00:28:34 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-27 00:28:34 0 d-----w- c:\program files\iTunes
2010-09-27 00:26:41 0 d-----w- c:\program files\Bonjour
2010-09-25 22:34:24 0 d-----w- c:\program files\Nero
2010-09-25 22:06:51 0 d-----w- C:\picts
2010-09-25 22:04:26 0 d-----w- C:\Easter10
2010-09-25 21:59:18 0 d-----w- c:\program files\Bethesda Softworks
2010-09-25 21:46:07 0 d-----w- c:\temp\Office Project Professional 2007 (English)
2010-09-25 12:39:59 0 d-----w- c:\program files\Mass Effect
2010-09-25 12:36:54 0 d-----w- c:\program files\HP
2010-09-24 04:08:09 0 d-----w- c:\program files\Microsoft Games
2010-09-24 04:07:48 0 d-----w- c:\windows\system32\BestPractices
2010-09-24 04:07:46 0 d-----w- C:\inetpub
2010-09-24 01:12:29 0 d-----w- c:\programdata\Trymedia
2010-09-24 01:05:12 0 d-----w- c:\program files\Starbreeze Studios
2010-09-24 00:09:13 0 d-----w- c:\users\sgimenes\appdata\roaming\Windows Live Writer
2010-09-23 22:37:56 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-09-23 22:35:35 0 d-----w- c:\programdata\Skype
2010-09-23 21:45:57 0 d-----w- c:\windows\Panther
2010-09-23 21:38:17 0 d-----w- C:\Windows.old
2010-09-23 21:17:05 0 d-----w- C:\backupdrivers
2010-09-23 20:49:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-09-23 20:19:12 0 d-----w- c:\users\sgimenes\appdata\roaming\Tific
2010-09-23 20:18:32 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-23 20:18:32 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-09-23 20:18:05 0 d-----w- c:\programdata\Norton
2010-09-23 20:17:52 0 d-----w- c:\programdata\NortonInstaller
2010-09-23 20:01:34 209608 ----a-w- c:\windows\system32\tabctl32.ocx
2010-09-23 20:01:33 2271152 ----a-w- c:\windows\system32\Codejock.CommandBars.Unicode.v12.1.1.ocx
2010-09-23 20:01:33 132880 ----a-w- c:\windows\system32\MSINET.OCX
2010-09-23 20:01:33 109248 ----a-w- c:\windows\system32\mswinsck.ocx
2010-09-23 20:01:30 1779632 ----a-w- c:\windows\system32\Codejock.Controls.v12.1.1.ocx
2010-09-23 20:01:28 0 d-----w- c:\program files\CoD RconTool
2010-09-23 19:55:41 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-23 19:55:40 138056 ----a-w- c:\users\sgimenes\appdata\roaming\PnkBstrK.sys
2010-09-23 19:55:18 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-23 19:55:16 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-09-23 19:55:14 319 ----a-w- c:\windows\game.ini
2010-09-23 19:48:31 0 d-----w- c:\programdata\EA Core
2010-09-23 19:41:14 0 d-----w- c:\program files\Activision
2010-09-23 19:32:45 0 d-----w- c:\windows\system32\Adobe
2010-09-23 19:09:23 0 d-----w- c:\programdata\Electronic Arts
2010-09-23 19:09:14 0 d-----w- c:\programdata\Adobe
2010-09-23 19:05:33 0 d-----w- c:\programdata\Ubisoft
2010-09-23 19:05:08 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-09-23 19:05:06 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-09-23 19:05:06 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-09-23 19:05:05 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-09-23 19:05:03 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-09-23 19:05:03 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-09-23 19:05:03 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-09-23 19:05:03 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-09-23 19:05:02 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-09-23 19:05:02 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2010-09-23 19:05:02 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2010-09-23 19:05:02 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-09-23 19:05:01 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-09-23 19:04:06 0 d-----w- c:\programdata\Apple Computer
2010-09-23 19:01:21 0 d-----w- c:\programdata\Apple
2010-09-23 18:48:47 0 d-----w- c:\programdata\NVIDIA
2010-09-23 18:47:44 0 d-----w- c:\programdata\NVIDIA Corporation
2010-09-23 18:47:40 0 d-----w- c:\program files\NVIDIA Corporation
2010-09-23 18:46:57 0 d-----w- c:\programdata\Sun
2010-09-23 18:45:25 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-23 18:43:56 0 d-----w- c:\program files\CCleaner
2010-09-23 18:42:22 0 d-----w- c:\programdata\UAB
2010-09-23 18:41:38 0 d-----w- c:\programdata\PC Drivers HeadQuarters
2010-09-23 18:41:35 0 d-----w- c:\program files\MSN Toolbar Installer
2010-09-23 18:41:10 0 d-----w- c:\program files\PC Drivers HeadQuarters
2010-09-23 18:34:25 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-23 18:33:24 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-23 18:32:53 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-23 18:32:28 0 d-----w- c:\program files\Microsoft
2010-09-23 18:32:04 0 d-----w- c:\program files\Windows Live SkyDrive
2010-09-23 18:31:29 0 d-----w- c:\windows\PCHEALTH
2010-09-23 18:31:27 0 d-sh--w- c:\windows\Installer
2010-09-23 18:17:59 0 d-----w- c:\users\sgimenes\appdata\roaming\Malwarebytes
2010-09-23 18:17:58 0 d-----w- c:\programdata\Malwarebytes
2010-09-23 18:16:32 0 d-----w- c:\program files\common files\Windows Live
2010-09-23 18:11:33 756992 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-09-23 18:11:22 0 d-----w- c:\windows\system32\wbem\Performance
2010-09-22 01:16:35 0 d-----w- c:\temp\Windows 7 Professional (x86) - DVD (English)
2010-09-21 23:55:12 0 d-----w- C:\Temp
2010-09-13 14:07:01 0 d-----w- C:\Pictures
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-08-18 05:58:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-18 05:58:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-27 22:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 22:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 22:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-09 20:37:10 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-07-09 20:37:10 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 20:37:10 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 20:37:10 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 20:37:10 110696 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:01:21.94 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 08 October 2010 - 05:57 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Madbat68

Madbat68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Twin Lake, MI
  • Local time:10:45 PM

Posted 11 October 2010 - 03:31 PM

OTL logfile created on: 10/11/2010 3:23:39 PM - Run 1
OTL by OldTimer - Version 3.2.15.0 Folder = C:\Users\sgimenes\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 569.15 Gb Free Space | 61.10% Space Free | Partition Type: NTFS
Drive D: | 567.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-1 | User Name: sgimenes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/11 15:22:49 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\sgimenes\Desktop\OTL.exe
PRC - [2010/09/23 15:32:06 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/07/01 21:39:08 | 000,357,096 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/04/16 22:12:38 | 000,113,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/07/13 21:14:44 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/11 15:22:49 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\sgimenes\Desktop\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/07/01 21:39:08 | 000,357,096 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/04/06 15:34:22 | 000,102,752 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Program Files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe -- (mstbsvc)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 21:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Users\sgimenes\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2010/10/06 22:36:07 | 000,495,192 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/07/09 18:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/04/28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 18:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3627923990-1771878706-3279147459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3627923990-1771878706-3279147459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3627923990-1771878706-3279147459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3627923990-1771878706-3279147459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 63 7F A9 4A 5B CB 01 [binary data]
IE - HKU\S-1-5-21-3627923990-1771878706-3279147459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3627923990-1771878706-3279147459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/04 16:50:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/07 10:43:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010/10/06 22:36:39 | 000,000,000 | ---D | M]

[2010/09/23 15:04:16 | 000,000,000 | ---D | M] -- C:\Users\sgimenes\AppData\Roaming\Mozilla\Extensions
[2010/10/07 08:15:34 | 000,000,000 | ---D | M] -- C:\Users\sgimenes\AppData\Roaming\Mozilla\Firefox\Profiles\tka0mtfw.default\extensions
[2010/09/23 15:14:11 | 000,000,000 | ---D | M] -- C:\Users\sgimenes\AppData\Roaming\Mozilla\Firefox\Profiles\tka0mtfw.default\extensions\personas@christopher.beard
[2010/10/06 22:37:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/06 22:37:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-3627923990-1771878706-3279147459-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3627923990-1771878706-3279147459-1000\..Trusted Domains: microsoft.com ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/08/11 04:09:30 | 000,028,691 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a35ecc02-c753-11df-beb8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a35ecc02-c753-11df-beb8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2003/08/11 04:07:32 | 000,962,560 | R--- | M] (Hewlett-Packard)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)


========== Files/Folders - Created Within 90 Days ==========

[2010/10/11 15:22:49 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\sgimenes\Desktop\OTL.exe
[2010/10/06 22:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/10/06 22:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/10/06 22:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/10/06 22:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/10/06 22:36:07 | 000,495,192 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/10/06 21:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/10/06 15:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies Inc
[2010/10/06 11:28:30 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2010/10/05 17:37:34 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\Documents\Homework
[2010/10/03 16:45:40 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\Documents\EA Games
[2010/10/02 21:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Call of Duty
[2010/10/02 21:29:00 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Roaming\TS3Client
[2010/10/02 20:44:19 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\TeamSpeak 3 Client
[2010/10/02 15:14:38 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\Desktop\gmer
[2010/10/02 09:20:08 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\Documents\BFBC2
[2010/10/02 08:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/10/02 08:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/10/02 08:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/10/02 08:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/02 08:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/10/02 08:16:09 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\Microsoft Help
[2010/10/02 08:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/10/02 08:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/10/02 08:14:25 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/09/30 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Roaming\teamspeak2
[2010/09/30 16:55:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010/09/26 20:29:49 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\Apple Computer
[2010/09/26 20:29:48 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Roaming\Apple Computer
[2010/09/26 20:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/26 20:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/26 20:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/26 20:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/09/26 20:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/26 12:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/09/25 18:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/09/25 18:06:51 | 000,000,000 | ---D | C] -- C:\picts
[2010/09/25 18:04:26 | 000,000,000 | ---D | C] -- C:\Easter10
[2010/09/25 17:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2010/09/25 13:06:21 | 000,000,000 | RH-D | C] -- C:\Users\sgimenes\AppData\Roaming\SecuROM
[2010/09/25 12:28:18 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\Documents\BioWare
[2010/09/25 08:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect
[2010/09/25 08:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/09/24 19:05:37 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\CrashDumps
[2010/09/24 11:22:05 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\Microsoft Games
[2010/09/24 00:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2010/09/24 00:07:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
[2010/09/24 00:07:46 | 000,000,000 | ---D | C] -- C:\inetpub
[2010/09/23 21:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2010/09/23 21:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Starbreeze Studios
[2010/09/23 20:41:15 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Roaming\InstallShield
[2010/09/23 20:09:13 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Roaming\Windows Live Writer
[2010/09/23 20:09:13 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\Windows Live Writer
[2010/09/23 20:09:13 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\Documents\My Weblog Posts
[2010/09/23 19:21:00 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\ElevatedDiagnostics
[2010/09/23 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\Diagnostics
[2010/09/23 18:42:29 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\Documents\My Downloads
[2010/09/23 18:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/09/23 17:45:57 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/09/23 17:38:17 | 000,000,000 | ---D | C] -- C:\Windows.old
[2010/09/23 17:17:05 | 000,000,000 | ---D | C] -- C:\backupdrivers
[2010/09/23 16:53:54 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\PunkBuster
[2010/09/23 16:50:24 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/09/23 16:48:04 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/09/23 16:19:12 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Roaming\Tific
[2010/09/23 16:19:11 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\Symantec
[2010/09/23 16:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/09/23 16:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/09/23 16:01:33 | 002,271,152 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.Unicode.v12.1.1.ocx
[2010/09/23 16:01:30 | 001,779,632 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.Controls.v12.1.1.ocx
[2010/09/23 16:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\CoD RconTool
[2010/09/23 15:50:18 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\MigWiz
[2010/09/23 15:49:54 | 000,000,000 | R-SD | C] -- C:\Users\sgimenes\Documents\My Stationery
[2010/09/23 15:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2010/09/23 15:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2010/09/23 15:32:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010/09/23 15:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy
[2010/09/23 15:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/09/23 15:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/09/23 15:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/09/23 15:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/09/23 15:09:03 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Roaming\Macromedia
[2010/09/23 15:09:03 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Roaming\Adobe
[2010/09/23 15:09:03 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\Adobe
[2010/09/23 15:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/09/23 15:07:52 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\GameSpy
[2010/09/23 15:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2010/09/23 15:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/23 15:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/09/23 15:03:50 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\Mozilla
[2010/09/23 15:03:49 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Roaming\Mozilla
[2010/09/23 15:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/23 15:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/23 15:01:29 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\Apple
[2010/09/23 15:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/09/23 14:54:40 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/09/23 14:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/09/23 14:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/09/23 14:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/09/23 14:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/09/23 14:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/23 14:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/23 14:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/09/23 14:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/23 14:44:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/09/23 14:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/23 14:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2010/09/23 14:42:20 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\PC_Drivers_Headquarters
[2010/09/23 14:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2010/09/23 14:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/09/23 14:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2010/09/23 14:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/09/23 14:34:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/09/23 14:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/09/23 14:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/09/23 14:32:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/09/23 14:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/09/23 14:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/09/23 14:31:29 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/23 14:31:27 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/09/23 14:17:59 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Roaming\Malwarebytes
[2010/09/23 14:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/23 14:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/09/23 14:09:49 | 000,000,000 | R--D | C] -- C:\Users\sgimenes\Searches
[2010/09/23 14:09:49 | 000,000,000 | -H-D | C] -- C:\Users\sgimenes\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/09/23 14:09:38 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Roaming\Identities
[2010/09/23 14:09:37 | 000,000,000 | R--D | C] -- C:\Users\sgimenes\Contacts
[2010/09/23 14:09:31 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\VirtualStore
[2010/09/23 14:09:29 | 000,000,000 | --SD | C] -- C:\Users\sgimenes\AppData\Roaming\Microsoft
[2010/09/23 14:09:29 | 000,000,000 | R--D | C] -- C:\Users\sgimenes\Videos
[2010/09/23 14:09:29 | 000,000,000 | R--D | C] -- C:\Users\sgimenes\Saved Games
[2010/09/23 14:09:29 | 000,000,000 | R--D | C] -- C:\Users\sgimenes\Pictures
[2010/09/23 14:09:29 | 000,000,000 | R--D | C] -- C:\Users\sgimenes\Music
[2010/09/23 14:09:29 | 000,000,000 | R--D | C] -- C:\Users\sgimenes\Links
[2010/09/23 14:09:29 | 000,000,000 | R--D | C] -- C:\Users\sgimenes\Favorites
[2010/09/23 14:09:29 | 000,000,000 | R--D | C] -- C:\Users\sgimenes\Downloads
[2010/09/23 14:09:29 | 000,000,000 | R--D | C] -- C:\Users\sgimenes\My Documents
[2010/09/23 14:09:29 | 000,000,000 | R--D | C] -- C:\Users\sgimenes\Desktop
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\AppData\Local\Temporary Internet Files
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\Templates
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\Start Menu
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\SendTo
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\Recent
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\PrintHood
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\NetHood
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\Documents\My Videos
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\Documents\My Pictures
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\Documents\My Music
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\My Documents
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\Local Settings
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\AppData\Local\History
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\Cookies
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\Application Data
[2010/09/23 14:09:29 | 000,000,000 | -HSD | C] -- C:\Users\sgimenes\AppData\Local\Application Data
[2010/09/23 14:09:29 | 000,000,000 | -H-D | C] -- C:\Users\sgimenes\AppData
[2010/09/23 14:09:29 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\Temp
[2010/09/23 14:09:29 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Local\Microsoft
[2010/09/23 14:09:29 | 000,000,000 | ---D | C] -- C:\Users\sgimenes\AppData\Roaming\Media Center Programs
[2010/09/23 14:09:17 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/09/21 19:55:12 | 000,000,000 | ---D | C] -- C:\Temp
[2010/09/13 10:07:01 | 000,000,000 | ---D | C] -- C:\Pictures
[2010/09/01 14:16:23 | 000,000,000 | ---D | C] -- C:\Intel
[2010/09/01 14:00:51 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/08/30 16:23:46 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/08/30 15:24:23 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/08/30 13:06:02 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/08/30 13:05:54 | 000,000,000 | ---D | C] -- C:\NVIDIA

========== Files - Modified Within 90 Days ==========

[2010/10/11 15:25:39 | 001,572,864 | -HS- | M] () -- C:\Users\sgimenes\NTUSER.DAT
[2010/10/11 15:22:49 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\sgimenes\Desktop\OTL.exe
[2010/10/11 11:21:49 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 11:21:49 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 11:19:06 | 000,756,992 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/10/11 11:19:06 | 000,647,864 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/11 11:19:06 | 000,112,846 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/11 11:17:07 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/10/11 11:14:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/11 11:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/11 11:13:58 | 2414,284,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/07 13:56:54 | 002,495,756 | -H-- | M] () -- C:\Users\sgimenes\AppData\Local\IconCache.db
[2010/10/07 13:50:57 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/10/06 22:50:56 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/10/06 22:37:34 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/10/06 22:37:34 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/10/06 22:36:07 | 000,495,192 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/10/06 14:47:41 | 000,218,496 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/10/05 16:37:06 | 000,119,231 | ---- | M] () -- C:\Users\sgimenes\Desktop\GetSystemInfo_HOME-1_sgimenes_2010_10_05_16_36_21.zip
[2010/10/05 14:01:30 | 000,101,818 | ---- | M] () -- C:\Users\sgimenes\Desktop\GetSystemInfo_HOME-1_sgimenes_2010_10_05_14_01_00.zip
[2010/10/05 13:59:22 | 000,101,904 | ---- | M] () -- C:\Users\sgimenes\Desktop\GetSystemInfo_HOME-1_sgimenes_2010_10_05_13_58_18.zip
[2010/10/04 16:51:36 | 000,001,834 | ---- | M] () -- C:\Users\sgimenes\Desktop\MoHMPGame - Shortcut.lnk
[2010/10/03 16:44:58 | 000,138,056 | ---- | M] () -- C:\Users\sgimenes\AppData\Roaming\PnkBstrK.sys
[2010/10/02 20:44:20 | 000,001,218 | ---- | M] () -- C:\Users\sgimenes\Desktop\TeamSpeak 3 Client.lnk
[2010/10/02 15:17:13 | 000,109,756 | ---- | M] () -- C:\Users\sgimenes\Desktop\gmarfail.PNG
[2010/10/02 15:13:44 | 000,284,915 | ---- | M] () -- C:\Users\sgimenes\Desktop\gmer.zip
[2010/10/02 15:00:36 | 000,525,824 | ---- | M] () -- C:\Users\sgimenes\Desktop\dds.scr
[2010/10/02 14:59:07 | 000,000,000 | ---- | M] () -- C:\Users\sgimenes\defogger_reenable
[2010/10/02 14:58:34 | 000,050,477 | ---- | M] () -- C:\Users\sgimenes\Desktop\Defogger.exe
[2010/10/02 11:15:33 | 001,740,936 | ---- | M] () -- C:\Users\sgimenes\Documents\AutoRuns.arn
[2010/10/02 10:47:50 | 000,001,171 | ---- | M] () -- C:\Users\sgimenes\Desktop\HijackThis - Shortcut.lnk
[2010/10/02 08:45:38 | 000,108,824 | ---- | M] () -- C:\Users\sgimenes\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/10/02 08:39:58 | 000,412,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/02 08:16:40 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/10/02 07:33:04 | 000,123,314 | ---- | M] () -- C:\Users\sgimenes\Desktop\GetSystemInfo_HOME-1_sgimenes_2010_10_02_07_31_57.zip
[2010/09/26 12:58:26 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/25 20:14:31 | 000,030,427 | ---- | M] () -- C:\Users\sgimenes\Documents\DefaultInput.ini
[2010/09/25 19:49:48 | 000,001,701 | ---- | M] () -- C:\Users\sgimenes\Desktop\NeroExpress - Shortcut.lnk
[2010/09/23 18:37:56 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/09/23 17:45:44 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/09/23 16:53:31 | 000,042,049 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/09/23 16:49:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/23 16:15:00 | 000,000,017 | ---- | M] () -- C:\Users\sgimenes\AppData\Local\resmon.resmoncfg
[2010/09/23 16:01:36 | 000,001,897 | ---- | M] () -- C:\Users\sgimenes\Desktop\CoD RconTool.lnk
[2010/09/23 15:56:18 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/09/23 15:56:18 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/09/23 15:55:14 | 000,000,319 | ---- | M] () -- C:\Windows\game.ini
[2010/09/23 15:16:46 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\GameSpy Comrade.lnk
[2010/09/23 15:09:23 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/09/23 15:04:23 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/23 15:03:39 | 000,001,913 | ---- | M] () -- C:\Users\sgimenes\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/23 15:03:39 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/23 14:49:27 | 000,524,288 | -HS- | M] () -- C:\Users\sgimenes\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/09/23 14:49:27 | 000,524,288 | -HS- | M] () -- C:\Users\sgimenes\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/09/23 14:49:27 | 000,065,536 | -HS- | M] () -- C:\Users\sgimenes\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/09/23 14:43:56 | 000,000,969 | ---- | M] () -- C:\Users\sgimenes\Desktop\CCleaner.lnk
[2010/09/23 14:41:16 | 000,002,431 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2010/09/23 14:10:49 | 000,001,411 | ---- | M] () -- C:\Users\sgimenes\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/23 14:09:29 | 000,000,020 | -HS- | M] () -- C:\Users\sgimenes\ntuser.ini
[2010/09/15 17:18:53 | 002,601,752 | ---- | M] () -- C:\Windows\System32\pbsvc_moh.exe
[2010/09/01 13:54:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/01 13:54:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

========== Files Created - No Company Name ==========

[2010/10/07 09:48:26 | 000,001,826 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/10/06 22:51:10 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/10/06 22:50:56 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/10/06 22:37:34 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/10/06 22:37:34 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/10/05 16:36:32 | 000,119,231 | ---- | C] () -- C:\Users\sgimenes\Desktop\GetSystemInfo_HOME-1_sgimenes_2010_10_05_16_36_21.zip
[2010/10/05 14:01:11 | 000,101,818 | ---- | C] () -- C:\Users\sgimenes\Desktop\GetSystemInfo_HOME-1_sgimenes_2010_10_05_14_01_00.zip
[2010/10/05 13:58:53 | 000,101,904 | ---- | C] () -- C:\Users\sgimenes\Desktop\GetSystemInfo_HOME-1_sgimenes_2010_10_05_13_58_18.zip
[2010/10/04 16:51:36 | 000,001,834 | ---- | C] () -- C:\Users\sgimenes\Desktop\MoHMPGame - Shortcut.lnk
[2010/10/03 16:44:40 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2010/10/02 20:44:20 | 000,001,218 | ---- | C] () -- C:\Users\sgimenes\Desktop\TeamSpeak 3 Client.lnk
[2010/10/02 15:17:13 | 000,109,756 | ---- | C] () -- C:\Users\sgimenes\Desktop\gmarfail.PNG
[2010/10/02 15:13:43 | 000,284,915 | ---- | C] () -- C:\Users\sgimenes\Desktop\gmer.zip
[2010/10/02 15:00:35 | 000,525,824 | ---- | C] () -- C:\Users\sgimenes\Desktop\dds.scr
[2010/10/02 14:59:07 | 000,000,000 | ---- | C] () -- C:\Users\sgimenes\defogger_reenable
[2010/10/02 14:58:34 | 000,050,477 | ---- | C] () -- C:\Users\sgimenes\Desktop\Defogger.exe
[2010/10/02 11:13:57 | 001,740,936 | ---- | C] () -- C:\Users\sgimenes\Documents\AutoRuns.arn
[2010/10/02 10:47:50 | 000,001,171 | ---- | C] () -- C:\Users\sgimenes\Desktop\HijackThis - Shortcut.lnk
[2010/10/02 09:20:14 | 000,218,496 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/10/02 07:32:31 | 000,123,314 | ---- | C] () -- C:\Users\sgimenes\Desktop\GetSystemInfo_HOME-1_sgimenes_2010_10_02_07_31_57.zip
[2010/09/26 12:58:23 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/25 20:14:31 | 000,030,427 | ---- | C] () -- C:\Users\sgimenes\Documents\DefaultInput.ini
[2010/09/25 19:49:47 | 000,001,701 | ---- | C] () -- C:\Users\sgimenes\Desktop\NeroExpress - Shortcut.lnk
[2010/09/23 18:37:56 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/09/23 16:49:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/23 16:46:49 | 2414,284,800 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/23 16:15:00 | 000,000,017 | ---- | C] () -- C:\Users\sgimenes\AppData\Local\resmon.resmoncfg
[2010/09/23 16:01:36 | 000,001,897 | ---- | C] () -- C:\Users\sgimenes\Desktop\CoD RconTool.lnk
[2010/09/23 15:56:18 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2010/09/23 15:56:18 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2010/09/23 15:55:41 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/09/23 15:55:40 | 000,138,056 | ---- | C] () -- C:\Users\sgimenes\AppData\Roaming\PnkBstrK.sys
[2010/09/23 15:55:18 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/09/23 15:55:16 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/09/23 15:55:14 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/09/23 15:16:46 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\GameSpy Comrade.lnk
[2010/09/23 15:09:23 | 000,002,337 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/09/23 15:04:23 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/23 15:03:39 | 000,001,913 | ---- | C] () -- C:\Users\sgimenes\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/23 15:03:35 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/23 14:43:56 | 000,000,969 | ---- | C] () -- C:\Users\sgimenes\Desktop\CCleaner.lnk
[2010/09/23 14:41:16 | 000,002,431 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2010/09/23 14:10:49 | 000,001,411 | ---- | C] () -- C:\Users\sgimenes\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/23 14:09:29 | 001,572,864 | -HS- | C] () -- C:\Users\sgimenes\NTUSER.DAT
[2010/09/23 14:09:29 | 000,524,288 | -HS- | C] () -- C:\Users\sgimenes\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/09/23 14:09:29 | 000,524,288 | -HS- | C] () -- C:\Users\sgimenes\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/09/23 14:09:29 | 000,262,144 | -HS- | C] () -- C:\Users\sgimenes\ntuser.dat.LOG2
[2010/09/23 14:09:29 | 000,262,144 | -HS- | C] () -- C:\Users\sgimenes\ntuser.dat.LOG1
[2010/09/23 14:09:29 | 000,065,536 | -HS- | C] () -- C:\Users\sgimenes\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/09/23 14:09:29 | 000,000,290 | ---- | C] () -- C:\Users\sgimenes\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/09/23 14:09:29 | 000,000,272 | ---- | C] () -- C:\Users\sgimenes\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/09/23 14:09:29 | 000,000,020 | -HS- | C] () -- C:\Users\sgimenes\ntuser.ini
[2010/09/01 13:54:06 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/09/01 13:54:06 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/08/30 16:23:47 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/08/30 16:23:46 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/08/30 13:06:02 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/09/23 16:19:12 | 000,000,000 | ---D | M] -- C:\Users\sgimenes\AppData\Roaming\Tific
[2010/10/02 21:38:03 | 000,000,000 | ---D | M] -- C:\Users\sgimenes\AppData\Roaming\TS3Client
[2010/09/23 20:09:13 | 000,000,000 | ---D | M] -- C:\Users\sgimenes\AppData\Roaming\Windows Live Writer
[2009/07/14 00:53:46 | 000,009,886 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/07/01 21:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\klogon.dll
[2009/07/13 21:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/09/23 17:45:44 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/11 11:13:58 | 2414,284,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/01 13:54:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/01 13:54:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/11 11:14:05 | 3219,046,400 | -HS- | M] () -- C:\pagefile.sys
[2010/10/02 11:07:04 | 000,000,383 | ---- | M] () -- C:\rkill.log
[2010/10/06 20:37:13 | 000,003,062 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_06.10.2010_20.36.44_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-11 16:27:59
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\sgimenes\AppData\Local\Temp\kwldipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x91773528]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x91775752]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x917759CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x91775C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x91773E30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x91774C5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x917751A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x9177410C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x9177508C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x91773118]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x91774F60]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x917732C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x917752C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x91773AB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x91773BB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x91775E88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x91774FF6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x917769A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x9177458E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x91777BBE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x9177439C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x91776A9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x9177720A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x9177523C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x91773EB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x9177511C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x91773762]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x91776FA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x9177535C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x91773656]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x91775F42]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x91777544]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x91776E36]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x91771DD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x917756C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x91775586]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x91776742]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x9177214A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x91777A60]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x91771D6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x917749A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x91773CD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x91775FE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x91776C38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x91777694]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x91777786]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x917778C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x917768CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x91773902]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x91773858]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x917773E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x917739EE]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A23AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A23104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A233F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A0B634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A0B898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A231DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A23958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A236F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A23F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A241A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A83579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA7F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 82AAF720 4 Bytes [28, 35, 77, 91]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82AAF748 8 Bytes [52, 57, 77, 91, CC, 59, 77, ...] {PUSH EDX; PUSH EDI; JA 0xffffffffffffff95; INT 3 ; POP ECX; JA 0xffffffffffffff99}
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 82AAF78C 4 Bytes [3E, 5C, 77, 91]
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82AAF7B8 4 Bytes [30, 3E, 77, 91] {XOR [ESI], BH; JA 0xffffffffffffff95}
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82AAF7DC 4 Bytes [5C, 4C, 77, 91] {POP ESP; DEC ESP; JA 0xffffffffffffff95}
.text ...
.text peauth.sys 99762C9D 28 Bytes [84, CE, BD, 73, ED, CF, 3B, ...]
.text peauth.sys 99762CC1 28 Bytes [84, CE, BD, 73, ED, CF, 3B, ...]
PAGE peauth.sys 9976902C 102 Bytes [10, 82, AB, 08, 86, 56, C7, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AD05C000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AD05C123 629 Bytes [75, 05, AD, FE, 05, 34, 75, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 AD05C399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F AD05C3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B AD05C4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
.text autochk.exe 002911E0 2 Bytes [01, 04]
.text autochk.exe 002911E4 1 Byte [01]
.text autochk.exe 002911E8 1 Byte [4E]
.text autochk.exe 002911E8 3 Bytes [4E, 00, 50]
.text autochk.exe 002911EC 3 Bytes [D6, 18, 29] {SALC ; SBB [ECX], CH}
.text ...

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1784] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1784] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1784] USER32.dll!NotifyWinEvent + 48B 7677F724 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3568] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3568] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3568] USER32.dll!NotifyWinEvent + 48B 7677F724 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!CreateWindowExW 76770E51 5 Bytes JMP 6C6E7AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!DialogBoxIndirectParamW 76794AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!DialogBoxIndirectParamW 76794AA7 5 Bytes JMP 6C8358AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!DialogBoxParamW 7679564A 5 Bytes JMP 6C60490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!DialogBoxParamA 767ACF6A 5 Bytes JMP 6C835848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!DialogBoxIndirectParamA 767AD29C 5 Bytes JMP 6C83590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!MessageBoxIndirectA 767BE8C9 5 Bytes JMP 6C8357DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!MessageBoxIndirectW 767BE9C3 5 Bytes JMP 6C835772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!MessageBoxExA 767BEA29 5 Bytes JMP 6C835710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!MessageBoxExW 767BEA4D 5 Bytes JMP 6C8356AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4472] ole32.dll!OleLoadFromStream 75FC5B88 5 Bytes JMP 6C835B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!CreateDialogParamW 76769BFF 5 Bytes JMP 6C63C2C8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!EnableWindow 7676A72E 5 Bytes JMP 6C63C243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!GetAsyncKeyState 7676C09A 5 Bytes JMP 6C5FD6D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!UnhookWindowsHookEx 7676CC7B 5 Bytes JMP 6C6F7E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!CallNextHookEx 7676CC8F 5 Bytes JMP 6C6D94EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!CreateWindowExW 76770E51 5 Bytes JMP 6C6E7AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!SetWindowsHookExW 7677210A 5 Bytes JMP 6C694243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!GetKeyState 76774FDA 5 Bytes JMP 6C63D47E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!IsDialogMessageW 76776F06 5 Bytes JMP 6C603FE8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!CreateDialogParamA 76783E79 5 Bytes JMP 6C8361B3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!IsDialogMessage 7678407A 5 Bytes JMP 6C835BBF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!CreateDialogIndirectParamA 76789110 5 Bytes JMP 6C8361EA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!CreateDialogIndirectParamW 767908AD 5 Bytes JMP 6C836221 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!DialogBoxIndirectParamW 76794AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!DialogBoxIndirectParamW 76794AA7 5 Bytes JMP 6C8358AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!EndDialog 7679555C 5 Bytes JMP 6C605873 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!DialogBoxParamW 7679564A 5 Bytes JMP 6C60490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!SetKeyboardState 76796B52 5 Bytes JMP 6C835F24 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!SendInput 76797055 5 Bytes JMP 6C8368A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!DialogBoxParamA 767ACF6A 5 Bytes JMP 6C835848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!DialogBoxIndirectParamA 767AD29C 5 Bytes JMP 6C83590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!MessageBoxIndirectA 767BE8C9 5 Bytes JMP 6C8357DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!MessageBoxIndirectW 767BE9C3 5 Bytes JMP 6C835772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!MessageBoxExA 767BEA29 5 Bytes JMP 6C835710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!MessageBoxExW 767BEA4D 5 Bytes JMP 6C8356AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] USER32.dll!keybd_event 767BEC9B 5 Bytes JMP 6C836AD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] SHELL32.dll!SHChangeNotification_Lock + 45BE 7691B3D8 4 Bytes [11, 36, 4A, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] SHELL32.dll!SHChangeNotification_Lock + 45C6 7691B3E0 8 Bytes [5F, 35, 4A, 68, D0, 73, 49, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] ole32.dll!OleLoadFromStream 75FC5B88 5 Bytes JMP 6C835B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4532] ole32.dll!CoCreateInstance 760157FC 5 Bytes JMP 6C6E8595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\59@DoneAddingCrawlSeeds 0

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: copy of MBR

---- EOF - GMER 1.0.15 ----


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 11 October 2010 - 06:37 PM

Hello, Madbat68.

Are you still having the same issues as in your original post?

We do need to take a deeper look.



Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 2

Scan With RKUnHooker
  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

QUOTE
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Madbat68

Madbat68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Twin Lake, MI
  • Local time:10:45 PM

Posted 11 October 2010 - 07:10 PM

Yes I am still having the same problems. I cannot update windows, cannot download anything from Microsoft or other websites. Still have re-directs all the time.



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Dell DXP061
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 170):
0x82A40000 \SystemRoot\system32\ntkrnlpa.exe
0x82A09000 \SystemRoot\system32\halmacpi.dll
0x80B99000 \SystemRoot\system32\kdcom.dll
0x8B02A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B0A2000 \SystemRoot\system32\PSHED.dll
0x8B0B3000 \SystemRoot\system32\BOOTVID.dll
0x8B0BB000 \SystemRoot\system32\CLFS.SYS
0x8B0FD000 \SystemRoot\system32\CI.dll
0x8B225000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B296000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B2A4000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B2EC000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B2F5000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B2FD000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B327000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B332000 \SystemRoot\System32\drivers\partmgr.sys
0x8B343000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B353000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B39E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B42D000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x8B508000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B511000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B545000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B622000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B751000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B77C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B78F000 \SystemRoot\System32\Drivers\cng.sys
0x8B7EC000 \SystemRoot\System32\drivers\pcw.sys
0x8B600000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B80F000 \SystemRoot\system32\drivers\ndis.sys
0x8B8C6000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B904000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BA07000 \SystemRoot\System32\drivers\tcpip.sys
0x8BB50000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BB81000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8BB8A000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BBC9000 \SystemRoot\System32\Drivers\spldr.sys
0x8BBD1000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B929000 \SystemRoot\System32\Drivers\mup.sys
0x8BC10000 \SystemRoot\system32\DRIVERS\kl1.sys
0x8C132000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C13A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C16C000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C17D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x91728000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91747000 \SystemRoot\system32\DRIVERS\klif.sys
0x917CB000 \SystemRoot\System32\Drivers\Null.SYS
0x917D2000 \SystemRoot\System32\Drivers\Beep.SYS
0x917D9000 \SystemRoot\System32\drivers\vga.sys
0x91600000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91621000 \SystemRoot\System32\drivers\watchdog.sys
0x9162E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x917E5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x917ED000 \SystemRoot\system32\drivers\rdprefmp.sys
0x917F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C1AF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C1BD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C1D4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91636000 \SystemRoot\system32\DRIVERS\kl2.sys
0x8B939000 \SystemRoot\system32\drivers\afd.sys
0x8B993000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C1DF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8B9C5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C1E6000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8C1F7000 \SystemRoot\system32\DRIVERS\klim6.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B9E4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B609000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B556000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B800000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B597000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B5A1000 \SystemRoot\System32\drivers\discache.sys
0x91C09000 \SystemRoot\system32\drivers\csc.sys
0x91C6D000 \SystemRoot\System32\Drivers\dfsc.sys
0x91C85000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x91C93000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91CB4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x92E27000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x938A5000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x938A7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9395E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x93997000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x939CF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91CC6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x939DA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92E00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92431000 \SystemRoot\system32\DRIVERS\athr.sys
0x92541000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9254B000 \SystemRoot\system32\DRIVERS\VSTBS23.SYS
0x92597000 \SystemRoot\system32\DRIVERS\ks.sys
0x92625000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x92727000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x927DC000 \SystemRoot\system32\drivers\modem.sys
0x927E9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x927EF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x92600000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x925CB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92612000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x925E3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x939E9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91D11000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92422000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x91D28000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91D35000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9261D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91D42000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91D50000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91D94000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91DA5000 \SystemRoot\system32\drivers\HdAudio.sys
0x8B5AD000 \SystemRoot\system32\drivers\portcls.sys
0x8B5DC000 \SystemRoot\system32\drivers\drmk.sys
0x9163C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x91652000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9581A000 \SystemRoot\System32\Drivers\dump_iaStorV.sys
0x958F5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x966A0000 \SystemRoot\System32\win32k.sys
0x95906000 \SystemRoot\System32\drivers\Dxapi.sys
0x95910000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95927000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95929000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x95937000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x95942000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x95959000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95964000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9596F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x95982000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x95989000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x95995000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x959A0000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x96900000 \SystemRoot\System32\TSDDD.dll
0x96930000 \SystemRoot\System32\cdd.dll
0x959A9000 \SystemRoot\system32\drivers\luafv.sys
0x959C4000 \SystemRoot\system32\drivers\WudfPf.sys
0x959DE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9165F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x959EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95800000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x91DF5000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x99634000 \SystemRoot\system32\drivers\HTTP.sys
0x996B9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x996D2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x996E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99707000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99742000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9975D000 \SystemRoot\system32\drivers\peauth.sys
0x997F4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x99600000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x99621000

This is it. The program faied to complete, and windows 7 shut it down. This is all that was generated.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x92E27000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11001856 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 258.96 )
0x8BC10000 C:\Windows\system32\DRIVERS\kl1.sys 5382144 bytes (Kaspersky Lab ZAO, Kaspersky Unified Driver)
0x82A40000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82A40000 PnpManager 4259840 bytes
0x82A40000 RAW 4259840 bytes
0x82A40000 WMIxWDM 4259840 bytes
0x966A0000 Win32k 2400256 bytes
0x966A0000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8BA07000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8B622000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x92431000 C:\Windows\system32\DRIVERS\athr.sys 1114112 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x92625000 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x9581A000 C:\Windows\System32\Drivers\dump_iaStorV.sys 897024 bytes
0x8B42D000 C:\Windows\system32\DRIVERS\iaStorV.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x938A7000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B80F000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x92727000 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8B0FD000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9975D000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x99634000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x91747000 C:\Windows\system32\DRIVERS\klif.sys 540672 bytes (Kaspersky Lab, Klif Mini-Filter [fre_wlh_x86])
0x8B02A000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8B225000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x91C09000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8B78F000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8B939000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8B1A8000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x91DA5000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x916A5000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9254B000 C:\Windows\system32\DRIVERS\VSTBS23.SYS 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x91CC6000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B353000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8B2A4000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9165F000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x91D50000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8B0BB000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8B556000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8BB8A000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B8C6000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x99707000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x9395E000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x93997000 C:\Windows\system32\DRIVERS\e1e6032.sys 229376 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x82A09000 ACPI_HAL 225280 bytes
0x82A09000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8B511000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x92597000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C13A000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8B993000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8BB50000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8B5AD000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8BBD1000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8B751000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B2FD000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8C17D000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B904000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x996E4000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x92400000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x99600000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x91C93000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x91600000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x916F4000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x91728000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x92E00000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8B9C5000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x96930000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x959A9000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x99742000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x959C4000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x996B9000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8B5DC000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x91C6D000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x925CB000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x925E3000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xAD0B2000 C:\Users\sgimenes\AppData\Local\Temp\kwldipow.sys 94208 bytes
0x939E9000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x91D11000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C1BD000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x95910000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x95942000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x9163C000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8B39E000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x9596F000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8B77C000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x95800000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8B9E4000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x92600000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x91CB4000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x996D2000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8C16C000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x958F5000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8B545000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91D94000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8B332000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8B0A2000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8C1E6000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x959DE000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B929000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x959EE000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8B609000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8B343000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x939DA000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x91C85000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8BC00000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C1AF000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8B7EC000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x91D42000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x95929000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
0x8B296000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x927EF000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x91652000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x91D28000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x927DC000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x91D35000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x99621000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x91621000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8B5A1000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x95989000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x917D9000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x95964000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x95959000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x95995000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x917F5000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x92612000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8C1D4000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x95937000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
0x939CF000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8B327000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x95906000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B597000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8B800000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x92422000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x997F4000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x92541000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x8B508000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xAD0A9000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8B600000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x959A0000 C:\Windows\system32\DRIVERS\klmouflt.sys 36864 bytes (Kaspersky Lab, KLMOUFLT Mouse Device Filter [fre_wlh_x86])
0xAD0C9000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x96900000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8BB81000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x91DF5000 C:\Windows\system32\DRIVERS\vwifimp.sys 36864 bytes (Microsoft Corporation, Virtual WiFi Miniport Driver)
0x8B2EC000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8B0B3000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8C132000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80B99000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8C1F7000 C:\Windows\system32\DRIVERS\klim6.sys 32768 bytes (Kaspersky Lab ZAO, Kaspersky Lab Intermediate Network Driver)
0x8B2F5000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x9162E000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x917E5000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x917ED000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8BBC9000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x917D2000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x95982000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x917CB000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8C1DF000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x927E9000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x91636000 C:\Windows\system32\DRIVERS\kl2.sys 24576 bytes (Kaspersky Lab ZAO, Kaspersky Unified Driver)
0x938A5000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 258.96 )
0x9261D000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x95927000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0xAD069F2E Unknown thread object [ ETHREAD 0x89602020 ] , 600 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Edited by Madbat68, 11 October 2010 - 07:13 PM.


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 12 October 2010 - 05:07 PM

Hello, Madbat68.

OK, signs of a rootkit. Let's run Combofix.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.




Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578






Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Madbat68

Madbat68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Twin Lake, MI
  • Local time:10:45 PM

Posted 12 October 2010 - 06:34 PM

ComboFix 10-10-11.05 - sgimenes 10/12/2010 19:12:46.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.2031 [GMT -4:00]
Running from: c:\users\sgimenes\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\sgimenes\AppData\Local\Temp\F0F0.tmp

.
((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))))))
.

2010-10-12 23:19 . 2010-10-12 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-11 22:24 . 2010-10-11 22:24 -------- d-----w- c:\program files\WinWay Resume - Express Edition
2010-10-11 22:23 . 2010-10-11 22:23 -------- d-----w- c:\program files\Common Files\InstallShield
2010-10-07 02:51 . 2010-10-11 15:17 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-07 02:50 . 2010-10-07 02:50 -------- d-----w- c:\programdata\Hitman Pro
2010-10-07 02:50 . 2010-10-07 02:50 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-07 02:37 . 2010-10-07 02:37 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-10-07 02:37 . 2010-10-07 02:37 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-10-07 02:36 . 2010-10-07 02:36 -------- d-----w- c:\program files\Kaspersky Lab
2010-10-07 02:36 . 2010-10-12 04:00 -------- d-----w- c:\programdata\Kaspersky Lab
2010-10-07 01:02 . 2010-10-07 01:02 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-10-06 19:22 . 2010-10-06 19:22 -------- d-----w- c:\program files\LSoft Technologies Inc
2010-10-06 15:28 . 2010-10-06 20:07 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2010-10-03 20:44 . 2010-09-15 21:18 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2010-10-03 01:32 . 2010-10-03 14:09 -------- d-----w- c:\program files\Call of Duty
2010-10-02 13:20 . 2010-10-06 18:47 218496 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-02 12:21 . 2006-10-26 23:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-10-02 12:21 . 2006-10-26 23:58 30512 ----a-w- c:\windows\system32\mdimon.dll
2010-10-02 12:20 . 2010-10-02 12:20 -------- d-----w- c:\program files\Microsoft Works
2010-10-02 12:16 . 2010-10-02 12:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-02 12:16 . 2010-10-02 12:22 -------- d-----w- c:\programdata\Microsoft Help
2010-10-02 12:14 . 2010-10-02 12:14 -------- d-----r- C:\MSOCache
2010-09-30 20:55 . 2010-09-30 20:55 -------- d-sh--w- c:\programdata\SecuROM
2010-09-27 00:28 . 2010-09-27 00:28 -------- d-----w- c:\program files\iPod
2010-09-27 00:28 . 2010-09-27 00:29 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-27 00:28 . 2010-09-27 00:29 -------- d-----w- c:\program files\iTunes
2010-09-27 00:27 . 2010-09-27 00:27 -------- d-----w- c:\program files\Apple Software Update
2010-09-27 00:26 . 2010-09-27 00:26 -------- d-----w- c:\program files\Bonjour
2010-09-25 22:34 . 2010-09-25 22:36 -------- d-----w- c:\program files\Nero
2010-09-25 22:06 . 2010-09-25 22:12 -------- d-----w- C:\picts
2010-09-25 22:04 . 2010-09-25 22:04 -------- d-----w- C:\Easter10
2010-09-25 21:59 . 2010-09-25 21:59 -------- d-----w- c:\program files\Bethesda Softworks
2010-09-25 12:39 . 2010-09-25 12:51 -------- d-----w- c:\program files\Mass Effect
2010-09-25 12:36 . 2010-09-25 12:37 -------- d-----w- c:\program files\HP
2010-09-24 04:08 . 2010-09-24 04:08 -------- d-----w- c:\program files\Microsoft Games
2010-09-24 04:07 . 2010-09-24 04:07 -------- d-----w- c:\windows\system32\BestPractices
2010-09-24 04:07 . 2010-09-24 04:07 -------- d-----w- C:\inetpub
2010-09-24 01:12 . 2010-09-24 01:12 -------- d-----w- c:\programdata\Trymedia
2010-09-24 01:05 . 2010-09-24 01:05 -------- d-----w- c:\program files\Starbreeze Studios
2010-09-23 22:37 . 2010-09-23 22:37 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-09-23 22:35 . 2010-09-23 22:35 -------- d-----w- c:\programdata\Skype
2010-09-23 21:45 . 2010-09-23 18:09 -------- d-----w- c:\windows\Panther
2010-09-23 21:38 . 2010-09-23 21:38 -------- d-----w- C:\Windows.old
2010-09-23 21:17 . 2010-09-23 21:17 -------- d-----w- C:\backupdrivers
2010-09-23 20:18 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-23 20:18 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-09-23 20:18 . 2010-10-01 04:14 -------- d-----w- c:\programdata\Norton
2010-09-23 20:01 . 2000-05-22 15:58 209608 ----a-w- c:\windows\system32\tabctl32.ocx
2010-09-23 20:01 . 2008-11-28 10:32 2271152 ----a-w- c:\windows\system32\Codejock.CommandBars.Unicode.v12.1.1.ocx
2010-09-23 20:01 . 2004-03-08 22:00 132880 ----a-w- c:\windows\system32\MSINET.OCX
2010-09-23 20:01 . 2000-05-22 15:58 109248 ----a-w- c:\windows\system32\mswinsck.ocx
2010-09-23 20:01 . 2008-11-28 10:32 1779632 ----a-w- c:\windows\system32\Codejock.Controls.v12.1.1.ocx
2010-09-23 20:01 . 2010-10-12 22:19 -------- d-----w- c:\program files\CoD RconTool
2010-09-23 19:55 . 2010-10-12 21:03 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-23 19:55 . 2010-10-12 21:03 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-23 19:55 . 2010-09-23 22:37 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-09-23 19:48 . 2010-09-23 19:48 -------- d-----w- c:\programdata\EA Core
2010-09-23 19:41 . 2010-09-23 19:41 -------- d-----w- c:\program files\Activision
2010-09-23 19:32 . 2010-09-23 19:32 -------- d-----w- c:\windows\system32\Adobe
2010-09-23 19:16 . 2010-09-23 19:16 -------- d-----w- c:\program files\GameSpy
2010-09-23 19:09 . 2010-09-25 17:06 -------- d-----w- c:\programdata\Electronic Arts
2010-09-23 19:09 . 2010-10-07 03:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-23 19:08 . 2010-10-03 20:41 -------- d-----w- c:\program files\Electronic Arts
2010-09-23 19:04 . 2007-04-04 22:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-09-23 19:01 . 2010-09-27 00:28 -------- d-----w- c:\program files\Common Files\Apple
2010-09-23 19:01 . 2010-09-23 19:01 -------- d-----w- c:\programdata\Apple
2010-09-23 18:54 . 2010-10-06 19:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-23 18:54 . 2010-09-25 21:56 -------- d-----w- c:\program files\Ubisoft
2010-09-23 18:48 . 2010-10-11 20:21 -------- d-----w- c:\programdata\NVIDIA
2010-09-23 18:47 . 2010-09-23 18:47 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-09-23 18:47 . 2010-09-23 18:48 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-23 18:46 . 2010-09-23 18:46 -------- d-----w- c:\program files\Common Files\Java
2010-09-23 18:45 . 2010-09-23 18:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-23 18:45 . 2010-09-23 18:45 -------- d-----w- c:\program files\Java
2010-09-23 18:44 . 2010-09-23 18:44 -------- d-----w- c:\windows\system32\Macromed
2010-09-23 18:43 . 2010-09-23 18:43 -------- d-----w- c:\program files\CCleaner
2010-09-23 18:42 . 2010-09-23 18:42 -------- d-----w- c:\programdata\UAB
2010-09-23 18:41 . 2010-09-23 18:41 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2010-09-23 18:41 . 2010-10-02 12:40 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-09-23 18:41 . 2010-09-23 18:41 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2010-09-23 18:34 . 2010-09-23 18:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-23 18:34 . 2010-09-23 20:18 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-23 18:34 . 2010-04-28 11:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-23 18:33 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-23 18:32 . 2010-09-23 18:32 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-23 18:32 . 2010-09-23 18:32 -------- d-----w- c:\program files\Microsoft
2010-09-23 18:32 . 2010-09-23 18:32 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-09-23 18:31 . 2010-09-23 18:34 -------- d-----w- c:\program files\Windows Live
2010-09-23 18:31 . 2010-09-23 18:31 -------- d-----w- c:\windows\PCHEALTH
2010-09-23 18:31 . 2010-10-12 00:00 -------- d-sh--w- c:\windows\Installer
2010-09-23 18:17 . 2010-09-23 18:17 -------- d-----w- c:\programdata\Malwarebytes
2010-09-23 18:16 . 2010-09-23 18:16 -------- d-----w- c:\program files\Common Files\Windows Live
2010-09-23 18:11 . 2010-10-12 01:52 -------- d-----w- c:\windows\system32\wbem\Performance
2010-09-23 18:09 . 2010-10-02 18:59 -------- d-----w- c:\users\sgimenes
2010-09-23 18:09 . 2010-09-23 18:09 -------- d-----w- C:\Recovery
2010-09-21 23:55 . 2010-09-25 21:46 -------- d-----w- C:\Temp
2010-09-13 14:07 . 2010-09-13 14:16 -------- d-----w- C:\Pictures

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-07-02 357096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R4 mstbsvc;MSN Toolbar Setup;c:\program files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe [2010-04-06 102752]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


--- Other Services/Drivers In Memory ---

*Deregistered* - kwldipow
*Deregistered* - Normandy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\sgimenes\AppData\Roaming\Mozilla\Firefox\Profiles\tka0mtfw.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\GameSpy\Comrade\npcomrade.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3627923990-1771878706-3279147459-1000\Software\SecuROM\License information*]
"datasecu"=hex:07,be,8b,d9,05,96,92,d8,e0,1f,8e,02,b6,2e,ce,03,fb,fb,7f,2f,25,
34,05,9e,e7,ee,cd,9c,d8,19,43,47,c9,8b,2c,c2,4c,0f,e5,8d,d2,ff,55,e1,22,27,\
"rkeysecu"=hex:60,b0,0b,4a,0b,01,60,ae,f7,34,23,93,f8,5c,66,d7

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-12 19:21:00
ComboFix-quarantined-files.txt 2010-10-12 23:21

Pre-Run: 609,867,452,416 bytes free
Post-Run: 611,150,528,512 bytes free

- - End Of File - - B0FAB8A78E183D28795B69AA97FE5C24






Still receiving Windows Update error 80072ee2 when I try to update, and get Server error 404 when I try to do the Genuine Windows download and others. Also still having random re-directs in new windows when I open websites or click on links. Also notice that some of my controls for my games have been changed.

Edited by Madbat68, 12 October 2010 - 09:59 PM.


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 13 October 2010 - 05:07 PM

Hello, Madbat68.

Combofix didn't see it. Let's try TDSS Killer.
  1. Download TDSSKiller.exe and save it to your desktop.
  2. Double-click TDSSKiller.exe to run it.
  3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  4. Click Start scan and allow it to scan for Malicious objects.
  5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  8. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  9. If no reboot is required, click on Report. A log file should appear.
  10. Please post the contents of the logfile in your next reply

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Madbat68

Madbat68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Twin Lake, MI
  • Local time:10:45 PM

Posted 13 October 2010 - 05:49 PM

2010/10/13 18:47:49.0250 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/13 18:47:49.0250 ================================================================================
2010/10/13 18:47:49.0250 SystemInfo:
2010/10/13 18:47:49.0250
2010/10/13 18:47:49.0250 OS Version: 6.1.7600 ServicePack: 0.0
2010/10/13 18:47:49.0250 Product type: Workstation
2010/10/13 18:47:49.0250 ComputerName: HOME-1
2010/10/13 18:47:49.0250 UserName: sgimenes
2010/10/13 18:47:49.0250 Windows directory: C:\Windows
2010/10/13 18:47:49.0250 System windows directory: C:\Windows
2010/10/13 18:47:49.0250 Processor architecture: Intel x86
2010/10/13 18:47:49.0250 Number of processors: 2
2010/10/13 18:47:49.0250 Page size: 0x1000
2010/10/13 18:47:49.0250 Boot type: Normal boot
2010/10/13 18:47:49.0250 ================================================================================
2010/10/13 18:47:51.0668 Initialize success
2010/10/13 18:48:14.0254 ================================================================================
2010/10/13 18:48:14.0254 Scan started
2010/10/13 18:48:14.0254 Mode: Manual;
2010/10/13 18:48:14.0254 ================================================================================
2010/10/13 18:48:20.0369 ================================================================================
2010/10/13 18:48:20.0369 Scan finished
2010/10/13 18:48:20.0369 ================================================================================


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 13 October 2010 - 05:54 PM

Hmmm....that's an odd log. Please delete your copy, download a fresh one and please run it again as before.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 Madbat68

Madbat68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Twin Lake, MI
  • Local time:10:45 PM

Posted 14 October 2010 - 06:55 AM

Removed and downloaded, but the results were the same. Sorry that it's such a hassle, but I appreciate the help. Could my router be infected??? I have heard of a DNS Host infection? and wonder if that could be the cause?

Edited by Madbat68, 14 October 2010 - 02:07 PM.


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 14 October 2010 - 05:46 PM

It can be, but we're getting interesting results when we look at the MBR. Please delete your copy of MBRCheck, redownload it and try MBR Check one more time.

If it is your router, plugging the internet cable directly into your computer is one way to test it. If you plug it from the modem into your computer and skip the router and it works, that narrows it down. Also, are you getting redirects from other computers using that router? If yes, could be the router. If no, it's just this computer that's infected and not the router.

If it's this computer is infected and MBR_Check doesn't complete, we have other ways of getting what we need.

Edited by etavares, 14 October 2010 - 05:46 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 Madbat68

Madbat68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Twin Lake, MI
  • Local time:10:45 PM

Posted 15 October 2010 - 05:35 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Dell DXP061
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 172):
0x82A40000 \SystemRoot\system32\ntkrnlpa.exe
0x82A09000 \SystemRoot\system32\halmacpi.dll
0x80B99000 \SystemRoot\system32\kdcom.dll
0x8B02A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B0A2000 \SystemRoot\system32\PSHED.dll
0x8B0B3000 \SystemRoot\system32\BOOTVID.dll
0x8B0BB000 \SystemRoot\system32\CLFS.SYS
0x8B0FD000 \SystemRoot\system32\CI.dll
0x8B225000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B296000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B2A4000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B2EC000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B2F5000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B2FD000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B327000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B332000 \SystemRoot\System32\drivers\partmgr.sys
0x8B343000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B353000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B39E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B42D000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x8B508000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B511000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B545000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B622000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B751000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B77C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B78F000 \SystemRoot\System32\Drivers\cng.sys
0x8B7EC000 \SystemRoot\System32\drivers\pcw.sys
0x8B600000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B80F000 \SystemRoot\system32\drivers\ndis.sys
0x8B8C6000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B904000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BA07000 \SystemRoot\System32\drivers\tcpip.sys
0x8BB50000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BB81000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8BB8A000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BBC9000 \SystemRoot\System32\Drivers\spldr.sys
0x8BBD1000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B929000 \SystemRoot\System32\Drivers\mup.sys
0x8BC10000 \SystemRoot\system32\DRIVERS\kl1.sys
0x8C132000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C13A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C16C000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C17D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x91728000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91747000 \SystemRoot\system32\DRIVERS\klif.sys
0x917CB000 \SystemRoot\System32\Drivers\Null.SYS
0x917D2000 \SystemRoot\System32\Drivers\Beep.SYS
0x917D9000 \SystemRoot\System32\drivers\vga.sys
0x91600000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91621000 \SystemRoot\System32\drivers\watchdog.sys
0x9162E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x917E5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x917ED000 \SystemRoot\system32\drivers\rdprefmp.sys
0x917F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C1AF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C1BD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C1D4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91636000 \SystemRoot\system32\DRIVERS\kl2.sys
0x8B939000 \SystemRoot\system32\drivers\afd.sys
0x8B993000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C1DF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8B9C5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C1E6000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8C1F7000 \SystemRoot\system32\DRIVERS\klim6.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B9E4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B609000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B556000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B800000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B597000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B5A1000 \SystemRoot\System32\drivers\discache.sys
0x91C09000 \SystemRoot\system32\drivers\csc.sys
0x91C6D000 \SystemRoot\System32\Drivers\dfsc.sys
0x91C85000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x91C93000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91CB4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x92E27000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x938A5000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x938A7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9395E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x93997000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x939CF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91CC6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x939DA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92E00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92431000 \SystemRoot\system32\DRIVERS\athr.sys
0x92541000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9254B000 \SystemRoot\system32\DRIVERS\VSTBS23.SYS
0x92597000 \SystemRoot\system32\DRIVERS\ks.sys
0x92625000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x92727000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x927DC000 \SystemRoot\system32\drivers\modem.sys
0x927E9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x927EF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x92600000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x925CB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92612000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x925E3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x939E9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91D11000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92422000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x91D28000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91D35000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9261D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91D42000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91D50000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91D94000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91DA5000 \SystemRoot\system32\drivers\HdAudio.sys
0x8B5AD000 \SystemRoot\system32\drivers\portcls.sys
0x8B5DC000 \SystemRoot\system32\drivers\drmk.sys
0x9163C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x91652000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9581A000 \SystemRoot\System32\Drivers\dump_iaStorV.sys
0x958F5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x966A0000 \SystemRoot\System32\win32k.sys
0x95906000 \SystemRoot\System32\drivers\Dxapi.sys
0x95910000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95927000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95959000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95964000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9596F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x95982000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x95989000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x95995000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x959A0000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x96900000 \SystemRoot\System32\TSDDD.dll
0x96930000 \SystemRoot\System32\cdd.dll
0x959A9000 \SystemRoot\system32\drivers\luafv.sys
0x959C4000 \SystemRoot\system32\drivers\WudfPf.sys
0x959DE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9165F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x959EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95800000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x91DF5000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x99634000 \SystemRoot\system32\drivers\HTTP.sys
0x996B9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x996D2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x996E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99707000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99742000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9975D000 \SystemRoot\system32\drivers\peauth.sys
0x997F4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x99600000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x99621000 \SystemRoot\System32\drivers\tcpipreg.sys
0x916A5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8B1A8000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD0A9000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAD0B2000 \??\C:\Users\sgimenes\AppData\Local\Temp\kwldipow.sys
0xAD0E9000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAD13C000 \SystemRoot\system32\drivers\mrxdav.sys
0xAD165000 \??\C:\Users\sgimenes\AppData\Local\Temp\catchme.sys
0xAD16D000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xAD16F000 \??\C:\Users\sgimenes\AppData\Local\Temp\mbr.sys
0x96950000 \SystemRoot\System32\ATMFD.DLL
0x777A0000 \Windows\System32\ntdll.dll
0x47F60000 \Windows\System32\smss.exe
0x779E0000 \Windows\System32\apisetschema.dll
0x00290000 \Windows\System32\autochk.exe
0x77940000 \Windows\System32\oleaut32.dll
0x77600000 \Windows\System32\setupapi.dll
0x77920000 \Windows\System32\sechost.dll
0x77530000 \Windows\System32\msctf.dll
0x778F0000 \Windows\System32\imagehlp.dll
0x774D0000 \Windows\System32\shlwapi.dll
0x778E0000 \Windows\System32\nsi.dll
0x76880000 \Windows\System32\shell32.dll
0x76830000 \Windows\System32\Wldap32.dll
0x76760000 \Windows\System32\user32.dll
0x76750000 \Windows\System32\normaliz.dll
0x76730000 \Windows\System32\imm32.dll

Processes (total 61):
0 System Idle Process
4 System
364 C:\Windows\System32\smss.exe
428 csrss.exe
488 csrss.exe
496 C:\Windows\System32\wininit.exe
532 C:\Windows\System32\winlogon.exe
600 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\nvvsvc.exe
832 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\nvvsvc.exe
1384 C:\Windows\System32\svchost.exe
1552 C:\Windows\System32\spoolsv.exe
1600 C:\Windows\System32\svchost.exe
1684 C:\Windows\System32\svchost.exe
1704 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1784 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
1852 C:\Program Files\Bonjour\mDNSResponder.exe
1896 C:\Windows\System32\svchost.exe
1936 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
376 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
424 C:\Windows\System32\svchost.exe
712 C:\Windows\System32\svchost.exe
2944 C:\Windows\System32\taskhost.exe
3024 C:\Windows\System32\dwm.exe
3256 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3568 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
3624 C:\Windows\System32\StikyNot.exe
3664 C:\Program Files\Windows Sidebar\sidebar.exe
4056 C:\Program Files\Windows Media Player\wmpnetwk.exe
3740 C:\Windows\System32\svchost.exe
5032 C:\Windows\System32\svchost.exe
7380 C:\Windows\explorer.exe
4944 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2572 C:\Windows\System32\SearchIndexer.exe
6512 C:\Windows\System32\PnkBstrA.exe
6032 C:\Windows\System32\taskhost.exe
5880 C:\Windows\System32\svchost.exe
2352 C:\Program Files\Internet Explorer\iexplore.exe
2236 C:\Program Files\Internet Explorer\iexplore.exe
2416 C:\Program Files\Internet Explorer\iexplore.exe
5888 C:\Program Files\Internet Explorer\iexplore.exe
5540 C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
796 C:\Program Files\Java\jre6\bin\java.exe
3744 C:\Windows\System32\conhost.exe
4532 C:\Program Files\Internet Explorer\iexplore.exe
2472 C:\Windows\System32\audiodg.exe
7172 C:\Windows\System32\inetsrv\w3wp.exe
6452 C:\Windows\System32\SearchProtocolHost.exe
6248 C:\Windows\System32\SearchFilterHost.exe
6208 C:\Windows\System32\PnkBstrB.exe
5004 C:\Users\sgimenes\Desktop\MBRCheck.exe
6504 C:\Windows\System32\conhost.exe
660 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST31000528AS, Rev: CC3E

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 16 October 2010 - 06:42 AM

OK, one of two things at this point. It could be your router. It could be a specific kind of MBR infection. Let's diagnose the router first as that's usually easier. Do you have a modem AND a router? Or just a modem/router combo? (If only one box between the wall and your computer it's a combo). If two, plug your computer directly into the modem with a LAN cable. Are you redirected then?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 Madbat68

Madbat68
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Twin Lake, MI
  • Local time:10:45 PM

Posted 16 October 2010 - 08:08 AM

As soon as I plugged it into the modem all of my updates started! I haven't seen any re-directs yet and I am laughning so hard at the fact that it is working now I don't know what to say. So the next question is how do I get the router fixed? I have gotten the Kaspersky, Defender to update and after a reboot windows is now updating. I havn't had any re-directs after running to multiple websites.

Edited by Madbat68, 16 October 2010 - 09:07 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users